Qreform Customer and Marketing Register
Business ID: 1955017-6
Linnoitustie 4 A, 02600 Espoo
+358 10 324 5390
Name of the register
Customer and Marketing Register of Qreform Ltd and its subsidiary Gravasoft Oy.
Purpose of the file and processing of personal data
The bases for processing personal data are our legitimate interests (e.g. customer relationship management, invoicing), consent of a customer, performance of a contract and/or a legal obligation.
We process personal data to:
- deliver and develop our products and services to meet our customers’ needs,
- fulfill our contractual and other promises and obligations,
- take care of the customer relationship,
- analyze and profile behaviour
- enable electronic and direct marketing, and
- target advertising in our online services.
Content of the register
The register may contain the following data related to a company, persons in charge of companies and entities and other stakeholders:
- Name, title (incl. job description), company, phone number, e-mail address, postal address
- Interests and profiling information
- Customer feedback and contacts
- Information provided by the data subject (e.g. professional interests of the data subject)
- Direct marketing restrictions
- Other information that is necessary for the intended use of the register
Regular sources of information
Our primary sources of information to be included in the register are the data subjects themselves, who may provide information by phone, online, during meetings or similar ways.
Personal data may be collected and updated from generally available sources, such as websites of companies and other service providers, and private and public registers.
Regular disclosure of data
QREFORM does not regularly disclose data to third parties, unless disclosure is required by the law or on the orders of public authorities.
As a rule, we will not transfer your data outside the EU/EEA. However, the collected data may be partially stored outside the European Economic Area if a service or software provider we use is located or stores the data outside the European Economic Area, for example. In such cases, we will make sure that the personal data in question is protected according to the privacy legislation in force from time to time.
Register protection principles
Personal data is kept confidential. Only specified employees of the controller or other companies working on behalf of the controller have access to and the right to process the data in the system. Access to the system requires the use of a username and password for each user.
The data is collected in databases that are protected with firewalls, passwords and other technical measures. The databases and their back-ups are located in locked and guarded premises to which only certain designated persons have access to. Personal data is stored for as long as is necessary for their intended use.
Right of inspection and deletion of data
The data subject has the right, pursuant to the law, to inspect the data concerning himself/herself that is stored in the register. The request for an inspection (incl. a request for erasure) has to be done in writing and sent signed to the controller at the address indicated above. The data subject may exercise the inspection right once a year free of charge.
Right of rectification of incorrect data
The data subject also has the right to demand corrections to incorrect data. A request for rectification shall specify the incorrect data and provide the corrected data. A request for rectification must be made in writing and be sent signed to the controller at the address indicated above.
Other rights of the data subject
The data subject has the right to refuse the processing of data concerning himself/herself for use in direct marketing and opinion surveys. The refusal can be made at any time to the controller at the address above or by unsubscribing from a mailing list by following the instructions in marketing messages.