Privacy Policy

Register and privacy policy statement

This is Lifa Air Plc Register and Privacy policy statement in accordance with the EU's General Data Protection Regulation (GDPR). Drafted on 02.08.2021 Last change 21.04.2023.


1. Controller

Lifa Air Plc
Eteläranta 14
00130 Helsinki
+358 9 394 858
asiakaspalvelu@lifa.net


2. Contact person responsible for the register

tietosuoja@lifa.net

3. Name of the register

Lifa Air customer register, marketing register and online service user register.


4. Legal basis and purpose of processing personal data

The legal basis for the processing of personal data under the EU's General Data Protection Regulation is
The consent of the person (documented, voluntary, identified, informed and unambiguous)
Agreement to which the data subject is a party.
The purpose of processing personal data is to communicate with customers, maintain a customer relationship and marketing. The data is not used for automated decision-making or profiling.


5. Data content of the register

The information stored in the register includes:
Person's name
Company/Organization
Contact information (phone number, email address, address)
Information on the services/products ordered and their changes
Billing information
Other information related to customer relationship and ordered services
Website addresses
IP address of the network connection
IDs/profiles on social media services
The data retention period is five (5) years from the last customer transaction (purchase).
The IP addresses of website visitors and cookies necessary for the functioning of the service are processed on the basis of a legitimate interest, for example, for the purpose of providing information security and collecting the statistical data of site visitors where they can be considered to be personal data. If necessary, third-party cookies will be asked for consent separately.


6. Regular data sources

The information stored in the register is obtained from the customer, for example, from messages sent using web forms, e-mail, telephone, social media services, contracts, customer meetings and other situations in which the customer discloses their data. Information from contact persons in companies and other organisations can also be collected from public sources such as websites, directory services and other companies.


7. Regular disclosures of data and transfer of data outside the EU or EEA

The data will not be regularly disclosed to other parties. The information may be published to the extent agreed with the customer. Data may also be transferred outside the EU or EEA by the controller. The data will not be transferred to the United States without the explicit consent of the data subjects.


8. Principles of registry protection

Care is taken in the processing of the register and the data processed through information systems is properly protected. When stored on Internet servers, the physical and digital security of their hardware is properly ensured. The controller ensures that stored data, server access rights and other data critical to the security of personal data are handled confidentially and only by the employees whose job description it belongs to.

 



9. Right of inspection and right to demand rectation of data

Each person in the register has the right to check their data stored in the register and to demand that any incorrect information be corrected or that incomplete information be completed. If a person wishes to check or request rectification of the data stored about them, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month).


10. Other rights related to the processing of personal data

A person in the register has the right to request the deletion of personal data concerning him or her from the register (the "right to be forgotten"). Data subjects also have other rights under the EU's General Data Protection Regulation such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit set in the EU's General Data Protection Regulation (usually within one month).