top of page

Privacy Statement

This is the record of processing activities of Flück Accounting Oy (3363409-3) in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 18 September 2024. Latest change 18 September 2024.

 

1. Controller (registrar)

Flück Accounting Oy
Töykkälänkatu 19 A1
20540 Turku
Finnish

040 579 3231
laura.fluck@fluck.fi

2. Contact person responsible for the register

Laura Flück
Data protection officer

040 579 3231
laura.fluck@fluck.fi
 

3. Register name

Requests for offer register

4. Legal basis and purpose of personal data processing

In order to develop our sales and marketing, we keep a record of the requests for offers we receive. According to the EU General Data Protection Regulation, the legal basis for processing personal data is the person's consent. By contacting us, the person accepts that his/her personal data may be stored in our requests for quotation database.

 

5. Data content of the register

The information recorded in the register is:

  • the person's name

  • organization's name and ID

  • the content and value of the request for offer

  • the source of the request for quotation and the time of receipt

  • other necessary information needed to prepare the offer

 

The personal data will be deleted from the register no later than 10 years after receiving the request for offer.

6. Regular sources of information

The information saved in the register is obtained from the customer, e.g. from messages sent via web forms, by e-mail, by phone, from websites, via social media services, contracts, customer meetings and other situations where the customer discloses their information.

Information about contact persons of companies and other organizations can also be collected from public sources such as trade and other official registers, websites,  as well as other services and companies. 
 

7. Regular transfer and hand over of data outside the EEA

Personal data will not be transferred to parties other than the controller's possible subcontractors, nor outside the EEA.

The data may however be processed on the accounting firm's computers and mobile devices outside the EEA countries during the personnel's' trips abroad, for a maximum of 6 months at a time, if the person's home address is in an EEA country.

The main tool for data processing and storage is Microsoft's 365 service. The accounting firm
may also use other services and service models where data processing and storage takes place in Finland or other EEA countries. 

8. Register protection principles

Care is taken when handling the register and the information systems used to process the data are are properly protected. When registry data is stored on internet servers, the physical and digital data security of their hardware is taken care of accordingly. The controller ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those who with access to the data based on their job description. 

 

9. Right of inspection and right to demand correction of incorrect data

Every person in the register has the right to check their data stored in the register and demand the correction of any incorrect data or the completion of incomplete information. If a person wants to check the data stored about him or demand correction, the request should be sent by e-mail to the controller. If necessary, the controller may ask the requester to prove his identity. The controller responds to the requester within the time stipulated in the EU Genral Data Protection Regulation (generally within a month).

 

10. Other rights related to the processing of personal data

A person in the register has the right to request the removal of his personal data from the register ("the right to be forgotten"). Those registered also have other rights according to the EU General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests should be sent by e-mail to the controller. If necessary, the controller may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU General Data Protection Regulation (generally within a month). 

bottom of page