Register and Privacy Policy
This is SS-Y Group Oy’s register and privacy policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Prepared on 04.05.2023. Last modified on 04.09.2025. Revised on 27.10.2025.
1. Controller
SS-Y Group Oy
Huruntie 157 90910 Kontio
2. Contact person responsible for the register
Sami Suo-Yrjö
sami@rese.fi
+358 400388200
3. Name of the register
Company’s stakeholder register, application user register.
4. Legal basis and purpose of processing personal data
The legal basis for processing personal data under the EU General Data Protection Regulation is
- The person’s consent (documented, voluntary, specific, informed and unambiguous)
- A contract to which the data subject is a party
- The legitimate interest of the controller: customer relationship
The purpose of processing personal data is to communicate with customers and store billing information.
The data is not used for automated decision-making or profiling.
5. Data content of the register
The register may contain the following personal data:
- Person’s name
- Company/organization
- Contact information (telephone number, email address)
- User ID
- IP address of the network connection
- Information on ordered services and their changes
- Billing information
- Other information related to the customer relationship and ordered services
6. Regular data sources
The data stored in the register is obtained from customers, for example:
- Messages sent via online forms
- By email
- By phone
- Through social media services
- From agreements
- From customer meetings
- From other situations in which the customer discloses their data.
7. Regular disclosure of data and transfer of data outside the EU or EEA
Data is not routinely disclosed to other parties. Data may be used to the extent agreed with the customer.
Data is not transferred outside the EU or EEA.
8. Principles of register protection
The register is handled with care and the data processed by information systems is protected appropriately. When register data is stored on Internet servers, the physical and digital security of their equipment is taken care of appropriately. The registrar ensures that the stored data, as well as the access rights to the servers and other information critical to the security of personal data, are handled confidentially and only by employees whose job description requires it.
9. Right of inspection and right to demand correction of data
Every person in the register has the right to check their data stored in the register and to demand correction of any incorrect data or completion of incomplete data. If a person wishes to check the data stored about them or demand correction of them, the request must be sent in writing to the registrar. If necessary, the registrar may ask the requester to prove their identity. The data controller will respond to the customer within the time period stipulated in the EU Data Protection Regulation (generally within one month).
10. Other rights related to the processing of personal data
A person in the register has the right to request that personal data concerning him or her be deleted from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove his or her identity. The controller will respond to the customer within the time period specified in the EU Data Protection Regulation (generally within one month).