Privacy policy

Customer and marketing register

 

20180516

 

Privacy policy

 

Register and Data Protection Statement in accordance with Sections 10 and 24 of the Personal Data Act (523/1999) and the EU General Data Protection Regulation (GDPR). Drawn up on May 16, 2018. Last modified on May 20, 2018.

 

  1. Data Controller

 

Mecastep Oy, Latojantie 1 15270 Lahti

 

  1. Contact person for the register

 

Kari Vuorimaa, Latojantie 1 15270 Lahti

 

  1. Name of the register

 

Mecastep Oy’s customer and marketing register (company and their contact persons)

 

  1. Legal basis and purpose of the processing of personal data

 

The legal basis for the processing of personal data under the EU General Data Protection Regulation is

 

– consent of the person (documented, voluntary, individualised, informed and unambiguous)

 

– an agreement to which the data subject is a party

 

– legitimate interest of the data controller (customer relationship)

 

The purpose of the processing of personal data is to manage the relationship based on customer and business relationship, and to manage, administer and develop marketing, advertising and / or direct marketing.

 

The data is not used for automated decision making or profiling.

 

  1. Data content of the register

 

The data to be stored in the register is: name, email address, telephone number, company and position, company address, direct marketing authorisations and prohibitions, customer communication or direct marketing measures targeted at the data subject and how the data subject has used them, information on the services ordered by the customer, their delivery and invoicing, customer service and other relevant contact and communication in various channels and media (e.g. complaints and other feedback as well as recordings of customer service calls).

 

The data will be deleted within five years of the end of the customer relationship (customers) or within five years of the end of the use of the data (potential customers).

 

  1. Regular sources of information

 

The register is compiled from Mecastep Oy’s customers, leads, newsletter subscribers and possibly publicly available internet sources, tools, public or private registers or from the data subject themselves when filling in the website form.

 

  1. Regular transfers of data and transfers of data outside the EU or the EEA

 

The information is not regularly disclosed to other parties.

 

Data may also be transferred by the data controller outside the EU or the EEA. Mecastep Oy uses the US MailChimp email service for newsletter communications, in which case personal data is transferred outside the European Union. However, personal data is protected as required by the Personal Data Act.

 

  1. Principles of register protection

 

Personal information will be kept confidential. The information contained in the register is stored in the data controller’s electronic, password-protected system, and access shall be restricted to those specific, pre-defined persons working for or on behalf of the data controller who need access to the system for work or other similar reasons. Mecastep Oy’s information network and the equipment on which the register is located are protected by a firewall and other necessary technical measures. Persons handling register data are subject to the obligation of confidentiality.

 

  1. Right of inspection and right to request correction of information

 

Every person in the register has the right to check the personal information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check the data stored about him or her or request a correction, the request must be sent in writing to the data controller. If necessary, the data controller may ask the person making the request to prove his or her identity. The data controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).

 

  1. Other rights related to the processing of personal data

 

A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the data controller. If necessary, the data controller may ask the person making the request to prove his or her identity. The data controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).

 

  1. Web analytics

 

This website uses Google Analytics, provided by Google Inc. (hereinafter ”Google”) for web analytics. The web analytics program javascript code is run on the service with each page load.

 

Google Analytics identifies the user with cookies, which are text files stored by your browser on your computer. The user information collected by cookies is anonymous, i.e. the visitor cannot be identified by cookies alone. However, the information obtained through cookies may be linked to information obtained from the user in another context, for example when the user fills in a form on our website.

 

The user can block the use of cookies by selecting blocking cookies in their browser settings. In this case, the user may not be able to use all the functionalities of the site. By using this website, you consent to the collection of data by Google for the purposes set out above.

 

Web analytics software can record visitor information, for example: visitor’s IP address, time of visit, browsed pages and page viewing times, visitor’s browser, completed forms, website from which the data subject has arrived on Mecastep Oy’s website.

 

However, the visitor data collected by Google Analytics cannot, in principle, be identified as relating to the visitor or his or her family or those living in a shared household. Learn more about Google web analytics on the Google Privacy page. You can disable Google Analytics tracking: http://tools.google.com/dlpage/gaoptout

 

In addition to the web analytics software mentioned above, other user tracking software may be used on the website. User tracking software can record more detailed visitor information than the Google Analytics mentioned above, such as customer communications or direct marketing actions targeted at the data subject, as well as information about how the data subject has taken advantage of them.