By using our website, you consent to the processing of your personal data in accordance with this privacy statement. We will update the privacy statement as necessary, and the latest version will always be available on our website. Continued use of our website after the update is considered acceptance of the changed terms.
Rakennustuote Ristimäki Oy, Teollisuustie 7, FI-15540 Lahti
+358 40 062 firstname.lastname@example.org
Business ID: 0687827-9
Contact person for the register
Teemu Valjento, Managing Director, +358 40 062 5248, email@example.com
The company does not have a separate data protection officer.
Name of the register
Rakennustuote Ristimäki Oy’s customer and marketing register
Purpose of the processing of personal data
Personal data is used for various purposes in accordance with the Data Protection Act (1050/2018), such as:
- providing, selling and invoicing services that have been ordered
- marketing products and services, and developing services
- customer relationship management and partnership agreements
Data content of the register
The register is intended for storing the following types of personal data:
- The individual customer’s first name, surname, email address and telephone number and, if applicable, their address, postcode and post office
- In addition to the corporate customer, the person’s position in the company and the company’s contact information (address, email address, telephone number)
- Publicly available classification information and information on marketing authorisations and prohibitions
- Classification information provided by the individuals concerned themselves, or information collected with the consent of the customer
- IP address information or other identifier
- Data collected through cookies
- Ordering, invoicing and delivery information
- Customer feedback information
- Information collected from our online service and social media channels
Regular sources of information
The information stored in the register is obtained from the customer by various means and in various forms, such as messages and other correspondence sent via online forms, by email, by telephone, contracts, and through customer meetings and other situations in which the customer discloses their personal data.
Regular disclosure of data, and transfers of data outside the EU or the EEA
We disclose personal data to the extent permitted and required by applicable law.
For direct marketing purposes in accordance with section 19 of the Personal Data Act.
For public opinion research, market research and similar studies.
To serve our customers as well as possible, we may disclose personal data to companies, subcontractors and partners in our network that will process the data only within the limits required for providing the service. Our partners do not use such data for other purposes, and do not disclose it to any third parties.
Personal data can also be disclosed outside the EU and the EEA to the extent necessary for certain purposes, such as the performance of technical maintenance and processing of the data by a subcontractor of ours.
Registry security principles
The register will be handled with due care, and all the information processed by the data systems will be adequately protected. When registers are used on internet servers, adequate physical and digital security of the required hardware will be ensured. The controller will ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, is processed confidentially and only by those employees who are required to do so in the course of their specific duties.
We retain personal data for as long as is necessary to fulfil the purposes of the register. In addition, some data may be retained for longer to the extent necessary to fulfil statutory obligations, such as those related to accounting and consumer trade.
Right of inspection and right to request correction or deletion of personal data
Everyone whose personal data is contained in the register has the right to:
- check the data belonging to them that is stored in the register
- demand the correction of any incorrect data concerning them and/or the completion of any incomplete personal data
- demand the removal of their personal data from the register (‘the right to be forgotten’)
- other rights under the GDPR, such as restrictions on the processing of personal data in certain situations.
If a person wishes to inspect data about them that has been collected and stored, or wishes to demand that any such data be corrected, the request must be sent in writing to the controller. If necessary, the controller may ask the individual making the request to provide proof of identity. Under the GDPR, the controller must respond to the person making the request without undue delay, and as a rule within one month of the request being made.
We will delete, correct or supplement inaccurate or unnecessary data for processing on our own initiative or at the request of the person concerned.