Uutta: Uudistamme nettisivujamme kevään aikana. Opetuspisteiden omat sivut lisätään pian.

Customer Registry Privacy Policy

Last updated: 26.3.2025

1. Data Controller and Contact Information

Data Controller
Musiikkikoulu Säveltie Oy
Säveltie 5, 00720 Helsinki

Contact Person for Data Registry Matters:
Eetu Hämäläinen
Email: eetu.hamalainen@saveltie.fi

Registry Maintenance:
The customer registry is maintained via Tilitoimisto Lemon Tree Oy's Lemonaid service and Microsoft OneDrive.

2. Legal Basis and Purpose of Personal Data Processing

Legal Basis for Processing:

The legal basis for processing is the legitimate interest of Musiikkikoulu Säveltie Oy, which is based on the freedom to conduct business. Personal data is processed to manage and maintain customer relationships, handle orders, archive and process information, and support our business processes. This processing is not necessarily based on a legal obligation, a contractual requirement, or the consent provided by the individual, but rather on a legitimate interest that is essential for our business operations. We assess that such processing does not cause significant harm to the rights and freedoms of the data subjects.

Purpose of Processing:

The purposes of the customer registry are as follows:

  • Management and maintenance of customer relationships.
  • Handling of orders and processing of invoicing-related data.
  • Archiving customer information and supporting business processes.
  • Continuous improvement of our operations, conducting statistical analyses, and producing more personalized and targeted content, while ensuring the protection of our customers' privacy.

Data is used only to the extent necessary for our business, and processing is conducted in accordance with the Data Protection Regulation.

3. Categories of Personal Data, Data Sources, and Processing Methods

Categories of Personal Data Collected:

The customer registry includes, among other things, the following information:

  • The customer's first and last name.
  • Contact details such as email address, postal address, and phone number.
  • Invoicing details and any online identifiers (e.g., website URL, IP address).
  • Information regarding previous orders and other business-related events.

The registry may also contain other information provided by the data subject that is essential for managing and developing the customer relationship.

Data Sources:

Data is obtained directly from customer registration forms, notifications provided during the course of the customer relationship, and other digital activities (for example, credentials issued to customers and data collected through cookies). Additionally, data may be updated via information from partners or external systems, if necessary for the scope of our business.

Methods of Processing and Services:

Personal data is processed electronically and, in some cases, manually if paper documents have been collected during customer transactions. The electronic data is stored on Tilitoimisto Lemon Tree Oy's Lemonaid service and Microsoft OneDrive, where appropriate security and management procedures are followed.

4. Data Retention and Disclosures

Data Retention:

Personal data is retained only as long as necessary to fulfill the purposes of processing, including compliance with legal requirements, accounting, and reporting obligations. Data collected during the customer relationship is retained for the duration of the contractual or service period. After the customer relationship ends, data is retained only as long as necessary to safeguard our legitimate interests, such as handling potential claims for compensation or legal proceedings. If processing is based on legal obligations, retention is in accordance with applicable legislation.

Regular Disclosures:

The information in the customer registry is primarily the property of Musiikkikoulu Säveltie Oy. However, data may be disclosed to external service providers (e.g., for accounting, IT services, debt collection, or invoicing-related purposes) and to authorities, as required by law. In all cases of data disclosure, we ensure that the contractual arrangements between the parties adhere to good data processing practices.

Data Transfers Outside the EU/EEA:

Transfers of personal data are always carried out in accordance with the requirements of the EU Data Protection Regulation (GDPR). Data is primarily transferred only within the EU/EEA or to countries where the European Commission has determined an adequate level of data protection. If a transfer takes place outside the EU/EEA, we use the EU-approved standard contractual clauses (SCC) and other protective measures as necessary.

5. Security and Processing of the Registry

Electronic Data:

The electronic data in the customer registry is protected by appropriate technical and organizational measures. Access to the data is restricted solely to employees with personal login credentials and passwords who have signed a confidentiality agreement.

Manual Data:

If manual data (e.g., paper forms) is collected during customer transactions, such information is stored in locked and fireproof storage facilities. Only authorized personnel have access to manually processed data.

6. Rights of the Data Subject

Data subjects have the following rights:

  • Right of Access: The right to obtain access to their personal data in the registry.
  • Right to Rectification: The right to have inaccurate, unnecessary, incomplete, or outdated data corrected, deleted, or supplemented.
  • Right to Restrict Processing: The right to request that processing be restricted, for instance, with regard to inaccurate data.
  • Right to Object: The right to object to data processing, for example, for direct marketing purposes.
  • Right to Data Portability: The right to receive their data in a transferable format, provided that processing is based on their consent.
  • Right to Lodge a Complaint: The right to file a complaint with the data protection authority if they believe that data protection legislation has been violated.

Requests for access or correction should be submitted in writing or from an email address that proves your identity.

7. Other Rights Related to Data Processing

Data subjects also have the right:

  • To prohibit the disclosure and processing of their data for direct marketing and other marketing purposes.
  • To request that their data be anonymized where applicable.
  • To request complete deletion of their data, provided that this does not compromise the data controller's legally mandated obligations.

This privacy policy aims to provide a comprehensive overview of how Musiikkikoulu Säveltie Oy processes the data in its customer registry. If you have any questions about the processing of your data or wish to exercise your rights, please contact the data controller using the contact information provided above.

This privacy policy has been prepared in accordance with current data protection requirements and will be updated as necessary to reflect changes in legislation and practices.

en_USEnglish
fiSuomi en_USEnglish