Invoice register

Last updated: 17.12.2024

Controller
Oy Hangö-Hanko Logistics Ab (Business ID: 1849046-6) Hemming Elfvingintie 5, 10960 Hangö, Finland.

Contact
Bo Isaksson
bo.isaksson@hankologistics.fi
+358 (0)40 0896073

Legal basis for processing
Agreement

Purpose of processing
The purpose of the Invoice Register is to enable the delivery of invoices to customers. The data may also be used for the development of the controller's business. Customers have the right to object to the publication of their data by informing Customer Service by e-mail or by contacting the controller. The legal basis for processing is a contractual relationship.

Categories of personal data
Information about representatives of business customers.

Recipients and groups of recipients
Staff of the organisation and, where appropriate, external partners (financial management, recovery).

Contents of the register
The register of invoices contains the following information:

- First name and surname

- Represented organisation (B2B)

- Email address

- Phone number

- Price and payment information

Regular data sources
Information is obtained from customer registrations and messages during the customer relationship. Names and contact details may also be updated through government or commercial update services. Data may also be obtained from subcontractors related to the use or provision of the service.

The register of accounts is used only by the controller, except when an external service provider is used for value-added services, billing or credit assessment.

Information is not disclosed to third parties or partners, except for credit applications, collection or billing purposes or where required by law. Personal data will be deleted upon request, unless prohibited by law, unpaid invoices or collection measures.

Retention period
Personal data is kept for 10 years after the end of the customer relationship.

Regular data sharing
Data is not regularly shared outside the organisation, except when an external service provider is used for value-added services or credit decisions. Data will be deleted upon request unless prohibited by law or outstanding claims.

Transfer outside the EU/EEA
Data is not regularly transferred outside the EU/EEA. However, it is possible that service providers or their cloud services are located outside the EU/EEA. In such cases, standard contractual clauses (SCCs) and other safeguards such as internal guidelines (e.g. pseudonymisation) and, where appropriate, Transfer Impact Assessments (TIAs) are used.

If data is transferred to the US, the recipient must sign an EU-US data protection agreement, which is used as the legal basis.

Protection of manual data
Contact details and other manual documents containing customer data collected during customer contacts are stored in locked and fire-proof premises after first processing. Only designated employees who have signed a confidentiality agreement are allowed to handle this information.

Protecting electronic data

Only authorised employees of the organisation or its subcontractors have access to the register. Each user has a personal username and password and a signed confidentiality agreement. The system is protected by a firewall to prevent unauthorised external connections. Processing is carried out in accordance with data protection legislation, regulatory requirements and good practice.

Cookies

We use cookies on our website. A cookie is a small text file that is sent to and stored on a user's device. Cookies do not harm the user or the device. Cookies are used to improve and personalise the user experience and to analyse and improve the functionality and content of the website.

The information obtained from cookies may also be used for targeted communications and marketing and marketing optimisation. Visitors cannot be identified from cookies alone, but the data may be combined with other information, such as form responses.

Cookies are collected:

- Visitor's IP address

- Date of visit

- Pages visited and time spent

- Web scrollers

Your rights
You can block cookies at any time using the cookie banner or your browser settings. Blocking cookies may affect the functioning of the website.

Right of access
You have the right to request what information is stored about you. Requests are made in writing or by using a verifiable email address.

Right to object
You have the right to object to the use of your data for direct marketing or surveys by contacting Customer Service.

Right to rectification

You can request that inaccurate, unnecessary, incomplete or outdated information be corrected, deleted or supplemented.

The request must be signed and submitted in writing or sent from a verifiable email address. Indicate what information is being requested to be corrected and why.

The repair will be carried out without delay. The parties concerned will be informed. The reasons for refusal will be given in writing and the matter may be referred to the EDPS.

Right to restriction of processing
You can request restriction of processing, for example, if your data are inaccurate. Please contact the controller.

Right to erasure
You have the right to request access, rectification or erasure of your data. If you are a company contact, your data cannot be deleted during this period.

Right to complain
If you believe that your data has been processed unlawfully, you can lodge a complaint with the supervisory authority in the country where you live or work.

Contact details of the Data Protection Officer:
Office of the Data Protection Officer

Visiting address: Lintulahdenkuja 4, 00530 Helsinki.

Postal address: PB 800, 00531 Helsinki

Phone number: +358 29 566 6700.

Registry: +358 29 566 6768

Email: tietosuoja@om.fi

www.tietosuoja.fi

Other rights
You have the right to object to the use and processing of your data for direct marketing purposes, to request anonymisation if necessary and to be completely forgotten.