Customer Register Privacy Statement

Updated May 16, 2018

Section 10, Personal Data Act (523/99)

General Data Protection Regulation (GDPR) (EU) 2016/679

Controller
Vertex Systems Oy
Business ID 0289214-5
Vaajakatu 9, FI-33720 Tampere, Finland
Telephone: +358 3 313411

Contact person in matters concerning the register
Name: Kai Ojalammi
Address: Vaajakatu 9, FI-33720 Tampere, Finland
Telephone: +3583313411
Email: kai.ojalammi@vertex.fi

1. Name of the register
Vertex Systems Oy customer register.

2. The purpose of the processing of personal data
The purposes of the customer register are to perform customer communications, maintain customer relationships, general communications and marketing.

3. Data content of the register
The data content of the register includes the following information retrieved directly from the customer:

  • Company name
  • Contact information
  • Business ID
  • Contact persons (commercial, technical and invoicing)
  • The name, email address, telephone number (work), title/area of responsibility, language of the contact persons
  • Invoicing information
  • Participation in trainings


The Vertex software suite may send user data to Vertex Systems Oy during the use of the software. The purpose of this data is to verify the credentials to access the software and to improve the quality of the software and user experience. These data include, but are not limited to, IP addresses and other unique system data.

The customer is responsible for the accuracy of the data and updating them whenever necessary.The continuously and automatically accumulated data content includes a history of created proposals, purchases, projects and the related communications. Data retrieved from third parties may include credit details and other corresponding data that third parties provide as publicly available business information services. Details can also be checked using public administration sources.

4. Regular sources of data
The customer register data content are retrieved via a customer relationship.

5. Regular disclosure of data
We shall not disclose personal data concerning our customers to third parties, except in cases described below.

Service providers: We are assigning certain reliable third parties to conduct certain functions and services on behalf of Vertex Systems Oy. We shall disclose your personal data to these third parties, but only to the extent necessary for the purposes of performing these operations and service provision and according to such binding contractual obligations that require these third parties to maintain privacy and data security.

Public authorities such as law enforcement agencies: Vertex Systems Oy is co-operating with the Government and law enforcement agencies or private operators in order to comply with the law. We reserve the right to disclose data concerning you to the Government, law enforcement agencies or private operators to the extent we deem to be necessary or appropriate for the purposes of defending against claims or in judicial proceedings (including summons), protecting the property and rights of Vertex Systems Oy or a third party, ensuring the safety of the public or an individual, preventing or stopping unlawful, unethical or actionable activities or complying with the law.

6. Transfer of data outside the EU or EEA
Designated Vertex Group employees have limited access to the data content defined in section 3 (first name, last name, title, telephone number (work), user ID, department).

7. Rights of requesting the inspection, rectification and erasure of data.
According to the applicable data protection legislation, persons have the right to be informed about the processing of their personal data and the right to request an inspection of their personal data in our registers. Persons have the right to request the rectification or erasure of inaccurate personal data in our registers. In addition, persons have the right to object and withdraw their consent regarding the processing of their personal data, insofar as the processing is based on consent, and to request a restriction of processing of their personal data.
Operational model:

  1. Regarding requests concerning the inspection, rectification and/or erasure of personal data, please contact the Vertex Systems Register Oy contact person personally.
  2. You will be provided with a personal data inspection request form by mail.
  3. Submit the form by delivering it personally to Vertex Systems Oy and be prepared to provide a proof of your identity.
  4. Arrange a meeting for the processing of the request.
  5. Matters related to the inspection request are discussed in the meeting.
  6. If necessary, we will provide you with a reply to the matters concerning the inspection request within a month, unless there are specific reasons to prolong the processing period.
  7. We reserve the right to decline to fulfill your request on applicable statutory grounds.
     

8. Principles of register protection and data retention
Vertex Systems Oy takes the matter of protecting your personal data very seriously. We use administrative, physical and electronic measures to secure your data from unauthorized access. We collect the data in databases that are protected by firewalls, passwords and other technical measures. The databases and their back-up copies are located in locked premises and they can only be accessed by certain designated people. Although we are trying to ensure the security and integrity of the personal data, we cannot guarantee that the implemented safeguards will prevent third parties and so-called hackers from accessing the personal data by means of unlawful processes. We will inform you of all violations related to the protection, confidentiality and integrity of unencrypted and electronically stored personal data in accordance with the law, in an appropriate time period and without undue delay in a manner that corresponds (i) to the principles of complying with the law or (ii) defining the extent of the violation and restoring the reasonable integrity of the data system.

Obsolete and unnecessary data are erased in an appropriate manner. We shall retain the personal data only as long as is necessary for the purposes of performing the processing of personal data described in this privacy statement. Based on obligations described in the Accounting Act or other applicable legislation, the data may have to be retained for a longer period of time.