1. Data controller

Nordic C-Management Oy

Business ID: 2485085-1

Salomonkatu 17 B, 00100 Helsinki

asiakaspalvelu@c-management.fi

2. Contact Person for Register Matters

Jörgen Weckström

asiakaspalvelu@c-management.fi

3. Name of the Register

Yritä kevyesti Customer and User Register

4. Data Subjects

– Business owners and employees using the Yritä kevyesti software

– Website visitors

– Newsletter and marketing message recipients

– Partners and service providers

5. Purpose of Personal Data Processing

Personal data is processed for:

– Providing software services and managing customer accounts

– Accounting and financial administration services

– Customer service and communication

– Customer service and communication

– Marketing communication and newsletters (with consent)

– Website analytics and development

The processing is based on:

– Contracts and customer relationships

– Legal obligations (e.g., accounting laws, tax legislation)

– Consent (e.g., marketing purposes)

6. Data Content of the Register

The register may include:

– Contact details: name, email, phone number, company, title

– Login details (email, hashed password)

– Billing data: invoices, payments, contracts

– Interaction data: support requests, usage logs

– Analytics data: IP address, browser, device, site behavior

You may request correction or deletion of your data unless required by law.

7. Regular Disclosures of Data

Data may be disclosed to:

– Authorities (e.g., Tax Administration)

– For C-Management’s accountants and financial administration partners

– Hosting and IT service providers

– For payment service providers and analytics platforms

Data is not sold or disclosed to third parties for marketing without consent.

8. Transfer of Data Outside the EU

Data is primarily stored within the EU/EEA.

If data is transferred outside the EU, EU-approved safeguards such as standard contractual clauses will be applied.

9. Principles of Data Security

Data security is ensured through:

– Firewalls, encryption, and secure authentication

– Access control: only authorized personnel can access the data

– Regular audits and system updates

10. Data Retention and Deletion

– Accounting data: 6 years (according to accounting law)

– Customer data: 2 years after the end of the customer relationship

– Analytics data: according to cookie/tool-specific retention times

Data will be deleted or anonymized when no longer needed. Deletion requests will be honored unless restricted by law.

11. Data Subject Rights

Data subjects have the right to:

– Know if their data is being processed

– Access and correct their data

– Request deletion if there is no legal basis for processing

– Object to or restrict data processing

– Withdraw consent (e.g., unsubscribe from marketing)

– File a complaint with the data protection authority

Requests will be processed within 30 days.