Hyppää sisältöön

1. Data controller

Bondata Group Oy (hereinafter “Bondata”)
Business ID: FI32935898
Naulakatu 3
FI-33100, Tampere

2. Register contact person

Kimmo Carlson
kimmo.carlson@bondata.fi
Naulakatu 3
FI-33100, Tampere

3. Name of the register

Bondata customer register

4. Basis and purpose for processing personal data

The processing of personal data is based on Bondata’s legitimate interest, an agreement or other relevant connection. The purpose of use of the personal data is the management, maintenance, development, analysis and statistics of the customer relationships between Bondata and its customers.

The data can also be used for the direct marketing of Bondata and its group companies and partners (incl. subscribing to the newsletter), targeting digital marketing, organising marketing competitions, profiling, distance selling and polls and market studies. The data can also be used for planning and developing Bondata’s business and services.

5. Data in the register

The register holds the following personal data:

The customer’s basic information:

  • First name
  • Last name
  • Email address
  • Kiinnostuksen kohde
  • Data content of the open data field in the form

6. Regular data sources

The register data is regularly collected from the customers themselves in connection to the use of the services and the online service or in connection to other dealings, as well as the data given in connection to signing the agreement and over its duration.

7. Regular data disclosures and data transfers outside the EU or EEA

Bondata does not regularly disclose the register data to external parties. However, the data can be occasionally disclosed in accordance with Finnish law. Bondata may transfer a data subject’s personal data into the Bondata direct marketing registry after the purpose for the contact has ended.

Bondata uses partners outside the European Union and the European Economic Area in order to provide its services. Due to this, some data related to the use of the service as well as personal data are partially transferred to the United States of America. The sufficient level of data security in data processing will be ensured by using the European Commission’s Standard Contractual Clauses.

8. Principles of register protection and data retention period

Only the employees that have the right to process personal data for the purposes of their job are entitled to use the system containing customer data. Each user has their own user name and password for the system The data is collected into databases that are protected with firewalls, passwords and other technical measures. The databases and their backups are kept in locked facilities and only certain, designated persons have access to the data. The personal data will be stored for as long as necessary to its purpose of use, with consideration to the retention periods required by legislation, such as the Consumer Protection Act, the Accounting Act and the Prepayment Act.

9. Right of inspection and right to rectification

The data subject has the right to inspect the data stored in the personal register related to them and the right to demand for the rectification and erasure of the data. Requests related to this must be submitted in person or in writing to the contact person named in section 2.

10. Other rights related to processing of personal data

The data subject has the right to prohibit the data controller from processing information related to them for the purposes of direct marketing, market research and polling. Such a prohibition can be reported at any time to the contact person named in section 2.


In accordance with the General Data Protection Regulation, the data subject has (starting from 25 May 2018) the right to object to or request restriction of the processing of their data and to file a complaint about the processing of personal data with a supervisory authority.