Customer Register Privacy Statement and Information Document

Company / Registrar

ClarkApps Oy

business ID: 2714418-6

Linnankatu 13 A 2

20100 Turku

Data Protection Officer / Registry Officer

Jarno Henriksson

Name of the register

ClarkApps Oy's customer register

The purpose and legal basis for processing personal data stored in a customer register

The processing of personal data collected by ClarkApps Oy in the customer register is aimed at customer communication; managing and developing customer relationships; analysis of customer data to determine customer levels; fulfilment of contractual obligations; marketing planning, implementation and targeting; and customer service and business development.

Registered data can be used for customer marketing, unless the data subject has denied it.

Issuing personal data is not a statutory requirement, but some of the information is a prerequisite for the conclusion of a customer agreement, and this information is mandatory for the contract.

The processing of personal data is based on the consent of the data subject pursuant to Article 6 (1) (a) of EU Data Protection Regulation (EU) 2016/679 and / or the implementation of the agreement between the parties to the agreement or the conclusion of the agreement and / or the registrar's justified benefit advantage of handling personal data.

The collected data can be used for profiling with automatic data processing to determine the likes of a person for direct marketing purposes.

Personal data to be collected in the register

The following information is collected in the register:

- name
- phone number
- postal address and postal code
- place of residence
- e-mail address
- date of birth
- social security number
- bank account number
- e-invoicing address
- username in the service
- password in the service
- e-mail (
- bonus code
- payment card identifier billing and payment information (received invoices and payments made)
- the payment information of the payment information forwarded
- purchases / orders made through the service
- the change history of the data
- bonus point data
- cookies
- address information related seal
- user approvals on the service
- user-defined settings in the service
- the marketing ban announced by the data subject

Regular information sources for personal data

Information is collected from individuals themselves and their service behaviour. In addition, invoicing information can be collected from invoice suppliers on the invoices delivered. Address data can be collected from Clark Apps Oy's partner Bisnode Oy.

Personal data beneficiaries and assigning outside the EU or ETA

Data collected in the register may be disclosed to companies belonging to the same group of ClarkApps Oy and ClarkApps Oy's partners for the delivery of invoices.

Information collected in the register is not regularly dispatched outside the EU or ETA. Data collected in the register may, however, be assigned to the subcontractors of ClarkApps Oy outside the EU or ETA, provided that the subcontractors concerned are covered by the Privacy Shield or are otherwise capable of ensuring adequate data protection and meeting data transfer requirements as required by the EU Data Protection Regulation.

Retention period of personal data

The registrar removes outdated, unnecessary and incorrect personal information as soon as it receives this information. Otherwise, the registrar keeps the personal data stored in the customer register until they are no longer required for the purposes of fulfilling the purpose of the customer register identified in this Privacy Statement (for example, following the termination of the customer relationship and subsequent obligations/responsibilities arising out of the customer relationship or the disagreement of disputes); due to the law-based obligation; or legally enforceable data retention.

Security measures and procedures for the protection of personal data

The register is stored electronically and securely protected by adequate technical safeguards and data protection methods.

The use of the register is only permitted for designated authorized persons whose task of maintaining and using the system. The persons processing the data are under the obligation of professional secrecy and have signed a confidentiality agreement. Personnel are instructed to process personal data

Registry information is protected against external use and the use of the registry is monitored. SSL-protected connections are used for all communications.

Rights of the data subject

The data subject has the right to know what information about him/her has been stored in the register or that the register does not have information about him/her. The data subject has the right to request the repair, deletion or supplementation of data stored of him/her if the recorded data are incorrect, unnecessary, incomplete or outdated for the purposes of data processing and collection identified in this Privacy Statement. In addition, the data subject has the right to request a restriction on the processing of his/her personal data and to request personal data to be transferred from one system to another. The right to request personal data to be transferred from one system to another covers the data subject's personal data transferred to the registrar, in a structured, commonly used and machine-readable form, and the right to transfer such data to another registrar when processing is based on consent and processing is performed automatically.

A data subject, who wishes to exercise his or her aforementioned privileges, shall file an individualized request with the contact person responsible for the register (section 2 of the Privacy Statement) by a document signed by him/herself or another document verified in a reliable manner. Compliance with the request for verification is charged at a reasonable rate if less than one year has elapsed since the previous inspection.

Prohibition, counterfeiting and limitation of personal data processing

The data subject has the right to withdraw his/her consent to the processing of personal data and to object to the processing of personal data without cancellation and/or objection affecting to the lawfulness of processing. The request for withdrawal of consent or for objection must be presented to the contact person responsible for the register (section 2 of the privacy statement) in a personally signed or equivalent form.

Countering direct marketing

The data subject has the right to deny the use of personal data to customer marketing. You can do this by e-mail ( at or on the web service and mobile app settings page.

Making a complaint about the processing of personal data

The data subject has the right to file a complaint with the Data Protection Ombudsman if the data subject considers that the processing of his/her personal data is in violation of existing legislation.