Description of the personal register
Arkadia Finance’s customer and marketing register
Registry description in accordance with section 10 of the Personal Data Act (523/99) (FI). Drafting date 15 May 2018. Last updated 15 May 2018.
1. Data controller
Draivi Media Oy, Business ID 2464551-6, PO Box 215, FI-00101 Helsinki, Finland
2. Person responsible for registration matters
Address: PO Box 215, FI-00101 Helsinki, Finland
3. Name of the registry
Arkadia Finance’s customer and marketing register.
4. Purpose of processing personal data (purpose of the register)
The register is used with the customer’s consent and due to the customer’s service request to identify and identify the customer in Arcadia Finance’s online service, where the customer can submit an application and receive offers for loan and other financial products from Arcadia Finance’s partners. The register is also used to perform storage, reporting and inquiry obligations based on the law and in accordance with the regulations and instructions of the authorities.
The personal data from the register may also be used for the purpose of direct marketing of the services of the controller within the limits permitted by law.
The personal data from the register is also used for the management of Arcadia Finance’s customer service and customer relationships, as well as for the administration and handling of possible complaints and for internal marketing and customer analysis and marketing research.
The personal data from the register can also be used to modify our electronic services so they can be personalized for the users on our various websites (such as www.arkadiarahoitus.fi).
The personal data in the register can also be used to further develop Draivi Media Oy’s own business.
Your personal ID will be stored on Draivi Media Oy’s server only in case of errors and even then only temporarily for 7 days.
If you do not provide information that is marked as required when requesting information, Arcadia Finance may not be able to provide you with services.
Some Arcadia Finance services may require special terms for the processing of personal information. The special terms are separately announced and the user is asked for permission to apply them when the user uses the services.
5. Information content of the register
The register contains information on product applicants, customers and marketing targets according to the following grouping:
5.1 Information related to the identity of the applicant
First and last names
Revenue and expenditure data
Blocks and consents to direct marketing
Customer feedback and complaints
The IP address of the terminal device used by the customer, and cookies
Additional information provided by the customer regarding matters relevant to the services offered by the controller
5.2 Information regarding the application
Product type and other product information
Date of application
5.3. Information on the person subject to direct and other marketing
First and last names
Blocks and consents to direct marketing
6. Regular sources of information in the register
The register collects information from the user in connection with the creation of a customer relationship and during the duration of the customer relationship. Personal information is collected:
– By inquiring from the data subject and when the data subject uses the various web pages of Draivi Media Oy
7. Disclosure of information
Draivi Media Oy may disclose information only within the limits regulated by law. The information to be provided shall not exceed the following personal data:
All information required by the authority shall be disclosed in the inquiry of the authority.
For the sake of clarity, it is stated that Draivi Media Oy’s personnel and third parties acting on its behalf have a duty of confidentiality in connection with all customer information.
8. Data transfer outside the EEA
Draivi Media Oy does not transfer personal data outside the European Economic Area, even in electronic form.
9. Registry security
The use of the personal register has been instructed by the controller’s organization, and access to the personal register is restricted so that only those who are entitled to do so can access and use data of the registered person contained in the personal register. The controller has arranged access control, locks and burglar alarm systems to its premises. IT systems are protected by anti-malware software, firewall software, user management and other modern methods. The staff of the controller is trained to process personal data correctly. The controller has in place internal policies and regulations regarding the correct processing of personal data.
Mandate agreements oblige those who process personal data on behalf of the controller to protect personal data in a similar way.
On the website, data is protected by an encrypted SSL connection, as well as encryption during data transfers.
10. Right of block of the data subject
The data subject shall have the right to prohibit the controller from processing personal data concerning him or her for the purposes of direct mail, distance selling and other direct marketing, as well as market and opinion research.
11. Right of inspection of the data subject, correction of data and data retention period
The data subject has the right to inspect the personal data stored in the personal register and to receive copies thereof in the manner specified by law.
Upon termination of the customer relationship, the customer’s data shall be deleted from the register as soon as their processing is no longer necessary, but no later than after the expiry of the term required by law. The controller shall correct, delete or supplement personal data in the register that is incorrect, unnecessary, incomplete or out of date for the purpose of processing on its own initiative or at the request of the data subject in the manner prescribed by law.
In order to exercise the data subject’s right of prohibition and inspection and to correct the data, the data subject must contact the person responsible for registry matters.