REGISTER AND PRIVACY POLICY
THIS IS THE REGISTER AND PRIVACY POLICY OF JAAKKO PELTOMÄKI OY AND ITS SUBSIDIARIES IN ACCORDANCE WITH THE GENERAL DATA PROTECTION REGULATION (GDPR) OF THE EU. UPDATED ON 9.3.2022.
Controller and Contact
Jaakko Peltomäki Oy
Karjalankatu 2 C, 00520 Helsinki
Business ID 0890106-5
Contact Person for the Register
Miika Granholm
+358 (0) 9 6666 90
Register Name: Company Customer and Marketing Register
On What Basis is the Processing of Personal Data Based?
The legal bases for processing personal data in accordance with the General Data Protection Regulation (GDPR) of the EU are: Consent of the data subject and/or Legitimate interest of the controller (customer relationship and establishment of customer relationship) The purposes of processing personal data include maintaining customer relationships, research, and marketing. Data is not used for automated decision-making or profiling.
What Personal Data is Collected?
The data stored in the register includes:
Information related to the company:
Company name, business ID, industry, address, phone number, turnover class, information about ordered services
Information related to company customer contacts: First and last name, company, phone number, email address, position in the company, information provided by the customer, information related to the customer relationship, other information related to the person's tasks and position in the business sector Other information related to customer relationships and ordered services IP addresses of website visitors and cookies necessary for the functioning of the service are processed based on legitimate interest, among other things, for ensuring security and for collecting statistics about website visitors when they can be considered personal data. Consent is requested separately for third-party cookies when necessary.
The data to be stored in the register is obtained from the customer through, for example, messages sent via websites, email, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their information. Contact information for companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.
Who Processes Personal Data and to Whom is the Information Disclosed?
Information is processed by employees of Capital AV whose job duties require it. Information is not disclosed without the individual's consent. Information is not routinely disclosed to third parties. Information may be published to the extent agreed with the customer. Information may be transferred outside the EU or EEA if the technical implementation of the services used by the controller requires it. Such services include, for example, newsletter applications and technical maintenance of websites.
How Long is the Data Retained?
The personal data of company customer contacts is generally retained for three years from the termination of the customer relationship. After this, the information is appropriately destroyed.
How is the Data Protected?
Personal data is protected in all processing operations and throughout the entire lifecycle of personal data processing by using appropriate technical and organizational measures. Access and processing rights to personal data are granted based on job duties. Processed data is collected into systems and databases that are protected by firewalls, passwords, and other technical means. Paper documents are stored securely and disposed of securely when their processing is no longer necessary for fulfilling statutory tasks.
Right of Access and Right to Request Correction of Information
Every individual in the register has the right to check the information stored about them in the register and to request correction of any incorrect information or completion of incomplete information. If a person wishes to check the information stored about them or request corrections, the request must be sent in writing to the controller. The controller may request the person making the request to prove their identity if necessary. The controller will respond to the customer within the time frame stipulated by the GDPR (usually within one month).
Other Rights Related to the Processing of Personal Data
Individuals in the register have the right to request the deletion of their personal data from the register ("right to be forgotten"). Likewise, data subjects have other rights under the General Data Protection Regulation of the EU, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may request the person making the request to prove their identity if necessary. The controller will respond to the customer within the time frame stipulated by the GDPR (usually within one month).
What to include in the Privacy Policy
Generally speaking, a Privacy Policy often addresses these types of issues: the types of information the website is collecting and the manner in which it collects the data; an explanation about why is the website collecting these types of information; what are the website’s practices on sharing the information with third parties; ways in which your visitors an customers can exercise their rights according to the relevant privacy legislation; the specific practices regarding minors’ data collection; and much much more.
To learn more about this, check out our article “Creating a Privacy Policy”.