This website is maintained by Fiscal Oy. The company provides its customers with software products and services related to closely associated topics.
Comments
When visitors leave comments on the site, the site collects the data shown in the comment form, as well as the visitor’s IP address and browser user agent string to help detect spam.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS). Visitors to the site can download and extract any location data from images on the website. Media uploaded to the website retains its copyright and usage rights, but is also available for use by Fiscal Oy unless otherwise stated.
Contact Information
Information added to contact forms, newsletters, events, or other forms specified at that address is stored and saved in a secure database. If the data needs to be stored in a newsletter service for marketing or informational purposes, Fiscal Oy takes all measures to ensure that the service provider complies with current GDPR regulations. Data may be transferred outside the EU if servers are located outside the European Union. These servers also comply with the level of protection required by GDPR.
Cookies
If you leave a comment or log in to the site, you may choose to save your name, email address, and website in cookies. These are provided for your convenience so that you do not have to fill in your details again when you leave another comment or log in again. These cookies last for one year.
If you visit the login page, the site will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, the site will also set up several cookies to save your login information and screen display choices. Login cookies last for two days and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish content, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.
Cookies are also used to track and analyze website user traffic in accordance with the privacy policies stated by Google (Google Analytics) and other analytics data providers, such as MailChimp. Cookies are also used in the creation of custom audiences for analytics and marketing purposes. These custom audiences do not contain personal information that could lead to the identification of a specific individual.
Embedded Content from Other Sites
This site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
OTHER GDPR-RELATED INFORMATION
This document highlights the measures implemented by Fiscal Oy in relation to the General Data Protection Regulation (GDPR) and applies from May 25, 2018.
Many of the key concepts and principles of GDPR are largely the same as those in the current Data Processing Agreement (DPA), so most of the compliance steps remain valid under the new GDPR law. The purpose of the changes is to make Fiscal’s procedures transparent and systematically documented, so that they take into account GDPR’s new
provisions on transparency and individual rights.
1. Awareness
Fiscal Oy takes GDPR seriously and ensures that decision-makers and key individuals in the organization are aware of how GDPR affects the company’s operations. Key individuals and stakeholders are aware of the impacts and continuously strive to identify issues that may cause compliance problems as defined by GDPR.
2. Personal Data
Fiscal Oy monitors all personal data it collects, where it originates from, and with whom it is shared. Fiscal Oy maintains accurate records of data processing activities and data. A list of Fiscal Oy’s personal data repositories can be provided upon request.
3. Communication of Privacy Information
Fiscal Oy has verified that its current privacy notice is GDPR-compliant. When personal data is collected, Fiscal Oy explains how this data will be used. This is done through the privacy notice. In the privacy notice, we also explain the legal basis for data processing, data retention periods, and that users have the right to complain to the Information Commissioner’s Office if they believe our handling of their data is incorrect. The ICO’s Code of Practice for Privacy Policies is aligned with GDPR.
4. Individual Rights
Fiscal Oy’s procedures ensure that they cover all individual GDPR rights, including steps on how personal data is deleted or how data is provided to an individual upon their request.
GDPR includes the following individual rights:
Fiscal Oy stores personal data in accordance with GDPR about its customers, partners, and site users when they give permission to do so. Most rights are natural and relate to data stored during the customer, partnership, or visit process.
5. Data Access Requests
Fiscal Oy complies with requirements within 30 days of receiving notification of a subject access request (SAR) for personal data. A SAR must be submitted in writing to Fiscal Oy and will be processed free of charge. Fiscal Oy is prepared to respond to individual SAR requests relating to the following details:
The SAR response will be provided in writing. It can be sent either to a verified email address, collected from Fiscal Oy’s office, or sent by regular mail.
6. Legal Basis for Processing Personal Data
Fiscal Oy has a GDPR-compliant legal basis for data processing. Fiscal Oy has two main data repositories containing personal data:
Partner Register
The Partner Register contains basic information about individuals working with Fiscal Oy. The collected data is used for communication, tracking joint activities, and potential payment transactions.
Marketing Register
Fiscal Oy has a marketing register that contains personal data about individuals who have shown interest in Fiscal Oy and/or are in contact with Fiscal Oy. Individuals stored in the marketing register have given consent (Section 7) to store data in accordance with Fiscal Oy’s privacy notice (Section 3). Fiscal Oy reviews data processing methods annually to identify the legal basis for data processing and to comply with GDPR accountability requirements.
7. Consent
Fiscal Oy stores and manages individuals’ consent to store data in the marketing register. No data is stored in any register without consent. In practice, when an individual submits data to Fiscal Oy, they must read and accept the provided privacy notice. If data is received and stored manually in the register, consent is also requested.
Consent to process marketing data is given freely, is related to marketing purposes, is communicated to the individual, and is unambiguous. The consent option in electronic form is an active choice—consent is not inferred from non-response, pre-checked boxes, or user inactivity. Consent can also be verified in accordance with SAR (Section 5).
Consent to store and process personal data in the partnership register is received when a new partnership is signed or agreed upon in a discussion.
8. Children
According to GDPR, the age at which a child can give their own consent to processing is 16 years. Fiscal Oy does not primarily offer online services to children and does not process personal data of children under 16 years of age. If a child under 16 participates in Fiscal Oy’s activities, their data is stored only with the active permission of their guardian.
9. Data Breaches
Fiscal Oy closely monitors access rights, access statistics, and anomalies on the servers where our site and data are located. We are prepared to detect, report, and investigate personal data security breaches. Organizations storing high-risk data must notify the ICO (and possibly some other bodies) of a personal data security breach.
Fiscal Oy does not process data that would pose a risk to individual rights and freedoms—such as discrimination, reputational damage, significant financial loss, loss of confidentiality, or any other significant financial or social harm—processed data can be treated as low-risk data.
10. Privacy by Design and Privacy Impact Assessments
Although the data we process can be considered low-risk data, Fiscal Oy follows good design practices, adopts a privacy by design approach, and conducts Privacy Impact Assessments (PIA) as part of GDPR. Only required data is collected and appropriate security and privacy measures are implemented with relevant data usage practices.
11. Data Protection Officers
Fiscal Oy does not require an official Data Protection Officer under GDPR. However, Fiscal Oy also has responsibility for data protection compliance and the necessary knowledge, support, and authority to perform the role effectively.
12. Location
Fiscal Oy operates in Finland. Its management makes the most significant GDPR-related decisions.
