KRUT Collective Ab Oy (Krut) processes and produces data, therefore it is important for us and our customers that we follow the best practices when processing data. We always strive to process data responsibly and transparently and to protect data in all stages of its life cycle. We protect personal data and sensitive business contents in accordance with laws, contracts and best practices, and we inform our customers and other stakeholders how their data is protected.
Data protection principles
This data policy also serves as our privacy statement, where we inform the data subjects and other stakeholders how we process and store personal data and ensure the legal rights of the data subject. We do identify and implement the requirements of data protection legislation in when handling personal data.
We act as a data controller for our company’s core operations, but we can also act as a data processor on behalf of our clients.
Our legal grounds for processing personal data are, depending on the context, the data subject’s consent, a contract, legitimate interest and the controller’s legal obligation in relation to the management of our company.
We do limit access to personal data to only those persons and entities who have a role-based need to process the data and who are committed to comply with our data protection and data security principles.
Third countries
We do not transfer personal data to such services, countries or entities whose level of data protection we have not sufficiently verified.
Storage periods
We store personal data for three years, unless there are statutory or contractual grounds for a longer storage period.
Rights of the registrant
In terms of data protection, a data subject is defined as a natural person whose personal data is collected, stored or processed by the controller, i.e. Krut. The data subject can be, for example, a customer or a person who reads our pages.
As a data subject, you have the right to
• get information about how we process your personal data
• access your information
• correct your information
• delete your data and be forgotten
• restrict data processing
• object to data processing
• not to be subject to automatic decision-making.
The registrant cannot exercise all rights in all situations, in certain situations we may have a legal or contractual obligation to continue processing or storing personal data.
Technical and organisational security measures
We protect personal data with appropriate data security measures and by regularly reviewing our processing procedures.
Information security principles
Our company is committed to ensuring a high level of information security in all our operations in terms of data confidentiality, integrity, and availability. In our company, information security is based on risk management and the implementation of best practices, contracts, and statutory requirements.
When processing data, we primarily always use well-known and high-quality IT services.
In order to ensure a high level of information security and to constantly improve our security, we regularly conduct reviews with the support of an external partner.
We ensure that access to our information and services is appropriate and that the security of our services is sufficiently hardened in case of information security vulnerabilities.
We cooperate with our stakeholders in terms of information security, especially by preparing in advance for the processing of possible information security deviations.
Copyright
Basically, we retain the copyright to the content we create, unless it is content owned by our customer.
Inquiries and change requests
Our contact information, also in matters related to data policy, data protection and information security, is [email protected], our postal addresses are:
+358 40 5088176
c/o A Grid PB 13100, 00076 Aalto
The date of this instruction
This data policy was last updated on 4.9.2024, we recommend checking at https://krut.fi/data-policy/ whether the content of the policy has been updated.
© KRUT Collective & U Data Security