This is a combined customer register description and information document for Ductor Oy’s customers, potential customers and webite users in accordance with Sections 10 and 24 of the Personal Data Act (523/1999) and Sections 12 and 13 of the EU General Data Protection Regulation (679/2016).
Business ID: FI22516868
Viikinkaari 4, 00790 Helsinki
Contact person: Minna Leppikorpi, +358 40 849 5000
2. Data subjects
• Contact Register (customer contacts and partners)
• Potential customers
• Website users
3. Purpose and justification for processing personal data
|Data subjects||Purpose of processing||Justification for processing|
|Contact register||Enabling and maintaining contact with customers as required by customer service||The legitimate interests pursued by the controller|
|Potential customers and website users||Contact requests via the website||The legitimate interests pursued by the controller|
4. Information to be stored in the register
The following information can be stored in the register:
|Data||Contact||Potential customer / Website user||Intended use|
|Name||v||v||Personalization / communication|
|Title||v||v||Customer relationship management, Marketing|
5. Duration of processing
As a rule, personal data is processed as long as the customer agreement is valid and we require the data to manage the agreement. We record the data as we get it from the data subject and update it according to what the data subject informs the controller.
Contacts via the website will be updated as necessary to register information.
We update our contact register regularly and delete outdated and unnecessary personal data immediately according to new personal data notices.
6. Your rights
You have the following rights for which requests for use should be made to: firstname.lastname@example.org
Right of access
You have the right to check the personal data we have stored. If you notice any inaccuracies or omissions in your data, you can ask us to correct or complete the information correctly.
Right to object
You have the right at any time to object to the processing of your personal data if you feel that we have processed your personal data illegally or that we are not entitled to process some of your personal data.
Direct marketing ban
You have the right at any time to forbid us from using your data for direct marketing. We never sell or otherwise disclose your personal data to other parties so that they may target direct marketing to you.
Right to erasure
If you feel that processing of some of your data is not necessary for our tasks, you have the right to request us to remove this data. We will process your request after which we will either delete your data or give you a justified reason why we can not delete the data. If you disagree with our decision, you have the right to file a complaint with the Data Protection Ombudsman (instructions for filing a complaint). You also have the right to demand that we restrict the processing of the disputed data until the matter is resolved.
Right of appeal
You have the right to file a complaint with the Data Protection Ombudsman if you feel that we are in violation of your personal data when we deal with existing data protection legislation.
7. Regular sources of information
Potential customers’ information is obtained with consent from him/her in connection with a website visit, or in connection with other personal or digital interaction.
8. Data disclosure
Personal data shall be disclosed only with the consent of the data subject or in accordance with the law in force. If the data subject has given his / her consent, personal data may be passed on carefully to selected service providers and partners.
Information will not be disclosed for marketing purposes outside Ductor Oy.
The ownership of the data is not transferred from the controller to a third party, nor does a third party have the right to use the information more extensively than the mandate.
9. Transfer of data outside the EU
Personal data may be transferred outside the European Union and the European Economic Area only on the grounds required by data protection legislation, for example when the service provider handles personal data on behalf of the controller.
10. Principles of register protection
We use the following safeguards to ensure the security of your data.
– Entering the system requires entering a username and password. The system is also protected by firewalls and other technical means.
– Only certain pre-determined employees of the register controller are authorized to have access to and use the data stored in the system.
– The use of the register is protected by user-specific passwords, passwords and access rights.
– The data contained in the register is located in locked and guarded spaces.
– Files in paper form are stored securely.