1. Data Controller

Kassavirtanen Finland Oy

Business-ID: 2803711-2

Salomonkatu 17 B,
00100 Helsinki

asiakaspalvelu@kassavirtanen.fi

2. Person responsible for register matters

Weckström Jörgen Nils-Erik

asiakaspalvelu@kassavirtanen.fi

3. Name of the register

Kassavirtanen Customer and User Register

4. Registered persons

– Owners and employees of companies using the Kassavirtanen software
– Visitors of the website
– Recipients of newsletters and marketing messages
– Partners and service providers

5. Purpose of processing personal data

Personal data is used for:

– Providing software services and managing customer accounts
– Customer service and communication
– Invoicing and contract management
– Marketing communications and newsletters (with consent)
– Website analytics and service development

Processing is based on:

– Contracts and customer relationships
– Statutory obligations (e.g., Accounting Act)
– Consent of the data subject (e.g., marketing)

6. Content of the register

Information that may be stored in the register includes:

– Contact information: name, email, phone number, company, title
– Login information (email, password hash)
– Billing information: invoices, payments, and contracts
– Interaction data: support requests, customer communications, and usage logs
– Analytics data: IP address, browser, device, and website behavior

Information can be requested to be corrected or deleted, unless otherwise required by law.

7. Regular disclosures of information

Information may be disclosed to:

– Authorities (e.g., Tax Administration)
– IT and hosting service providers
– Payment and accounting service providers
– Email and analytics platforms (e.g., newsletter and analytics tools)

Information is not sold or disclosed to third parties for marketing purposes without the consent of the data subject.

8. Transfer of information outside the EU

Information is primarily stored within the EU/EEA area.

If information is transferred outside the EU/EEA, EU-approved safeguards, such as standard contractual clauses, are used.

9. Principles of register protection

Data security is ensured by:

– Firewalls and encryption
– Secure authentication
– Access rights management (only authorized employees can access the information)
– Regular system updates and security audits

10. Data retention and deletion

– Accounting records: 6 years (Accounting Act)
– Customer data: 2 years after the end of the customer relationship
– Analytics data: according to cookie and tool-specific retention periods

Information is deleted or anonymized when it is no longer needed for the purpose of processing.

11. Rights of the data subject

The data subject has the right to:

– Receive information about the processing of their personal data
– Review and correct their own information
– Request deletion of information if there is no legal basis for processing
– Object to or restrict the processing of information
– Withdraw consent (e.g., marketing messages)
– File a complaint with the data protection authority

Data requests are processed within 30 days.