Name: elfGROUP Cyber Security Services Ltd, Business ID FI31094425
Address: Hiltusentie 23 A 1, 90620 OULU, Finland
Phone: +358 29 0020 130
Contact person on issues regarding the register
Name: Tuomas Tonteri
Address: elfGROUP Cyber Security Services Ltd, Hiltusentie 23 A 1, 90620 OULU, Finland
Phone: +358 29 0020 133
- Customer, contract and assignment registers
- B2B marketing register
- elfCLOUD virtual server service's user register
- elfGROUP website's usage data register
Purpose of the processing of personal data
elfGROUP collects and processes personal data contained in the mentioned registers for the provision and production of services related to its business and for the management of customer relationships.
Customer, contract and assignment registers as well as user registers of the relevant service are necessary for the conclusion of contracts and the provision of services. If the entry of personal data in these registers is prohibited, the provision of services may become impossible. The provision of personal and contact information is not statutory requirement, but is a prerequisite for elfGROUP to enter into a contractual relationship and provide services.
Data from personal registers are not used for automatic decision-making or personal profiling.
Information content of the register
Personal data entered in customer, contract, assignment and user registers are basic contact information (name, company, address, phone number, e-mail address, website address).
Cookies and data collected by the website
In the implementation of elfGROUP's website we use so-called HTTP Cookies to help with the usability and user statistics of the website. The website is connected to Google Analytics, where the websites browsing statistics are collected and analyzed. Users' public IP address is saved to elfGROUP's web servers and also passed on to Google Analytics while browsing the website. Users' name or other identification data is not collected or passed on in this context. Google Analytics is further connected to Leadfeeder for marketing purposes. Learn more about Google's privacy practicies here.
Regular sources of information
Personal data to be recorded in the customer, contract, assignment and user registers are personal data provided by persons themself or, in the case of B2B customer relationship, by an organization's representative on the basis of one's professional status. elfGROUP retains the data for the necessary period of time for the professional execution of clientele and assignments and for the fulfillment of its legal obligations. The personal data entered in the B2B marketing register has been collected from public information sources, requests for additional information and contacts submitted on the elfGROUP's website or other feedback channels, and contact lists obtained as target group searches based on professional status.
Information in the registers is in principle not disclosed to third parties. The reference right obtained with the customer's written permission makes an exception regarding the customer register to publish the customer's name information or the case presentation for marketing purposes. Information in the registers can be disclosed to elfGROUP's partners for the implementation of customer satisfaction surveys or case interviews (with the permission of the customer in question). Regarding the B2B marketing register, the data can be disclosed to advertising or promotion agency for marketing campaing purposes.
Data transfer to outside of EU or EEA
Website's usage data register is connected to Google Analytics and Leadfeeder. It is possible that by using these external services the IP address information of users visiting the website will also be transmitted outside the EU/EEA.
Information related to elfGROUP's customer assignments or customer's IT environment or information security is never transmitted outside the EU/EEA. However, from time to time, elfGROUP uses Internet services located outside the EU/EEA (the service provider or the server infrastructures used by its subcontractors) to process the contact details (name, e-mail) contained in the personal data register. In these cases, elfGROUP is responsible for ensuring that the service provider is adequately committed to protecting the transmitted data.
If elfCLOUD servers located in the EU/EEA are used from non-EU/EEA countries, the customer account information of the authenticated user will be displayed under one's secure connection in the Internet browser. Any non-EU/EEA elfCLOUD service instances will use their separate local registers.
Register security principles
Information saved in the customer, contract and assignment registers is also stored in the archives of the original contract documents. The original signed paper versions are stored in locked premises and locked filing systems, which can only be accessed by the necessary elfGROUP personnel representatives based on the job description. The paper copies are disposed of when the need to store data or the grounds for processing have expired.
Information processed by computer
Physical entry to elfGROUP's server environments has been restricted from outsiders. Administrative and technical information security is actively taken care of. The security of information systems is regularly tested by security experts.
Information stored by users on elfCLOUD virtual servers is not passed on to third parties, and public browsing of the data is not possible. Only the service provider's personnel and subcontractors who have signed a non-disclosure agreement and need the information for performing their work duties can be granted the access to the data.
Right of inspection
The registered has the right to check the data related to them stored in the register. Use of the right of inspection requires reliable identification of the requestor. Inspection requests must be addressed written by mail to elfGROUP Cyber Security Services Ltd's postal address. Sufficient amount of identification data must be attached to the inspection request, so the requestor, context and the registers to be inspected can be identified from the request. Incomplete requests cannot be processed.
Right to demand correction of information
The registered has the right to request their incorrect data in the register to be corrected. The request for rectification must be addressed written with the sufficient amount of identification data by mail to elfGROUP Cyber Security Services Ltd's postal address. Incomplete requests cannot be processed.
Other rights related to the processing of personal data
The registered has the right to prohibit the registrar from processing their data for direct mail advertising, telemarketing and other direct marketing, as well as market and opinion research. The registered also has the right to request the deletion of their data, i.e. to withdraw their consent of processing of personal data if the registered has entered their data and consent to the register and the registrar has no statutory or contractual obligation to retain the data. For example, a contact person change request to the customer register should be made when the workplace or job duties change. Requests related to these data subjects' rights can be notified to elfGROUP Cyber Security Services Ltd in writing or directly to one's own responsible contact person.
Customer data stored on elfCLOUD virtual servers
The data stored by customers on elfGROUP's elfCLOUD virtual servers is for that customer's own use only. elfGROUP will not process this data in any other way than to make backups under the service agreement. Backups are taken at the agreed frequency and stored according to the agreed backup cycle. Upon termination of the service agreement, elfCLOUD virtual server set for the customer in question will be permanently deleted with all its backups.
- Contact person on issues regarding the register
- Registry name
- Purpose of the processing of personal data
- Information content of the register
- Cookies and data collected by the website
- Regular sources of information
- Regular disclosures
- Data transfer to outside of EU or EEA
- Register security principles
- Right of inspection
- Right to demand correction of information
- Other rights related to the processing of personal data
- Customer data stored on elfCLOUD virtual servers