This is H. Vesala Oy’s privacy policy in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Document is prepared on 14.04.2018. Last modified on 24.05.2018.
1. Data Controller
H. Vesala Oy, Peräsimentie 1, 03100 Nummela (Business ID 0200859-1)
Tel. +358 (0)44 200 2005
Email:
Internet: www.vesala.fi
2. Contact person responsible for the register
Janne Hirsimäki, , +358 44 200 2005
3. Name of the register
Customer, partnership and marketing register
4. Legal basis and purpose of processing personal data
The purpose of collecting and processing personal data is to maintain high-quality and reliable contact with customers, customer relationship management, marketing and other information.
The data is not used for automated decision-making or profiling.
5. Data content of the register
The data stored in the register are: company name, contact person’s name, position, company contact information (telephone number, email address, address), company business ID, website addresses, billing information, company industry, company creditworthiness, offer and purchase history and other information related to the customer relationship and ordered products.
The data is stored for five (5) years after the customer relationship or company’s operations have ended, after which the name data is anonymized but the information related to the company is retained.
6. Regular data sources
The data stored in the register is obtained from the customer, for example, from messages received via www forms, via email, telephone, social media contacts with the company, from contracts, customer meetings, trade fairs and other situations in which the customer provides their information. Personal data is received and processed by sales, marketing, financial administration and company management.
7. Regular disclosure of data and transfer of data outside the EU or EEA
Data is not routinely disclosed to other parties unless required by official actions. Data is not transferred by the controller outside the EU or EEA.
8. Principles of register protection
The register is handled with care and the data processed by information systems is appropriately protected with encryption technologies (SSL). When register data is stored on service providers’ Internet servers, the service provider is required to take appropriate care of the physical and digital security of their equipment. The controller ensures that the stored data, as well as the access rights to the servers and other information critical to the security of personal data, are handled confidentially and only by employees whose job description requires it.
9. Right to review and right to demand correction of data
Every person in the register has the right to review their data stored in the register and demand correction of any incorrect data or completion of incomplete data. If a person wishes to review the data stored about them or demand correction, the request must be sent in writing to the controller. If necessary, the controller may ask the person making the request to prove their identity. The controller will respond to the customer within the time period stipulated in the EU Data Protection Regulation (generally within one month).
10. Other rights related to the processing of personal data
A person in the register has the right to request that personal data concerning them be deleted from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as restriction of the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time period set out in the EU Data Protection Regulation (generally within one month).
