Privacy Policy

Privacy Policy and Register Description
This is CC Safety Ltd's register and privacy policy description in accordance with the General Data Protection
Regulation (GDPR) of the European Union. Prepared on 15th December 2023. Last updated on 15th
December 2023.

1. Data Controller
CC Safety Ltd, Taoskuja 4 A9, 20320 Turku

2. Contact Person for the Register
Lisa Creutzburg, ccsafetyoy@outlook.com, phone: 0458926166
Other contact person: Nina Creutzburg, phone: 0400637475

3. Register Name
33200 Installation of Industrial Machinery and Equipment, etc.

4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data in accordance with the General Data Protection Regulation of
the EU is:
– the individual's consent (documented, voluntary, specific, informed, and unambiguous)
– a contract in which the data subject is a party
– the legitimate interest of the data controller (e.g., customer relationship before a contract, employment
relationship, membership).
The purpose of processing personal data is to communicate with customers and maintain customer
relationships. The information will not be used for automated decision-making or profiling.

5. Content of the Register
The information to be stored in the register includes: the person's name, position, company/organization,
contact details (phone number, email address, address), website addresses, IP addresses for internet
connections, usernames/profiles on social media services, billing information, and other information
related to customer relationships and ordered services. IP addresses of website visitors and cookies
necessary for the functioning of the service are processed on the basis of legitimate interest, for example,
to ensure security and to gather statistical information about website visitors when such data can be
considered personal. Consent for third-party cookies is requested separately if necessary.

6. Regular Data Sources
The information to be stored in the register is obtained from the customer through, for example, messages
sent via websites, email, telephone, social media services, contracts, customer meetings, and other
situations in which the customer provides their information. Contact information for companies and other
organizations may also be collected from public sources such as websites, directory services, and other
companies.

7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA
Information is not regularly disclosed to third parties. Information may be published to the extent agreed
upon with the customer. Data may also be transferred by the data controller outside the EU or EEA. Data
will not be transferred to the United States without the explicit consent of the data subjects. If you disclose

personal data to different parties, please specify the potential recipients or recipient groups (including data
processors/subcontractors), the purposes related to the processing of personal data, and the legal basis for
transfers outside the EU.

8. Principles of Register Protection
Care and appropriate safeguards are applied in the processing of the register. When register data is stored
on internet servers, both the physical and digital security of the hardware is appropriately managed. The
data controller ensures that stored information and access to servers, as well as other information critical
to the security of personal data, are handled confidentially and only by employees whose job description
requires it.

9. Right to Inspection and Right to Demand Correction of Information
Every individual in the register has the right to inspect the information stored in the register and to demand
the correction of any erroneous information or the supplementation of any incomplete information. If a
person wishes to inspect the information stored about them or request correction, the request must be
sent in writing to the data controller. If necessary, the data controller may request the requester to prove
their identity. The data controller will respond to the customer within the time frame stipulated by the EU
General Data Protection Regulation (usually within one month).

10. Other Rights Related to the Processing of Personal Data
Individuals in the register have the right to request the deletion of their personal data from the register
("right to be forgotten"). Likewise, data subjects have other rights according to the EU General Data
Protection Regulation, such as the right to restrict the processing of personal data in certain situations.
Requests should be sent in writing to the data controller. If necessary, the data controller may request the
requester to prove their identity. The data controller will respond to the customer within the time frame
stipulated by the EU General Data Protection Regulation (usually within one month).