Drafted 21.2.2023, last update 28.6.2023
Privacy Policy
This Privacy Policy of JamJarSoft Ltd. is drafted in accordance with the General Data Protecion Regulation (GDPR) of the EU and describes the principles of processing of personal data and rights of the data subjects.
- Controller
JamJarSoft Oy, Y-tunnus 3281278-3
Kasarmikatu 4
13100 Hämeenlinna
- Controller’s representative
Miikka Hätälä
- Name of the Register
Yrityksen asiakasrekisteri
- Legal Basis for and the Purpose of the Processing of Personal Data
According to the GDPR processing of personal data is allowed only under certain criteria. JamJarSoft Ltd. processes personal data according to this Privacy Policy is based on a contract (Service Agreement) to which this Privacy Policy is attached.
Purpose of the processing of personal data is upholding customer relations and enabling the use of the Service the Customer has subscribed to.
Personal data shall not be subject to automated decision-making or profiling.
- Data Content
Following data or data categories are processed:
- Name of the private person
- Social security number
- Salary information
- Account number
- Information on the obligation to get pension insurance for the self-employed
- Name of the company
- Contact information, e.g. phone, email
- Information of the subscribed Service and use of the Service
IP-addresses of website visitors and necessary cookies shall be processed as a legal right of the Controller in order to for example maintain data security and collect visitor data for statistical purposes when this data is personal data. If necessary, consent for third party cookies shall be requested separately.
- Storage Period
Personal data in the register shall be stored during the customer relationship and afterwards if storing the data is a legal right of the Controller or it is necessary in order for the Controller to fulfill its legal obligations (such as preventing money laundering and terrorist financing). This does not constitute a restriction for the data subjects to exercise their legal rights set out in the GDPR and described below.
- Regular Sources of Data
All data stored in the register is given by the Customer. The data is given when entering to the Service and the Customer shall update or supplement the data in the Service later on if needed.
- Regular Disclosure of Data and Transfer of Data Outside the EU or EEA
Personal data shall not be disclosed to third parties regularly. Personal data shall not be transferred outside the EU or EEA by the Controller.
- Principles According to which the Data has Been Secured
Information security of personal data stored in the register is ensured with appropriate technical and physical measures. The Controller is responsible for appropriate use and processing of personal data. The Controller ensures that access to personal data and processing of personal data is conducted only by persons whose work and tasks require it.
- Rights of the Data Subject
A data subject has the right of access to data on themselves. A data subject may at any time request rectification of erroneous or incomplete data.
A data subject has the right to request their data to be erased from the register (“right to be forgotten”).
In addition, a data subject has all other rights set out in the GDPR such as the right to restrict processing of personal data under certain circumstances.
A data subject may rectify or delete their own information in the Service. However, a data subject may also submit a written request to the Controller in order to exercise their rights. The Controller shall respond to the request within a time limit set out in the GDPR (one month in most cases).
Processing of personal data is necessary for enabling the use of the Service. Thus exercising the rights described above might prevent the Customer from using the Service.