Hadron Data Protection Notice

This register and data protection description has been prepared by Hadron Ltd in accordance with the EU General Data Protection Regulation (GDPR). Our goal is to help you understand how Hadron Ltd (hereinafter "Hadron", "the company", "we") collect and use your personal data, and how you can exercise your data protection rights.

Prepared: 20 October 2024

Latest change: 20 October 2024

Name: Hadron Ltd Address: Vilhelmsbergsgränd 20C, 00500 Helsingfors, Finland

Aatos Akvilander gdpr@hadron.so

Customer and marketing register of Hadron

The legal basis for processing personal data according to the EU General Data Protection Regulation is:

The purpose of processing personal data is communication with potential, current, and former customers, maintaining customer relationships, and marketing.

The data is not used for automated decision-making or profiling.

The customer and marketing register can include:

Data is stored as long as the customer relationship creates obligations and thereafter according to the Accounting Act for 6 years, unless the customer relationship is reactivated through contact, an offer request, or a new order. Anonymized data is stored after 6 years.

IP addresses and cookies from website visitors are processed based on legitimate interest for security and statistical collection. Consent is separately obtained for third-party cookies if necessary. Data is stored in connection with visits to the website.

Data stored in the register is obtained from the customer, e.g. through messages sent via web forms, email, phone, social media services, agreements, customer meetings, and other situations where the customer provides their information.

Contact details for contact persons in companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.

Hadron may disclose customers' or partners' personal data to its partners if necessary to fulfill contractual obligations, such as to subcontractors, system suppliers, or other third parties. Data can also be disclosed to authorities to fulfill statutory obligations. In all cases, the disclosure is done in accordance with applicable data protection legislation.

Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer.

Data is generally not transferred by the data controller outside the EU or EEA except in special cases.

The register is handled with care, and the data processed with the help of data systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of their hardware is ensured appropriately. The data controller ensures that stored data, as well as access rights to servers and other critical information related to the security of personal data, are treated confidentially and only by employees whose job description includes this.

Every person in the register has the right to review their registered data and request the correction of any incorrect data or the completion of incomplete data. If a person wishes to review the data stored about them, or request its correction, the request should be sent in writing to the data controller. The data controller may, if necessary, request the requester to prove their identity. The data controller responds to the customer within the time stipulated by the EU General Data Protection Regulation (usually within one month).

The registered person has the right to request the deletion of their personal data from the register (“the right to be forgotten”). Similarly, the registered person has other rights according to the EU General Data Protection Regulation, such as the restriction of processing personal data under certain conditions. The request should be sent in writing to the data controller. The data controller may, if necessary, request the requester to prove their identity. The data controller responds to the customer within the time stipulated by the EU General Data Protection Regulation (usually within one month).