Information security statement
In this information security statement, we outline the types of data we may collect from you as you order our services or contact the Kontino Group, and detail the purposes for which such information may be used.
We may amend this information security statement at times by publishing an updated version of the statement at www.kontino.fi. The currently valid version of the statement is also available at our visiting address: Hakintie 6–8, 01300 Vantaa.
Contact person in matters concerning the processing of personal data:
Oy Kontino Ab
PURPOSE OF THE REGISTER
The register is used for managing and developing customer relationships, for the provision and development of our services and for communication and invoicing purposes relating to our services, events and products. New contacts including personal data are added to the register as required for the provision of our services, such as upon receiving requests for quotes or upon presenting quotes to customers. Furthermore, we will process the personal data of potential customers who have provided us with either spoken or written consent for the processing of such data.
As a result of the collecting and processing of personal data, we may also send you personalised marketing content and customer communications. We will only send these messages to persons who have indicated their consent for receiving such messages. You may unsubscribe to these messages at any time, and the instructions for doing so are provided in each message we send.
As a general rule, we store all our contacts and their personal data in our customer and marketing register. We do this in order to carry out our obligations relating to customer relationships, in preparation for possible future contacts and to ensure a high-quality service. If you would like us to amend or remove any personal information concerning you in our customer register, please contact: email@example.com. Inspection requests concerning personal data may also be sent to this address.
INFORMATION STORED IN THE REGISTER:
We process our customers’ and potential customers’ contact details in our customer and marketing register.
We collect the following details for contacts added to the register:
- Position within the company/job title
- Telephone and/or mobile phone number
- Company represented by the contact
- Address details
- E-mail address
- Quotes, projects, classifications, events and memorandums attached to the contact
- E-mail messages sent to the contact via the ERP system
REGULAR DATA SOURCES
Personal data stored in the register is regularly collected from the data subject upon the establishing of a customer relationship and based on orders and notices provided by the customer during the relationship. A customer relationship is established when a customer orders a product or a service provided by Kontino.
Personal data may be collected and updated from other registers belonging to the data controller and other companies in the same group, from the population register, credit registers, public or private contact detail registers and other similar public or private information service providers’ registers and information sources as well as from the data controller’s business partners.
Information on potential corporate clients may be collected and updated using public or private information service providers’ registers and information sources, company indexes and the data controller’s business partners.
Details for a potential corporate client may also be recorded in the information system when:
- the customer has expressed an interest in the data controller’s products or services: (via telephone, online, via e-mail or in some similar manner)
- the customer has given its consent for electronic direct marketing (e.g. electronic newsletter or offers)
- the customer participates in client events held by the data controller
TRANSFER AND HAND-OVER OF DATA OUTSIDE OF THE EU OR THE ETA
Personal data may only be handed over for a justified purpose. Currently valid data protection regulations are applied to the handing over of personal data.
Data is handed over to partners and subcontractors participating in the provision of services, including telecommunications and e-mail service providers and parties participating in marketing operations. A contract on the processing of personal data has been entered into with each partner and subcontractor, obligating both parties to comply with the requirements and obligations set out in the GDPR and to ensure sufficient personal data protection and privacy.
We may also hand over data to the authorities or other parties in a manner based on currently valid legislation. Data may also be handed over to third parties as part of a potential corporate acquisition, merger, outsourcing or asset deal or in the case of a group relationship or some other merger to the parties of such merger.
Data will not be transferred outside of the EU or the ETA.
The register is protected against unauthorised use. The register is username and password protected. All users of the register have a duty of confidentiality. Only employees whose work tasks require the processing of the recorded data have access to the register. All employees have a duty of non-disclosure.
RIGHTS OF THE DATA SUBJECT
In adherence to section 26 of the Personal Data Act, the data subject has the right to inspect any information stored on them in the register and to request that any erroneous data be rectified. The data subject has the right to restrict the processing of the personal data and to file a complaint with the regulatory authorities. The data subject has the right to prohibit the use of their data for purposes of electronic direct marketing. The data subject has the right to request that their data be removed from the register in case its processing is no longer necessary. After processing requests for removal, we will either remove the requested information or provide justified grounds for why the information in question cannot be removed from the register. If you wish to inspect your own personal data stored in the register, please contact firstname.lastname@example.org via e-mail and we will send you a copy of your data being processed and this information security statement.
OTHER DATA SUBJECT RIGHTS
Any erroneous, unnecessary, incomplete or outdated information observed in the register may also be rectified/removed by data subjects themselves. The data controller uses the data stored in the register as a tool for HR management as well as for drafting various reports, plans and statistics. Information pertaining to the individual is not processed for these purposes.
Updated 31 August 2018