Privacy Policy in accordance with the EU General Data Protection Regulation (2016/679)

Purpose

OpenCO2net Oy (hereinafter the “controller”) processes the personal data of its customers and users of services (hereinafter “data subjects”) on the OpenCO2.net platform. The purpose of this privacy statement is to provide data subjects with information on how the controller processes the personal data of data subjects.

Data controller

OpenCO2net Oy (2796796-7)
Luuvantie 42
02620 Espoo

Contact person for data files

Sari Siitonen

info(a)openco2.net

Name of the database

OpenCO2net Oy’s customer and user register

Purpose and legal basis for processing personal data

The controller processes the personal data of data subjects in order to improve implementation of the service agreement between the parties. Personal data is processed for customer relationship management purposes, to implement and develop the online service and for statistical purposes. The controller uses personal data for marketing purposes in accordance with valid data protection legislation.

Information contained in the register

OpenCO2net Oy’s customer and user register contains the following information provided by data subjects: customer name, address, email address, language choice, user password, user type (business user, private individual, researcher, verifier), business ID or similar business identifier, website address and the given and family name, email address and telephone number of the company’s or organization’s contact person.

Other information collected from the user includes the initial data provided by the user for emission calculation.

Collection of personal data

Personal data may be collected from users at the start of the customer relationship, in conjunction with registration and when using the service.

Personal data retention

Personal data is stored in the register for a maximum of 10 years after the end of the customer relationship in order to fulfil obligations relating to accounting.

Data recipients

The register and the information it contains are processed solely by OpenCO2net Oy, its subcontractor Codelia Oy as well as service providers it uses for accounting and invoicing purposes.

The controller does not disclose personal data other than to the aforementioned third parties. An exception to this is information provided to the authorities as required by law.

Transfer of data to outside of the EU or EEA

The controller does not transfer personal data to outside of EU member states or the European Economic Area.

Register protection principles

The register is used by OpenCO2net Oy. Personal data is kept confidential. The controller’s information network and hardware on which the register is stored are protected by a firewall and other necessary technical and organizational measures, taking into account the available technical possibilities and the costs arising from these measures.

Rights of data subjects

Under valid data protection legislation, persons whose personal data is stored in the register have the right of access to their personal data. In addition, data subjects have the right to:

• Obtain information about the purposes of processing their personal data.
• Request the correction of any incorrect or incomplete personal data and the removal of any unnecessary or outdated personal information. The request is made by submitting a written request to the contact person for OpenCO2net Oy’s contact person for register matters.
• Prohibit the use of their own personal data for direct marketing purposes by submitting a written request to OpenCO2net Oy’s contact person for register matters.
• Complain to the data protection authority if personal data is processed contrary to this privacy statement or valid data protection regulation.

This Privacy Policy was updated on Jan 25, 2023.