Customer and marketing register
Register and Data Protection Statement in accordance with Sections 10 and 24 of the Personal Data Act (523/1999) and the EU General Data Protection Regulation (GDPR). Drawn up on May 16, 2018. Last modified on May 20, 2018.
- Data Controller
Mecastep Oy, Latojantie 1 15270 Lahti
- Contact person for the register
Kari Vuorimaa, Latojantie 1 15270 Lahti
- Name of the register
Mecastep Oy’s customer and marketing register (company and their contact persons)
- Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is
– consent of the person (documented, voluntary, individualised, informed and unambiguous)
– an agreement to which the data subject is a party
– legitimate interest of the data controller (customer relationship)
The purpose of the processing of personal data is to manage the relationship based on customer and business relationship, and to manage, administer and develop marketing, advertising and / or direct marketing.
The data is not used for automated decision making or profiling.
- Data content of the register
The data to be stored in the register is: name, email address, telephone number, company and position, company address, direct marketing authorisations and prohibitions, customer communication or direct marketing measures targeted at the data subject and how the data subject has used them, information on the services ordered by the customer, their delivery and invoicing, customer service and other relevant contact and communication in various channels and media (e.g. complaints and other feedback as well as recordings of customer service calls).
The data will be deleted within five years of the end of the customer relationship (customers) or within five years of the end of the use of the data (potential customers).
- Regular sources of information
The register is compiled from Mecastep Oy’s customers, leads, newsletter subscribers and possibly publicly available internet sources, tools, public or private registers or from the data subject themselves when filling in the website form.
- Regular transfers of data and transfers of data outside the EU or the EEA
The information is not regularly disclosed to other parties.
Data may also be transferred by the data controller outside the EU or the EEA. Mecastep Oy uses the US MailChimp email service for newsletter communications, in which case personal data is transferred outside the European Union. However, personal data is protected as required by the Personal Data Act.
- Principles of register protection
Personal information will be kept confidential. The information contained in the register is stored in the data controller’s electronic, password-protected system, and access shall be restricted to those specific, pre-defined persons working for or on behalf of the data controller who need access to the system for work or other similar reasons. Mecastep Oy’s information network and the equipment on which the register is located are protected by a firewall and other necessary technical measures. Persons handling register data are subject to the obligation of confidentiality.
- Right of inspection and right to request correction of information
Every person in the register has the right to check the personal information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check the data stored about him or her or request a correction, the request must be sent in writing to the data controller. If necessary, the data controller may ask the person making the request to prove his or her identity. The data controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).
- Other rights related to the processing of personal data
A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the data controller. If necessary, the data controller may ask the person making the request to prove his or her identity. The data controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).
- Web analytics
Google Analytics identifies the user with cookies, which are text files stored by your browser on your computer. The user information collected by cookies is anonymous, i.e. the visitor cannot be identified by cookies alone. However, the information obtained through cookies may be linked to information obtained from the user in another context, for example when the user fills in a form on our website.
Web analytics software can record visitor information, for example: visitor’s IP address, time of visit, browsed pages and page viewing times, visitor’s browser, completed forms, website from which the data subject has arrived on Mecastep Oy’s website.
However, the visitor data collected by Google Analytics cannot, in principle, be identified as relating to the visitor or his or her family or those living in a shared household. Learn more about Google web analytics on the Google Privacy page. You can disable Google Analytics tracking: http://tools.google.com/dlpage/gaoptout
In addition to the web analytics software mentioned above, other user tracking software may be used on the website. User tracking software can record more detailed visitor information than the Google Analytics mentioned above, such as customer communications or direct marketing actions targeted at the data subject, as well as information about how the data subject has taken advantage of them.