Privacy Policy

Issued: 1.4.2025

1. Data Controller

Company: –
Business ID: –
Address: –
Postal Code: –
City: –
Email Address: –

2. Person Handling Data and Data Protection Officer

Company: –
Name: –
Address: –
Postal Code: –
City: –
Email Address: –

3. Name of the Register

Customer and Marketing Register

4. Legal Basis and Purpose of Personal Data Processing

Personal data processing is based on a customer or contractual relationship, other legitimate grounds, or the explicit consent of the data subject.

Personal data may be processed for the fulfillment of contractual or legal obligations, communication with the data subject and other parties necessary to manage the contractual relationship, sending newsletters, informing, marketing products and services, conducting market analyses, and developing operations.

5. Content of the Register

The following data may be recorded about the data subject: name, necessary contact details such as address, phone number, and email address, business ID, position in the organization, date of birth or personal identification number, information about products and services ordered by the customer and their delivery and billing, communications, comments, and materials between the data controller and the data subject or other parties necessary to manage the contractual relationship, consents, prohibitions, and customer feedback.

Technical data may be collected from the use of online services, such as IP address, location (country or city), used online services, device and operating system information, browser type, and external websites from which the user arrived or to which the user navigates from the data controller’s online service.

Data may also be collected through cookies on the data controller’s website.

6. Sources of Data

The data stored in the register is collected from the data subject, from the data subject’s use of online and electronic services, from third-party analytical services such as Google Analytics, from public sources, or from public contact information service providers.

7.  Disclosures of Data

Personal data is not, in general, disclosed to external parties. However, disclosure may be possible for justified purposes

8. Transfer of Data Outside the EU or EEA

Personal data is not in general transferred outside the EU or EEA. If data is transferred, the data controller ensures an adequate level of protection for personal data, including agreements regarding confidentiality and processing in accordance with the law.

9. Principles of Register Protection

MANUAL DATA
Manual data is stored in a locked space and is destroyed when it has been converted into an electronic format.

ELECTRONIC DATA
Electronic data is stored securely on the data controller’s premises on a computer or recording device, or securely on an external server or service.

Only those employees of the data controller who need the information to perform their job duties are authorized to process personal data.

Register data is protected from external access using technical solutions and applications.

Confidential information, such as bank and credit card data, is transmitted using an SSL-protected connection.

Register data is regularly backed up, and the possibility of restoring backup data is tested.

The data controller will notify authorities or the user of potential security breaches in accordance with applicable legislation.

10. Right to Inspect

Everyone generally has the right to inspect the personal data stored about them in the register.

Inspection requests should be directed to the data controller’s contact person using the contact details above and must be submitted in writing, signed by the data subject.

11. Right to Request Correction or Deletion of Data

Everyone has the right to request the correction or deletion of incorrect data in the personal register.

Requests should be directed to the data controller’s contact person using the contact details above and must be submitted in writing, signed by the data subject.

12. Other Rights Related to Personal Data Processing

The data subject has the right to request that their data be transferred electronically to another service provider.

The data subject has the right to withdraw consent given for the processing of personal data.

The data subject has the right to prohibit the use of their data for remote sales, other direct marketing, as well as market and opinion research.

The data subject’s request, consent withdrawal, or prohibition should be directed to the data controller’s contact person using the contact details above and must be submitted in writing, signed by the data subject.

The marketing register data is kept indefinitely.

The data controller keeps other personal data of the data subjects in accordance with the applicable legislation and only for as long as necessary for the purposes described in this privacy policy.

Data may be retained due to accounting or other mandatory legal requirements in accordance with the provisions of the respective law, even after the customer relationship or other basis for processing personal data has ended.

A visitor to the data controller’s website can clear or block cookies from their browser or device settings, which may affect the website’s user experience or cause malfunctions.

The data subject has the right to oppose the processing of their personal data, request restrictions on processing, and file a complaint with the data protection authority at www.tietosuoja.fi.