Privacy statement

PRIVACY STATEMENT 26 May 2020

Privacy statement in compliance with the Finnish Data Protection Act (1050/2018).

Controller

Salomaan Konepaja Oy (Business ID: 0194455-6) Lairolantie 1 24910 Halikko as, FINLAND Tel. +358 2 737 2300 lauri.salomaa@salomaankonepaja.fi

Party responsible for register matters

Customer service / Salomaan Konepaja Oy Lauri Salomaa Lairolantie 1 24910 Halikko as, FINLAND Tel. +358 2 737 2300 lauri.salomaa@salomaankonepaja.fi

Name of register

Salomaan Konepaja Oy’s customer register

The purpose and legal basis for the processing of personal data

The purpose of the processing of personal data is to manage and maintain customer relationships between Salomaan Konepaja Oy and its corporate customers and to perform marketing activities. The data saved in the register are used for direct marketing by Salomaan Konepaja Oy, unless the customer has objected to such use. The purchase and business details and location details saved in the register may also be used for profiling and targeted marketing and for making customer communication more interesting to the data subjects. Data are also processed when Salomaan Konepaja sends out its newsletter and during events and other marketing activities. Data are processed to secure the legitimate interest of the controller. If a data subject does not provide the information requested in the contact form, the controller cannot accept the data subject’s contact form or commit to the contract between the controller and the data subject concerning the form.

Retention period of personal data

Personal data collected through the contact form are stored until the tasks for which the data are needed have been completed. The retention period of other data depends on the information that has been collected. Under the Finnish Accounting Act, invoicing details shall be stored for six years. Data collected through the contact form are only stored if the data subject has provided their consent to do so.

Description of the group of data subjects and data content

The register contains personal data of the business customers of Salomaan Konepaja Oy. The data collected through Salomaan Konepaja Oy’s contact form may contain information such as the email address, telephone number or address of data subjects.

Regular sources of data

Data are provided by data subjects who have filled in the contact form or they may be collected from Salomaan Konepaja’s customer data system or invoicing database.

Regular destinations of disclosed data

As a rule, personal data are not disclosed to third parties. Personal data needed for accounting purposes are disclosed to the accounting firm used by Salomaan Konepaja Oy. Personal data may be disclosed to third parties, such as authorities, based on a contract between the customer and Salomaan Konepaja Oy, the customer relationship between the customer and Salomaan Konepaja Oy, or established legislation. Data are not transferred to countries outside the European Union or the European Economic Area.

Register security principles

Technical measures have been taken to secure the data. Physical access to the data has been prevented by means of access control and other security measures. Accessing the data requires sufficient access rights and multi-factor authentication. Unauthorized access has been prevented with firewalls and other technical measures. Only the data controller and designated technical representatives have access to the data stored in the register. Only designated individuals have the right to process and maintain the data saved in the register. These users are bound by a non-disclosure obligation. There is a secure back-up system in place for register data, and the back-ups can be used to restore data if necessary.

Rights of the data subject

  • The data subject has the right to review the data concerning them and to receive a copy of the data. The request for reviewing register data shall be made in writing and be addressed to the party responsible for register matters (see “Party responsible for register matters”).
  • The party responsible for register matters shall, on its own initiative or at the request of the data subject, rectify, erase or supplement personal data in its personal data register which is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing. Requests for correcting register data shall be made in writing and be addressed to the party responsible for register matters (see “Party responsible for register matters”).
  • Where the processing of personal data is based on the consent of the data subject, the data subject may withdraw their consent at any time. The withdrawal shall not affect the lawfulness of processing based on consent that took place before the withdrawal.
  • The data subject has the right to lodge a complaint with a supervisory authority concerning the processing of their personal data.

Cookies

Users may prevent the use of cookies by changing the cookie settings of their internet browser. This method refers to the simpler rules on cookies presented in this press release published by the European Commission.