1. Data Controller

Kassavirtanen Finland Ltd

Business ID: 2803711-2

Salomonkatu 17 B
00100 Helsinki

asiakaspalvelu@kassavirtanen.fi

2. Person Responsible for Data Management

Weckström Jörgen Nils-Erik

asiakaspalvelu@kassavirtanen.fi

3. Name of the Register

Kassavirtanen Customer and User Register

4. Registered Individuals

– Owners and employees of companies using the Kassavirtanen software
– Website Visitors
– Recipients of Newsletters and Marketing Messages
– Partners and Service Providers

5. Purpose of Personal Data Processing

Personal data is used for:

– Providing software services and managing customer accounts
– Customer service and communication
– Invoicing and contract management
– Marketing communications and newsletters (with consent)
– Website analytics and service development

The processing is based on:

– Contracts and customer relationships
– Statutory obligations (e.g., Accounting Act)
– Consent of the data subject (e.g., marketing)

6. Contents of the Register

The information that may be stored in the register includes:

– Contact information: name, email, phone number, company, title
– Login information (email, password hash)
– Billing information: invoices, payments, and contracts
– Interaction data: support requests, customer communications, and usage logs
– Analytics data: IP address, browser, device, and site behaviour

You can request that the information be corrected or deleted, unless otherwise required by law.

7. Regular Disclosures of Data

Data may be disclosed to:

– Authorities (e.g., Tax Administration)
– IT and hosting service providers
– Payment and accounting services
– Email and analytics platforms (e.g., newsletter and analytics tools)

Data is not sold or disclosed to third parties for marketing purposes without the consent of the data subject.

8. Transfer of Data Outside the EU

Data is primarily stored within the EU/EEA area

If data is transferred outside the EU/EEA, EU-approved safeguards are used, such as standard contractual clauses.

9. Principles of Register Protection

Data security is ensured by:

– Firewalls and encryption
– Secure authentication
– Access rights management (only authorised employees can access the data)
– Regular system updates and security audits

10. Data Retention and Deletion

– Accounting records: 6 years (Accounting Act)
– Customer data: 2 years from the end of the customer relationship
– Analytics data: according to cookie- and tool-specific retention periods

Data is deleted or anonymised when it is no longer needed for the purpose of processing.

11. Rights of the Data Subject

The data subject has the right to:

– Obtain information about the processing of their personal data
– Review and correct their own data
– Request deletion of data if there is no legal basis for processing
– Object to or restrict the processing of data
– Withdraw consent (e.g., marketing messages)
– File a complaint with the data protection authority

Data requests are processed within 30 days.