Data policy and Privacy Notice

KRUT Collective Ab Oy (Krut) processes and produces data, therefore it is important for us and our customers that we follow the best practices when processing data. We always strive to process data responsibly and transparently and to protect data in all stages of its life cycle. We protect personal data and sensitive business contents in accordance with laws, contracts and best practices, and we inform our customers and other stakeholders how their data is protected.

Data protection principles

This data policy also serves as our privacy statement, where we inform the data subjects and other stakeholders how we process and store personal data and ensure the legal rights of the data subject. We do identify and implement the requirements of data protection legislation in when handling personal data.

We act as a data controller for our company’s core operations, but we can also act as a data processor on behalf of our clients.

Our legal grounds for processing personal data are, depending on the context, the data subject’s consent, a contract, legitimate interest and the controller’s legal obligation in relation to the management of our company.

We do limit access to personal data to only those persons and entities who have a role-based need to process the data and who are committed to comply with our data protection and data security principles.

Third countries

We do not transfer personal data to such services, countries or entities whose level of data protection we have not sufficiently verified.

Storage periods

We store personal data for three years, unless there are statutory or contractual grounds for a longer storage period.

Rights of the registrant

In terms of data protection, a data subject is defined as a natural person whose personal data is collected, stored or processed by the controller, i.e. Krut. The data subject can be, for example, a customer or a person who reads our pages.

As a data subject, you have the right to

• get information about how we process your personal data

• access your information

• correct your information

• delete your data and be forgotten

• restrict data processing

• object to data processing

• not to be subject to automatic decision-making.

The registrant cannot exercise all rights in all situations, in certain situations we may have a legal or contractual obligation to continue processing or storing personal data.

Technical and organisational security measures

We protect personal data with appropriate data security measures and by regularly reviewing our processing procedures.

Information security principles

Our company is committed to ensuring a high level of information security in all our operations in terms of data confidentiality, integrity, and availability. In our company, information security is based on risk management and the implementation of best practices, contracts, and statutory requirements.

When processing data, we primarily always use well-known and high-quality IT services.

In order to ensure a high level of information security and to constantly improve our security, we regularly conduct reviews with the support of an external partner.

We ensure that access to our information and services is appropriate and that the security of our services is sufficiently hardened in case of information security vulnerabilities.

We cooperate with our stakeholders in terms of information security, especially by preparing in advance for the processing of possible information security deviations.

Copyright

Basically, we retain the copyright to the content we create, unless it is content owned by our customer.

Inquiries and change requests

Our contact information, also in matters related to data policy, data protection and information security, is [email protected], our postal addresses are:

[email protected]

+358 40 5088176

c/o A Grid PB 13100, 00076 Aalto

The date of this instruction

This data policy was last updated on 4.9.2024, we recommend checking at https://krut.fi/data-policy/ whether the content of the policy has been updated.

 © KRUT Collective & U Data Security