Privacy Statement

Data Controller

Noisy Stream Oy (Business ID: 1898267-1)
P.O. Box 1387
00101 Helsinki, Finland

Name of the Register

Customer and User Data Register of the Avaruus.net Service

Purpose and Legal Basis for Processing Personal Data

The processing of personal data is based on the performance of a contract between the controller and the data subject. Personal data are processed in connection with activities relating to customer relationships.

Personal data in the register may also be used for marketing purposes and for profiling in order to better target customer communications.

Data Content of the Register

The register may contain the following information about individuals registered as users of the Avaruus.net service:
- Name, address, telephone number and email address
- Identification details of any company or organisation with which the person acts as a contact person
- Personal identity number (for registrants of .FI domain names)
- Facebook ID and date of birth where social-media integrations are in use
- IP address, cookie data and other event-log data
- Information about marketing consents
- Any other information necessary for the purposes of the register

Regular Sources of Data

Personal data necessary for the provision of the service are provided by the user during registration and later via the service-management interface. Customer data may also be collected through telephone calls, meetings or other similar means.

Personal data may be collected and updated from public and private registers.

Regular Disclosures of Data

Personal data may be disclosed in the following cases:
- Information about holders of .FI domain names is disclosed to the Finnish Transport and Communications Agency (www.domain.fi).
- Information is disclosed to other domain-name registrars only if the user has given explicit consent.

Transfer of Data Outside the EU or EEA

Collected personal data are not transferred outside the EU or EEA without the user’s explicit consent.

Retention Period of Personal Data

Personal data are retained for at least the duration of the contractual relationship. After the relationship has ended, the retention period depends on the nature and purpose of the data. For example, customer data are retained for a maximum of two years.

Principles of Register Protection

Access to the register is restricted to personnel who process personal data. All data are treated as confidential. Each person with access to the data has signed a confidentiality agreement.

Personal data are stored in a database protected with strong password practices and other technical measures in accordance with industry standards. The register can only be accessed through a secure connection. Facilities and devices are physically secured.

Rights of the Data Subject

Data subjects have the right to access their personal data and to request the rectification or erasure of that data.

The data subject has the right to object to or request the restriction of processing and to lodge a complaint with the supervisory authority regarding the processing of personal data.