Privacy Statement of the customer register of Tiivistekeskus
In this document, we are giving information to you, the data subject, about the processing of your data and the rights of the data subject, in accordance with the EU General Data Protection Regulation.
Controller
The controller of the customer register is Tiivistekeskus Oy (Business ID: 0930921-5).
The contact person in matters related to the filing system is:
Jussi Rieppo, Quality Manager
Tiivistekeskus Oy
Address: Mäkituvantie 5, 01510 Vantaa
Phone: +385 (0)40 860 9261
E-mail: jussi.rieppo@tiivistekeskus.fi
Name of the filing system
The name of the filing system is Tiivistekeskus Oy´s customer register.
Purposes of processing personal data
Personal data is processed for purposes relating to the administering, management and developing of customer relationships, offering, selling and delivering services and products, and development and invoicing of services and products. Personal data is also processed for purposes of handling notices of defects and other claims.
In addition, personal data is processed for the purposes of customer communications, such as announcements and news reporting, and marketing, including direct marketing and electronic direct marketing.
The customer has the right to forbid direct marketing targeted at them.
The controller processes the data by itself and it uses subcontractors that operate on the controller’s behalf and in its name to process the personal data.
Legal bases for the processing of personal data
Pursuant to EU’s General Data Protection Regulation (hereinafter also the “GDPR”), the legal bases for the processing of personal data are the following:
(a) the data subject has given their consent to the processing of their personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
The above mentioned legitimate interest pursued by the controller is based on a relevant and appropriate relationship between the data subject and the controller resulting from situations such as where the data subject is a client or a potential client of the controller, and where the data subject can at the time and in the context of the collection of the personal data reasonably expect that processing for that purpose may take place.
Data content of the filing system (personal data groups being processed)
The filing system contains the following personal data of the data subjects:
(a) basic information and contact information: first name, last name, phone number, e-mail address;
(b) information relating to the data subject’s company or other organization and position or title in the company or organization in question;
(c) direct marketing permissions and prohibitions.
Regular sources of information
Personal data is collected from the data subject.
Storage period of personal data
By default, we retain information related to the order of a product or service for 20 years from the moment the order is processed.
The basic information of the contact persons provided by the customer company, stored in the customer company’s data, is retained for the duration of the customer relationship. After the customer account is closed, the basic information of the customer’s contact persons is retained in the system for five years.
User IDs of the users of the data controller’s online store are deleted upon request from the customer’s company. For orders made with online store IDs, the aforementioned order information retention periods apply.
Information from the customer account opening form, the online store registration form, and the contact form is retained for two years from the moment the form is received.
Personal data used for customer communication (e.g., newsletters, event invitations, etc.) is removed from the marketing list when the customer account is closed, the person unsubscribes from the newsletter, or if the email address is no longer in use.
The recipients of personal data (categories of recipients) and regular disclosure of data
Data is not disclosed to third parties.
The controller is using data processors Digia Oyj and M-Files Corporation to process personal data for the purpose of ICT services.
Transfer of data outside EU or EEA area
The data included in the filing system is transferred outside EU or EEA. [When transferring personal data outside the EU or EEA, the controller follows the model contract clauses adopted by the European Commission regarding transfer of personal data to third countries. A copy of them is available by contacting the person referred to in Section 1.
Security principles of the filing system
All the information containing personal data is electric and the database containing personal data is on a server which is kept in locked premises to which entry is granted only to appointed and authorized persons for carrying out their work assignments. The server is protected by an appropriate firewall and technical security.
All databases and information systems are accessible only with individual and personal login information (username and password). The user rights and authorizations to the information systems and other data carriers are restricted by the controller, so that the information can only be viewed and processed by persons who are legally admitted and required to do so. In addition, all interactions on the databases and systems are registered to the log data of the controller’s IT system.
The employees of and other personnel of the controller have committed to comply with professional secrecy and concealment regarding the information received in connection with processing of personal data.
Rights of the data subject
Pursuant to the GDPR, the data subject has the following rights:
(a) the right to obtain confirmation as to whether or not personal data concerning the data subject is being processed by the controller, and where that is the case, access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipient to whom the personal data has been or will be disclosed; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where the personal data is not collected from the data subject, any available information as to its source. This form is used to give the data subject the basic information described in (i)–(vii);
(b) the right to withdraw their consent at any time without it affecting the lawfulness of processing based on consent before its withdrawal;
(c) the right to obtain from the controller without undue delay the rectification of inaccurate and erroneous personal data concerning them and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement;
(d) the right to obtain from the controller the erasure of personal data concerning them without undue delay, provided that (i) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) the data subject withdraws the consent on which the processing is based, and where there is no other legal ground for the processing; (iii) the data subject objects to the processing on grounds relating to a particular personal situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes; (iv) the personal data has been unlawfully processed; or (v) the personal data has to be erased for compliance with a legal obligation in Union or national law to which the controller is subject;
(e) the right to obtain from the controller restriction of processing, where (i) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims; or (iv) the data subject has objected to processing on grounds relating to a particular personal situation pending the verification whether the legitimate grounds of the controller override those of the data subject;
(f) the right to receive the personal data that has been provided to the controller, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent meant in the regulation and the processing is carried out by automated means;
(g) the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data infringes the GDPR.
Requests concerning the data subject’s rights shall be addressed to the contact person of the controller referred to in Section 1.
User Privacy, Third-Party Software Used in the Web Service, Data Stored in the Browser, and Cookies
Users can freely browse Tiivistekeskus Oy’s websites, https://tiivistekeskus.fi/ and https://eshop.tiivistekeskus.fi/fi/, on a computer or a similar device. Tiivistekeskus Oy complies with current legislation and protects the privacy of individuals visiting its website in accordance with regulations.
Implementation of the Online Service
Joomla
Joomla is an e-commerce and content management system used to maintain and present website content to the user. The software is essential for the service’s implementation. Joomla does not automatically store personal data about the site’s users, but information can be stored during user registration or order processing. More information on this can be found in the register description above. The software may use first-party cookies to implement technical functionalities, such as admin logins, displaying messages to users in the web service, and remembering the shopping cart.
WordPress
WordPress is an e-commerce and content management system used to maintain and present website content to the user. The software is essential for the service’s implementation. WordPress does not automatically store personal data about the site’s users, but information can be stored during user registration or order processing. More information on this can be found in the register description above. The software may use first-party cookies to implement technical functionalities, such as admin logins, displaying messages to users in the web service, and remembering the shopping cart.
Google Tag Manager
Google Tag Manager is used to manage third-party software, codes, and tracking pixels loaded on the site. Google Tag Manager does not store any information about the site user itself, nor does it store anything on the user’s device other than data related to the site’s technical functions. For example, it manages which software you have accepted in the site settings. More information: Google Tag Manager Help
Service development and analyzing based on on Tiivistekeskus Oy’s justified interest
Google Analytics
Google Analytics is software used for website usage statistics and improving user experience. It stores various data about site usage. This data is associated with an anonymous ClientID stored on the user’s device (first-party cookie). This identifier helps to track frequent visitors to the site. Additionally, the software stores data such as the device’s IP address, pages loaded on the site and their frequency, the device used to view the site, and the service from which the user came to the site. For logged-in users, a numerical User-ID is also stored to track company-specific service usage. The software is used to monitor, maintain, and develop the website’s performance and operation, measure content usage statistics, and assess marketing communication impacts. More information: Google Analytics Cookie Usage
Content personalization and advertising targeting based on user consent
By consenting to advertising retargeting and sharing site usage data, you accept the use of the following software on the site and how it uses this data. You can influence targeted advertising and personalization generally online at Your Online Choices and Network Advertising Initiative. You can give or withdraw your consent at any time in the tracking settings.
Google Analytics Advertising Features
Google Analytics advertising features allow ad targeting based on the content you browse. Information about the pages you browse is also sent to the Double Click service server. This information can affect what content or ads you see online and enables ads to be shown to you when you have left the site. These features also allow, for example, the reporting of users’ demographic information in service usage reports. Third-party cookies and the browser’s advertising identifier are used to transmit data for advertising targeting in other services. More information: Google Ads Policies
Facebook Custom Audience & Connect
Facebook advertising software is used to retarget advertising to users based on interactions in the web service. The software helps to track the effectiveness of Facebook advertising. It stores the user’s anonymized Facebook identifier, IP address, and information about site usage. The software uses third-party cookies. More information: Facebook Cookie Policy and Facebook GDPR
You can change your consent or oppose the use of different software on the site in the tracking settings.
