If you notice any deficiencies or illegalities in the processing, you are entitled to file a complaint with the Data Protection Ombudsman.
Privacy statement
Prepared on: 24 May 2018 - Updated on 13 October 2021
Privacy statement
1. Controller
Name:
Uuva Oy (0859384–0)
Address:
PL 164, FI-00701 HELSINKI
Contact details:
tietosuoja@uuva.fi
2. Data protection officer
Name:
Herkko Havumäki
Address:
PL 164, FI-00701 HELSINKI
Contact details:
tietosuoja@uuva.fi
3. Name of the register
Customer register
4. Purpose of personal data processing
The customer register is used in invoice financing, in the processing of debt collection assignments, and when other invoice lifecycle services are being provided. Data saved in the customer register is needed in invoice financing, voluntary and legal debt collection, and other measures that support financing and debt collection activities. The customer register also contains data on court proceedings related to writs of summons and disputes, on various insolvency procedures, and other court and official matters.
Where required, the register is also used to fulfil obligations under the law or official regulations.
5. Data content of the register
Depending on the purpose of personal data processing, the following data will be registered with the customer register: names of the parties of the legal relationship, identification data (date of birth, contact details, address, and possible personal identity code and/or business or community ID), bank details, and any other information provided by the client/data subject that is necessary for managing the assignments.
The customer register also contains the grounds for the receivable with related specifications, information of any measures taken in the matter, and information received/acquired from the authorities.
Calls made to the customer service can be recorded in order to develop customer service activities.
6. Regular data sources
The Client will provide data on the assignment and the data subject. A credit reference company provides the public payment default information concerning the data subject. The Posti’s address service provides the latest address of the data subject.
The Population Register Centre provides the domicile and contact details of the data subject. Companies that specialise in contact details provide telephone numbers where needed.
The Digital and Population Data Services Agency provides guardianship data and any other data concerning the data subject as a person. Legal Register Centre provides information on bankruptcy, corporate restructuring, and personal adjustment of debts concerning the data subject. Traficom provides information on the ownership/possession of vehicles. Registers maintained by the Finnish Patent and Registration Offices provide information on companies, associations, and foundations. The Finnish Tax Administration provides public data on income taxation. Information is also acquired for the implementation of debt collection assignments from courts, enforcement authorities, and tax and employment authorities.
7. Regular conveyance of data
Data contained in the customer register is conveyed to the Client/data subject and to various authorities as required by valid legislation. Data can also be conveyed in other contexts where permitted by law. The vehicle ownership and possession data acquired from Traficom will not be conveyed to the Client. Data can also be disclosed to the person responsible for the IT support services.
8. Transfer of data outside the EU and the EEA
No personal data is conveyed outside the EU or the EEA, unless required by valid legislation.
9. Protection principles of the register
There is a surveillance and alarm system in the company’s premises. Written material is stored in separately locked premises. The said material is always stored for the period of time required by valid legislation. Only the staff involved in complaint processing have access to personal data.
Data contained in the register is confidential. The staff has committed to keeping confidential any data they receive in connection to their work tasks. Using the register requires a personal username and password. Access to the register ends when the employment relationship ends.
10. Inspection right
Each data subject has the right to inspect their personal data contained in the register. A request to view data contained in the register must be submitted through Uuva Oy’s website. The request must be sent to our data protection officer. In connection to the reply, the data subject will be informed of the source of the data, their purpose, and to whom the data may be conveyed. The Client must specify in the inspection request the identification data required to inspect the data.
Uuva Oy, PL 164, FI-00701 Helsinki
Requests that are submitted by post must include a copy of your valid ID and a filled in copy of our data protection form.
11. The right to request that incorrect data be corrected
Each data subject has the right to request that incorrect data concerning themselves that is contained in the customer register be corrected. The request to correct data contained in the register must be submitted through Uuva Oy’s website. The request must be sent to our data protection officer. The client must specify in the request concerning the correction the required identification data and the changes they request to be made.
If the erroneous, unnecessary, defective, or otherwise outdated information is observed by the staff or in the automated inspection of the register, the said information is corrected or deleted immediately.
12. Other rights related to the processing of personal data
Each data subject has the right to request, by all legal means, that personal data concerning him- or herself be removed from the customer register. The request to remove data contained in the register must be submitted through Uuva Oy’s website. Each data subject also has the right to receive information on the processing of their personal data (this information is provided in this privacy notice and on Uuva Oy’s data protection site), to restrict the processing of their personal data where required, to require that their personal data be transferred from one system to another (if alternative systems exist), to oppose the processing of their personal data, and to not be subjected to automated data processing. Claims and requests must be submitted to our data protection officer.
13. Cookie Policy
1. How do you ask users for cookie consent? How can I refuse the storage and use of cookies?
Our Cookiebot prompts anyone visiting our website to consent to cookies. Strictly necessary cookies are always active, but the user may accept or refuse the rest of the cookies.
The user may refuse the storage and use of cookies by selecting “Use necessary cookies only” or “Allow selection”.
2. How do you verify that the website users have consented to the use of cookies?
After a user has accepted/refused cookies, a unique, random, anonymous and encrypted identification mark is created for them, e.g. xyPi/aC3jWy9MmswGGZ7smddKKuODVk4t/qdKHL4kcP2Y+/iKAfCjw==. The date and time of approval is shown below the identification mark. The user may change their cookie preferences or revoke the approval of non-essential cookies at any point at uuva.fi/evasteet. After this, a new unique, random, anonymous and encrypted identification mark is created for them.
We can verify a user’s cookie consent via the Cookiebot admin panel against the identification mark and approval date.
We can generate a daily consent log and filter a specific user’s activity from the list using their identification mark and approval date. This allows us to verify that the identification mark we have created, e.g. xyPi/aC3jWy9MmswGGZ7smddKKuODVk4t/qdKHL4kcP2Y+/iKAfCjw==, has consented to the use of cookies.
This approach ensures that the data of our website users remains completely anonymous until a user or a competent authority compels the disclosure of the user’s identity. A unique, random, anonymous and encrypted identification mark also guarantees that a user’s existing consent state cannot be changed by the user themselves or a malicious third party without a trace. Cookiebot generates a new identification mark whenever a user changes their consent state and the previous consent state remains in the log.
3. How can I use the website if I do not accept cookies?
This does not concern our uuva.fi website, because strictly necessary cookies must always be accepted.
4. How can I use the website if I have blocked all cookies?
Even if a user has technically blocked all cookies, strictly necessary cookies will still remain active.
If a user tries to change their consent state by selecting “Manage consent preferences”, their browser will prompt them to unblock cookies.
5. How do you manage a user’s cookie consent? How and for how long is a user’s cookie consent stored?
How do you manage and store a user’s cookie consent? Cookiebot stores a user’s cookie consent in the consent log automatically. Only one person in our company has access to this log.
Cookiebot stores the following data:
- a user’s anonymised IP address (three final numbers are replaced with zeros), e.g. 199.238.0.0
- date and time of consent
- browser data, e.g. Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36
- the URL where the user gave their consent, e.g. https://uuva.fi
- the user’s unique, random, anonymous and encrypted identification mark
- the user’s consent state which confirms that the user has given their consent.
If necessary, we can demonstrate our users’ cookie consent to the authorities. Our Cookiebot server is located in Ireland and it is subject to EU legislation.
Cookiebot saves a “CookieConsent” cookie to the website user’s browser. This cookie contains the user’s unique, random, anonymous and encrypted identification mark and consent state. This way our website respects the existing consent state of all our users automatically. The same information is transferred to the consent log on our Cookiebot server through an encrypted connection.
How long is a user’s cookie consent stored for? The “CookieConsent” cookie will remain in the browser automatically for 12 months, after which the user will be requested to accept cookies again, unless:
- the user erases/removes cookies from their browser
- we change our cookie policy or add/remove cookies. In such cases, we will force the user to update their consent state to make it comply with the new cookie policy. Only strictly necessary cookies remain active until the user has accepted/refused our cookies.