PRIVACY POLICY

Personal Data Act (523/1999) § 10 and § 24
Date of publication: 13 March 2019

Controller

Vihdin Kuumasinkitys Oy Vaateritie 12 03250 Ojakkala tel: 050-342 9311 Business ID: FI27734565 Registered location: Vihti
The person in charge of the register Risto Sirviö Vaateritie 12 03250 Ojakkala tel: 050-342 9312 risto.sirvio@vihdinkuumasinkitys.fi

Name of the register

Netvisor Customer Card and Netvisor Sales Ledger: Vihdin Kuumasinkitys Oy’s customer register (companies and company contacts)

Purpose of the register

The customer register is used and personal data is processed within the limits permitted and required by the Personal Data Act for the purposes of customer relationship management, management and development, analysis and statistics. The customer data contained in the register is used for the controller’s marketing, collecting customer feedback, market research, statistics and marketing competitions.

The register contains the following information
The register contains contact details of customers. The register contains the following information:

• customer name
• address
• phone number
• e-mail address
• customer-related information
• other information provided by the data subject

Data sources

Customer information is collected from public and private registers, company websites. Regular disclosures and transfers of data outside the EU or the European Economic Area

The controller does not disclose customer data to third parties outside the company and the data is not transferred outside the EU or the European Economic Area. However, data may be disclosed occasionally in accordance with Finnish law.

Protection of the register

Electronically stored data:

The information is collected in databases protected by firewalls, passwords and other technical means. The databases and their backups are located in locked rooms and are accessible only to pre-designated persons. The electronically stored data have limited access rights, protected by a username and password. Personal data will be kept for as long as necessary for the purpose for which it is used, taking into account the retention periods required by law, such as consumer protection, accounting and prepayment laws.

Right of access to the register and updating of data

Based on the Personal Data Act, the data subject has the right to check, correct and delete data concerning him or her from the personal register. A written and signed request for inspection, correction or deletion should be sent to the contact person responsible for the register. Data subjects have the right to object to the disclosure and processing of their data for the purposes of direct marketing, distance selling and other direct marketing, market research and public opinion polling. Such a prohibition should be addressed to the contact person responsible for the register. In accordance with the GDPR (as of 25 May 2018), data subjects have the right to object to or request restriction of the processing of their data and to lodge a complaint with the supervisory authorities about the processing of their personal data.