Purkupiha Oy stores and processes personal data in accordance with the EU GDPR and the current Personal Data Act (523/1999). We may change this privacy statement from time to time by publishing a new version of it online. Consequently, we recommend that you regularly review our privacy statement.
1. Controller
Purkupiha Oy (1868810-6)
Contact information: Meisselikatu 9, FI-15700 Lahti
Tel. +358 40 5510 391, kari(at)purkupiha.fi
2. Person responsible for matters concerning the filing system
Group CEO Kari Kärkkäinen
Contact information: Meisselikatu 9, FI-15700 Lahti
Tel. +358 40 5510 391, kari(at)purkupiha.fi
3. Name of the filing system
Purkupiha Oy’s customer and marketing filing system
4. Data subjects
– customers
5. Purpose of and grounds for the filing system
We process personal data relating to the management and analysis of customer relationships or other relevant relationships as well as marketing. Disclosure of data to partners only takes place for purposes that support the concept of the filing system.
| Data subjects | Purpose of processing | Grounds for processing |
|---|---|---|
| Customers (contact persons) | Enabling communications required for customer service and maintaining customer relationships. | Legitimate interest of the controller |
| Potential customers and website users | Contact requests and newsletter subscriptions from the website. | Legitimate interest of the controller |
Our operations are based on legitimate business, so we also comply with EU legislation on the storage of personal data. It comprises the following six points, provided here in brief:
- The data we store on individuals is legal and reasonable, and it is processed in a transparent manner. This means that you can access your data at any time.
- Data is subject to purpose limitation – for example, the data that we collect on individuals is limited to a specific purpose only. We will not disclose your data to third parties unless there is an appropriate reason to do so.
- We minimise the data that we store – we only store what is needed.
- We strive to keep our data accurate.
- We limit the storage of data – a lifetime has been determined for the data, after which it is either automatically or routinely deleted unless there are statutory grounds to retain it.
- We store complete and reliable data secured, for example, through backups.
- We collect and store data based on customer relationships or in relation to the business of potential new customers. The collection of data concerning new potential customers is based on business and we collect the data ourselves. The filing system may be used in marketing if the customer has specifically given permission for it.
6. Data content of the filing system
- first and last name
- contact information (such as company name, contact information, etc.)
- other textual information related to the customer relationship
- Marketing permission or ban
We store the minimum amount of data possible relating to a customer relationship, which typically includes the person’s unique name, company as well as contact information, such as email and phone number. The customer may prohibit the use of his/her data for marketing purposes. The data will remain in the filing system until the person decides to unsubscribe from our mailing list.
The user has the right to review the data concerning him/her stored in the filing system. This can be done by contacting the administrator of the filing system. You can unsubscribe from our email marketing lists yourself by using the ‘unsubscribe’ link in each marketing email we send.
The controller shall take reasonable steps to prevent the misuse and loss of the user’s personal data as well as unauthorised access to the data.
7. Regular data sources
- newsletter subscription form (data provided voluntarily by the customer)
- Purkupiha Oy’s customer filing system
- in relation to business, such as in acquiring new customers, we may also use, for example, names collected from online sources that we may contact for business purposes
- fairs and events (data provided voluntarily by the customer)
We do not knowingly collect personal data from persons under 18 years of age.
8. Regular disclosure of data
Personal data is not used for profiling or other automated decision-making. No regular disclosure or transfer of data outside the EU or the European Economic Area. Data may only be disclosed for other purposes with the customer’s written consent (excluding data being disclosed to the authorities upon their request, such as to the enforcement authorities).
9. Transfer of data outside the EU or the European Economic Area
The data in the filing system is not disclosed to third parties except as described above. Data is not disclosed outside the European Union or the European Economic Area except to the extent permitted by the Personal Data Act and based on authorisation issued by a customer company to the controller to companies registered as users of the service that need the data to fulfil their statutory and contractual obligations to conduct business in Finland.
Whenever possible, we have chosen to store your data in secure data centres located in Europe. Some of the above-mentioned service providers may back up data from outside the EU/EEA to the United States. Data is backed up to keep your data safe even in situations where the main servers are out of order.
10. Changes and updates
The file description may be periodically updated without separate notice and any changes are announced later with a “last update” notice.
11. Principles of filing system protection
Both manual material and electronically stored data are protected in accordance with the principles expressed in the Information Society Code as well as the regulations and guidelines of the Finnish Transport and Communications Agency. All material is in electronic form. The filing system is located on a secure server.
We use the following safeguards to ensure the security of your data:
- access to the system requires entering a username and password
- the system is also protected by firewalls and other technical means
- only certain pre-defined employees of the controller can access and are authorised to use the data stored in the filing system
- the filing system is backed up regularly
12. Cookies of the site
This website uses the Google AdWords cookie to target marketing through a list of users in Google ad networks. The user cannot be identified based on the data associated with the cookie. The user can choose to prevent Google AdWords marketing based on lists of users at www.google.com/settings/ads.
- Google Analytics (provided by Google Inc.) so that we can a) conduct statistical analysis regarding, for example, the number of users, location data and the like in order to learn from our visitors and b) improve the usability of the website based on, for example, site traffic measurements
- Facebook (provided by Facebook Inc.) identifies users logged in to Facebook to share Facebook content (only when you are logged in to Facebook by visiting our website and just by clicking the Facebook button)
In addition, our site uses the Mouseflow analysis tool that shows how visitors use the site with recordings. The purpose of this is to help optimise our site to be more user-friendly. More information about Mouseflow’s privacy policy is available here:
https://mouseflow.com/gdpr/
13. Date of entry into force
The date of entry into force of the file description is 25 May 2018.