Privacy policy

This is the privacy policy of the company Rakennustuote Ristimäki Oy, in accordance with Sections 10 and 24 of the Personal Data Act (523/1999) and the General Data Protection Regulation (EU) 2016/679 (GDPR). (Note: the Personal Data Act was repealed by the Data Protection Act (1050/2018), which came into force on 1 January 2019). Written on 1 July 2021.

By using our website, you consent to the processing of your personal data in accordance with this privacy statement. We will update the privacy statement as necessary, and the latest version will always be available on our website. Continued use of our website after the update is considered acceptance of the changed terms.

Controller

Rakennustuote Ristimäki Oy, Teollisuustie 7, FI-15540 Lahti

+358 40 062 5248

ristimaki@rtristimaki.fi

www.rakennustuoteristimaki.fi

Business ID: 0687827-9

Contact person for the register

Teemu Valjento, Managing Director, +358 40 062 5248, ristimaki@rtristimaki.fi

The company does not have a separate data protection officer.

Name of the register

Rakennustuote Ristimäki Oy’s customer and marketing register

Purpose of the processing of personal data

Personal data is used for various purposes in accordance with the Data Protection Act (1050/2018), such as:

  • providing, selling and invoicing services that have been ordered
  • marketing products and services, and developing services
  • customer relationship management and partnership agreements

Data content of the register

The register is intended for storing the following types of personal data:

  • The individual customer’s first name, surname, email address and telephone number and, if applicable, their address, postcode and post office
  • In addition to the corporate customer, the person’s position in the company and the company’s contact information (address, email address, telephone number)
  • Publicly available classification information and information on marketing authorisations and prohibitions
  • Classification information provided by the individuals concerned themselves, or information collected with the consent of the customer
  • IP address information or other identifier
  • Data collected through cookies
  • Ordering, invoicing and delivery information
  • Customer feedback information
  • Information collected from our online service and social media channels

Regular sources of information

The information stored in the register is obtained from the customer by various means and in various forms, such as messages and other correspondence sent via online forms, by email, by telephone, contracts, and through customer meetings and other situations in which the customer discloses their personal data.

Regular disclosure of data, and transfers of data outside the EU or the EEA

We disclose personal data to the extent permitted and required by applicable law.
For direct marketing purposes in accordance with section 19 of the Personal Data Act.
For public opinion research, market research and similar studies.

To serve our customers as well as possible, we may disclose personal data to companies, subcontractors and partners in our network that will process the data only within the limits required for providing the service. Our partners do not use such data for other purposes, and do not disclose it to any third parties.

Personal data can also be disclosed outside the EU and the EEA to the extent necessary for certain purposes, such as the performance of technical maintenance and processing of the data by a subcontractor of ours.

Registry security principles

The register will be handled with due care, and all the information processed by the data systems will be adequately protected. When registers are used on internet servers, adequate physical and digital security of the required hardware will be ensured. The controller will ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, is processed confidentially and only by those employees who are required to do so in the course of their specific duties.

Data storage

We retain personal data for as long as is necessary to fulfil the purposes of the register. In addition, some data may be retained for longer to the extent necessary to fulfil statutory obligations, such as those related to accounting and consumer trade.

Cookies

To enable us to offer the most user-friendly and high-quality service possible, out online services make use of cookies, i.e. browser-based blocks of data placed on the site user’s computer or mobile device.

We use Google Analytics software on our website to track user activity on the site. This software provides us with information on factors such as the particular content of our website that each user finds interesting, the amount of time they spend time on the website, and the keywords used to reach our website. The data collected in this manner is anonymous – we do not obtain any personal data about the website users. Website visitors can choose to restrict or prohibit the use of cookies in their browser.

Right of inspection and right to request correction or deletion of personal data

Everyone whose personal data is contained in the register has the right to:

  • check the data belonging to them that is stored in the register
  • demand the correction of any incorrect data concerning them and/or the completion of any incomplete personal data
  • demand the removal of their personal data from the register (‘the right to be forgotten’)
  • other rights under the GDPR, such as restrictions on the processing of personal data in certain situations.

If a person wishes to inspect data about them that has been collected and stored, or wishes to demand that any such data be corrected, the request must be sent in writing to the controller. If necessary, the controller may ask the individual making the request to provide proof of identity. Under the GDPR, the controller must respond to the person making the request without undue delay, and as a rule within one month of the request being made.

We will delete, correct or supplement inaccurate or unnecessary data for processing on our own initiative or at the request of the person concerned.