This is the data protection description of Efetto Ltd (trade name Thinking Time Coach), company number 1620395-3, based on Law of Data Protection (1050/2018) and EU’s GDPR regulations.

Date: 11.4.2023

Summary of Efetto Ltd’s general data protection procedures

Personal data is

• processed lawfully, fairly and in a transparent manner in relation to the data subject;

• collected and processed for a specific and lawful purpose;

• collected only to the amount necessary with regard to the purpose of the processing;

• updated when required ‒ inaccurate personal data is erased or rectified without delay;

• kept in a form which only permits the identification of data subjects for as long as is necessary for the purposes of processing the personal data; and

• processed confidentially and securely.

1. DATA REGISTER HOLDER

Efetto Ltd, Trade name Thinking Time Coach
Company number: 1620395-3
Address: Lars Sonckin tie 3 A, 00570 Helsinki, Finland
Contact person: Managing Director Pirjo Puhakka
Phone:+ 358 040 735 7252
email: pirjo.puhakka@thinkingtime.fi
Company web-pate: www.thinkingtime.fi

2. DATA PROTECTION REPRESENTATIVE

Name: Pirjo Puhakka
Phone: +358 040 735 7252
email: pirjo.puhakka@thinkingtime.fi

3. DATA REGISTER

Name of the data register: Efetto Ltd’s client register

4. RECORD OF PROCESSING ACTIVIES

The basis of processing data as required in EU General Data Protection Regulation is:

• the agreement with the company/person

The purpose of processing personal data is

• keeping contact with clients

• logging professional experience hours for coaching related professional accreditations

The data is not used for automatic decision making nor profiling.

5. DESCRIPTION OF DATA CATEGORIES

The data collected for the register mentioned in paragraph 3 can be as follows: name of the company/organization, name of the contact person, email addresses, phone numbers, address, information about the services ordered, invoicing information, other information related to client relationship and the services ordered.

6. GATHERING DATA

The sources for registered data can be as follows: emails, phone calls, contracts, client meetings and other situations where the client gives their data.

7. data storage time

Client data is stored in maximum for 10 years.

8. TRANSFERRING DATA OUTSIDE EU OR EUROPEAN ECONOMIC AREA COUNTRIES

The data is not transferred to outsiders without the consent of the client or required by the law.

The data is not transferred outside of EU or European Economic Area without the consent of the client. When the register holder uses general computer programmes such as Microsoft programmes, data can transfer outside EU or European Economic Area. The data is then protected accoding to EU GDPR regulations by the programme suppliers.

9. PRINCIPLES OF DATA PROTECTION

The data is processed carefully and protected. When data is kept in Internet based servers, the physical and digital data protection is taken care of. The register holder will make sure that the data is processed confidentially and securely.

10. RIGHTS OF THE DATA SUBJECT

The data subject has the rights set in the EU GDPR, such as

• to obtain information on the processing of their personal data

• to rectification of their data

• to the erasure of their data and to be forgotten

• to restrict the processing of their data

• to object to the processing of their data.

The requests are to be sent to the Data protection representative mentioned in paragraph 2.