Edico privacy statement

According to the General Data Protection Regulation, the personal data controller of a register is obligated to inform the register’s data subjects in a clear manner. This statement fulfils this informing obligation.

1. Personal data controller

Edicto Oy

Contact information:
Patamäenkatu 7
FI-33900 Tampere

Contact information in matters related to personal data files:

Antero Hälikkä
antero.halikka@edicto.fi

If necessary, contact information of the data protection officer:

Data protection officer

NPE Kulconsult Oy/Jari Welling
jari.welling@npe.fi

2. Data subjects

Persons included in the register customers.

3. Purpose of use of personal data

Grounds for keeping the register:

  • personal data is being processed based on an existing customer

Purpose for the register and the processing of personal data

Personal data is only being processed for predetermined purposes, which are:

  • customer relationship management
  • informing about services

4. Personal data recorded in the register

The customer register contains the following information:

Contact information

  • Phone number

Customer information

  • Information on services bought
5. The data subject’s rights

The data subject has the following rights, and requests for their use should be sent to antero.halikka@edicto.fi.

Right to access data

The data subject may check the data we have recorded.

Right to rectification

The data subject may request the rectification of inaccurate or incomplete personal data.

Right to object

The data subject may object to the processing of personal data if the data subject feels that personal data has been processed unlawfully.

Right to forbid direct marketing

The data subject has the right to forbid the use of personal data for direct marketing.

Right to deletion

The data subject has the right to request the deletion of data if personal data processing is not necessary. We will handle the request for deletion and proceed to either delete the data or state a justified reason for not being able to delete the data.

It should be noted that the controller may have legal or other rights to not delete the requested data. The controller is obligated to preserve accounting materials for the duration (10 years) set out in the Accounting Act (Chapter 2, Section 10). For this reason, materials related to accounting cannot be deleted before that term has expired.

Withdrawing consent

If the processing of personal data is only based on the data subject’s consent and not for instance on a customer relationship or membership, the data subject may withdraw consent.

The data subject may complain of the decision to the Data Protection Supervisor

The data subject has the right to demand us to restrict the processing of controversial data until the matter is solved.

Right to complain

The data subject has the right to complain to the Data Protection Supervisor if the data subject feels that we are violating the effective data protection regulation when processing personal data.

Contact information of the data protection supervisor: www.tietosuoja.fi/en/index/yhteystiedot.html

6. Regular information sources

Customer information is regularly obtained from:

  • from the customer as the customer relationship is born
  • from the customer through an online form
7. Regular disclosure of data

The data is not generally disclosed for marketing purposes outside Edicto Oy.

8. Duration of processing
  • Personal data is usually processed for as long as the customer relationship exists.
9. Personal data processors

The controller and its employees process personal data. We may also outsource the processing of personal data partly to a third party, in which case we will guarantee with contractual arrangements that personal data is processed in compliance with valid data protection legislation and also otherwise appropriately.

10. Transferring data outside the EU

Personal data is not transferred outside the EU or the EEA.

11. Automatic decision-making and profiling

We are not using the data for automatic decision-making or profiling.

12. Log Data

When you use our service, we store the information your browser sends. This data includes information such as the sent request, the sender’s IP address, and the type of browser used. We use log information to monitor usage and technical administration of the service.

13. Cookies

Edico uses cookies and other similar technologies like sessionStorage of web browser. Cookies are small files that are stored to memory of users web browser. Cookies do have life time and web browser will automatically remove those after expiration of cookie. Edico uses own and 3rd party cookies to implement provided functionality, features that protect site from spamming and provide payment feature. Cookies are activated automatically because the network service needs them to work properly. User may remove stored cookies with functionality of web browser. ’Ctrl+Shift+Del’ keyboard shortcut opens dialog to remove cookies at least in Chrome, Edge, IE, Firefox and Opera browsers. The user can prevent cookies from being used in browser settings, but in this case the service will not work to the extent that cookies are needed.

– A cookie connect.sid is used and set for Edico service. It is used for user authentication and session management.

– A cookie used and set for the Stripe checkout payment. For more see https://stripe.com/gb/privacy

– A cookie used and set for google’s reCHAPTA, I’m not robot feature. Usage information may or may not been combined with identified person by Google. For more see https://policies.google.com/privacy?hl=en

– A cookie used and set for google’s reCHAPTA, I’m not robot feature. Usage information may or may not been combined with identified person by Google. For more see https://policies.google.com/privacy?hl=en.

– The ‘Log In with Facebook’ feature been used in Edico Lite uses Facebook’s own cookies to sign in to Edico Lite. Cookies expiry time is from 16 hours to 1.5 years. More information can be found at https://www.facebook.com/policies/cookies/