The company Solved, s.r.o., with its registered office at Legionárska 1, 010 01 Žilina, Slovak Republic, company ID No. 50 605 992, registered with Commercial register of District Court Žilina, section Sro, insert No. 66737/L (the “Service Provider” or “Controllor”) owns and administrates Solved. on-line advisory service (the “Service”), the web page www.solved.fi and web application – platform https://app.solved.fi/ (the “Site”).
By registering as the User of the Site or accessing, browsing, and using the Service and/or the Site in any other way the person or organization (the “User”) acknowledges that the User has read and understood these Privacy Policy.
In accordance with Article 13 of Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “GDPR”) and Slovak Act No. 18/2018 Coll. on Protection of Personal Data as amended (the “Act”), the Service Provider hereby informs the User on the following:
The Service Provider ID:
Business name: Solved, s.r.o.
Registered seat: Legionárska 1, Žilina 010 01, Slovak Republic
Company ID no: 50 605 992
Acting through: Ing. Radoslav Mizera, Managing Director
Janne Markus Hietaniemi, Managing Director
Contact: [email protected]
Tel. number: +421 948 273 327
Processed personal data of the User:
2.1 Registration data:
2.2 Contact form:
a. name, surname, e-mail, and other personal information provided.
2.3 Marketing
a. name, surname, e-mail, mobile number.
The categories of personal data concerned:
The Service Provider processes the personal data. The Service Provider does not process special categories of personal data (sensitive data) or personal data relating to criminal convictions and offences.
The purposes of the processing for which the personal data are intended as well as the legal basis for the processing:
The purpose of the processing:
Fulfilling of the obligations resulting from the contract concluded with the User, displaying of the User on the Site, supporting services for the Service, the User support services related to the Service.
Processing of personal data for the purpose of processing a response based on a request from the data subjects sent in the form of a contact form. The data subject grants the consent to the processing of personal data by sending a contact form.
The legal basis for the processing:
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into
a contract (registration to the app).
The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Contact form).
The legitimate interests pursued by the Controller or by a third party, if the processing is based on point (f) of Article 6(1) of the GDPR (marketing).
The legitimate interests pursued by the Controller or by a third party, if the processing is based on point (f) of Article 6(1) of the GDPR:
Personal data is processed based on such a title in the case of marketing communications.
The recipients or categories of recipients of the personal data:
Company Solved – The Cleantech Company Oy., with registered seat at Norkkotie 16, 90540 Oulu, Finland, company ID no. 2541349-3, as the sole owner of the Service Provider
External IT administrator
External data storage
External provider of accounting services
Information on whether the Service Provider intends to transfer personal data to a third country or international organization, the identification of a third country or an international organization:
Service Provider does not intend to transfer personal data to a third country or international organization.
The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period:
For the period of the User´s registration with the Service. Personal data obtained before account deactivation are stored in the data store. The User may request the deletion of all personal data in writing. The Service Provider will cancel within 30 days of the date of the request.
The User agrees to keep the contact form for 2 years. The User may withdraw approval for the contact form at any time.
Personal data for marketing purposes are processed for the duration of the user’s registration. The user may cancel the sending of marketing materials at any time.
The existence of the right to request from the Service Provider access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
Right of access by the data subject
The data subject shall have the right to obtain from the Service Provider confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
The purposes of the processing;
The categories of personal data concerned;
The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
The right to lodge a complaint with a supervisory authority;
Where the personal data are not collected from the data subject, any available information as to their source;
The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The Service Provider will provide a copy of the personal data that is being processed. Any additional copies requested by the User may be charged by the Service Provider for an appropriate fee corresponding to the administrative costs. Where an application is submitted by electronic means, the information shall be provided in the commonly used electronic form, unless a different mean is requested.
Information must be provided immediately, not later than within 1 month. The Service Provider has the right to prolong the processing time of the application for another 2 months if the request is complex or frequent. However, the notification must be made within one month of the reason for the extension of the processing period.
In the case of an unjustified or too frequent request, the Service Provider has the right to charge a reasonable charge or to reject the application. It must explain the reason for the refusal and the right to refer the complaint to the supervisory authority.
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Information must be provided immediately, not later than within 1 month. The Service Provider has the right to prolong the processing time of the application for another 2 months if the request is complex or frequent. However, the notification must be made within one month of the reason for the extension of the processing period.
In the case of an unjustified or too frequent request, the Service Provider has the right to charge a reasonable charge or to reject the application. It must explain the reason for the refusal and the right to refer the complaint to the supervisory authority.
Right to erasure (‘right to be forgotten’) or right to restriction of processing
The data subject shall have the right to obtain from the Services Provider the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
The personal data have been unlawfully processed;
The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Previous two sentences shall not apply to the extent that processing is necessary:
For exercising the right of freedom of expression and information;
For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
For reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR
For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
For the establishment, exercise or defence of legal claims.
The data subject shall have the right to obtain from the Service Provider restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted pursuant to Article 18 (1) GDPR, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Right to object
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
The processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
The processing is carried out by automated means.
The Service Provider has a data portability period of time of 1 month; it can be extended by 2 months if the portability is complicated. They must provide information about this and explain why the extension has occurred. In the event that the Service Provider does not take the steps required for data portability, they must inform the data subject about the reasons and on their right to file a complaint with the supervisory authority.
Right to withdraw consent to processing of personal data at any time
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The right to file an application under § 100 of the Act
The User has the right to file a petition for personal data protection with the Personal Data Protection Office. The purpose of the procedure is to determine whether the rights of natural persons have been violated in the processing of their personal data or that a law or a specific privacy policy has been breached and, if it is found to be inappropriate, to impose remedies or a fine for violation of the Act or a special regulation for the protection of the personal data.
The petition must include:
Name, surname, correspondence address and signature of the petitioner,
Identification of the subject against which the proposal is directed, including the name, surname, permanent address or name, registered office and identification number, if assigned,
The subject of the proposal, indicating the rights to be violated in the processing of personal data,
Evidence to support the claims made in the proposal,
A copy of the document or other evidence of the exercise of the right under the law or a special regulation, if such a right is invoked by the User, or a statement of reasons worthy of special consideration for the non-application of the right in question, if the application was filed by the User.
A petition´s template will be published at the Personal Data Protection Office´s website (https://dataprotection.gov.sk/uoou/en).
Defining, whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.
The provision of personal data is required for conclusion of a contract between the User and the Service Provider.
If the personal data is not provided, it will result into the impossibility of identifying the User and thus the impossibility of concluding of a contract between the User and the Service Provider.
The consent to the processing of personal data for the purpose of the contact form is provided by submitting the form. Granting consent is voluntary.
The existence of automated decision-making, including profiling:
The Service Provider does not use automated decision-making or profiling.