PRIVACY STATEMENT 26 May 2020
Privacy statement in compliance with the Finnish Data Protection Act (1050/2018).
ControllerSalomaan Konepaja Oy (Business ID: 0194455-6) Lairolantie 1 24910 Halikko as, FINLAND Tel. +358 2 737 2300 firstname.lastname@example.org
Party responsible for register mattersCustomer service / Salomaan Konepaja Oy Lauri Salomaa Lairolantie 1 24910 Halikko as, FINLAND Tel. +358 2 737 2300 email@example.com
Name of registerSalomaan Konepaja Oy’s customer register
The purpose and legal basis for the processing of personal dataThe purpose of the processing of personal data is to manage and maintain customer relationships between Salomaan Konepaja Oy and its corporate customers and to perform marketing activities. The data saved in the register are used for direct marketing by Salomaan Konepaja Oy, unless the customer has objected to such use. The purchase and business details and location details saved in the register may also be used for profiling and targeted marketing and for making customer communication more interesting to the data subjects. Data are also processed when Salomaan Konepaja sends out its newsletter and during events and other marketing activities. Data are processed to secure the legitimate interest of the controller. If a data subject does not provide the information requested in the contact form, the controller cannot accept the data subject’s contact form or commit to the contract between the controller and the data subject concerning the form.
Retention period of personal dataPersonal data collected through the contact form are stored until the tasks for which the data are needed have been completed. The retention period of other data depends on the information that has been collected. Under the Finnish Accounting Act, invoicing details shall be stored for six years. Data collected through the contact form are only stored if the data subject has provided their consent to do so.
Description of the group of data subjects and data contentThe register contains personal data of the business customers of Salomaan Konepaja Oy. The data collected through Salomaan Konepaja Oy’s contact form may contain information such as the email address, telephone number or address of data subjects.
Regular sources of dataData are provided by data subjects who have filled in the contact form or they may be collected from Salomaan Konepaja’s customer data system or invoicing database.
Regular destinations of disclosed dataAs a rule, personal data are not disclosed to third parties. Personal data needed for accounting purposes are disclosed to the accounting firm used by Salomaan Konepaja Oy. Personal data may be disclosed to third parties, such as authorities, based on a contract between the customer and Salomaan Konepaja Oy, the customer relationship between the customer and Salomaan Konepaja Oy, or established legislation. Data are not transferred to countries outside the European Union or the European Economic Area.
Register security principlesTechnical measures have been taken to secure the data. Physical access to the data has been prevented by means of access control and other security measures. Accessing the data requires sufficient access rights and multi-factor authentication. Unauthorized access has been prevented with firewalls and other technical measures. Only the data controller and designated technical representatives have access to the data stored in the register. Only designated individuals have the right to process and maintain the data saved in the register. These users are bound by a non-disclosure obligation. There is a secure back-up system in place for register data, and the back-ups can be used to restore data if necessary.
Rights of the data subject
- The data subject has the right to review the data concerning them and to receive a copy of the data. The request for reviewing register data shall be made in writing and be addressed to the party responsible for register matters (see “Party responsible for register matters”).
- The party responsible for register matters shall, on its own initiative or at the request of the data subject, rectify, erase or supplement personal data in its personal data register which is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing. Requests for correcting register data shall be made in writing and be addressed to the party responsible for register matters (see “Party responsible for register matters”).
- Where the processing of personal data is based on the consent of the data subject, the data subject may withdraw their consent at any time. The withdrawal shall not affect the lawfulness of processing based on consent that took place before the withdrawal.
- The data subject has the right to lodge a complaint with a supervisory authority concerning the processing of their personal data.