Privacy statement for customer and marketing register

Approved May 17, 2018

Data controller

Proventia Oy
Business ID: 0961194-0
Mailing address: Tietotie 1, 90460 Oulunsalo
Telephone: +358 20 7810 200

Contact person in matters relating to the register

Vice President, Sales & Marketing Petri Saari
Telephone: +358 40 7775 769
E-mail: petri.saari(at)proventia.com
Mailing address: Tietotie 1, 90460 Oulunsalo

Data protection officer

In their report Proventia Oy has concluded that no Data Protection Officer will be chosen, because the core activities of the company are not comprised of processing tasks that require regular and systematic monitoring of data subjects on a large scale or target the special categories of personal data. Tasks related to data protection are the responsibility of the quality manager, contact information:

Contact information:

Mika Haataja
Telephone: +358 50 4642 680
E-mail: rekisterit(at)proventia.com
Mailing address: Tietotie 1, 90460 Oulunsalo

Register name

Customer and marketing register

Purpose for processing personal data

Proventia´s entitlement for processing personal data is based on the customer relationship between Proventia Oy and its customer, the consent of the customer, an asignment given by the customer, the targeting of marketing and sales or other appropriate connection.

Personal data may be processed for the following purposes:

  • customer relationship management
  • product warranties
  • managing, implementing, developing and monitoring customer-related communications and marketing
  • collecting and processing customer feedback and customer satisfaction data
  • targeting communications, marketing and services, and managing contact and customer history
  • organising meetings with potential customers
  • sending sales material 

Proventia Oy does not perform profiling based on the customer´s personal data.

Data content of the register 

The customer register contains and processes the following personal data, for example:

  • name
  • e-mail address, phone number and other necessary contact information
  • organization and position
  • contact information of the organization
  • customer relationship management data (notes)
  • the products and services purchased by the customer and their billing and related invoicing and other payment transaction data
  • data provided by the data subject
  • content provided by the data subject, such as customer feedback and additional information, such as requests, customer satisfaction data or other similar information
  • business transaction history, and
  • other data provided for Proventia Oy by the customers, potential customers and stakeholders.

Regular data sources

Data is primarily obtained from the data subject themselves, the use of services related to the customership or an appropriate connection, as well as communication, transaction and other related events. Data may also be provided by parties offering address, updating, or other similar services. The collection of data on new potential customers is based on business operations and the data is collected from public sources.

Data may be collected on the visitors of the Proventia.com website, and cookies may be used on the site. Cookies are small text files that are stored on the visitor´s device. Proventia uses cookies to improve the user experience of the site, evaluate the used content and support marketing. The data collected with cookies is anonymous, and it cannot be used to obtain data on an identifiable individual.

Cookies may be used to collect data such as the following:

  • user´s IP address
  • time of visit
  • pages viewed and the visit duration
  • organization, country and city of the visitor
  • browser and operating system information
  • referring site, search terms that led to the site
     

By using Proventia.com, the user accepts the use of cookies and storing them on their computer. Most browsers accept cookies automatically. The user has the optin to block the use of cookies by changing the browser settings so that the browser does not allow cookies to be stored. In this case, however, the user accepts that preventing the use of cookies may effect the functionality of certain services.

Principles of securing the register

The data contained in the digital register is technically protected with firewalls, by giving access to authorised persons with a personal username and password, and by other technical measures that comply with the industry standards.

Regular data transfer

Proventia Oy may pass or transfer personal data to companies in the same corporation and third-party contractors participating in providing their services. Data is transferred to partners only for purposes that support the function of the register (for example direct marketing, polling and market research). The partners are not allowed to use the data for other purposes or transfer it to third parties.

Data transfers outside of  the EU or EEA

Data will not be automatically transferred to third countries or international organisations. Possible data transfers outside of the EU or EEA requested by the customer are performed in a way that meets the requirements regarding data transfer in the EU General Data Protection Regulation.

Right of access

Data subjects have the right to inspect the data recorded on them on the register. In addition, with a sufficiently detailed and individualised access request, they have the right to obtain their personal data and recorded information. The access request is made in writing or in another certifiable format and delivered to the address mentioned in section 2.

Proventia Oy may request the subject to clarify their request in writing if necessary, and the identity of the subject may be confirmed if necessary, before taking other actions.

The right of access may be denied for reasons prescribed by law. Using the right of access is essentially free of charge.

Right to rectification and erasure of data  

Data subjects have the right to have inaccurate, unnecessary, incomplete or obsolete data rectified or erased or restrict the processing of the data. Data subjects must deliver their requests on the matter to Proventia Oy to the address mentioned in section 2

Right to object 

Based on their particular situation, data subjects have the right to object to the processing of their personal data performed by Proventia Oy insofar as the grounds for the processing is the customer relationship between Proventia Oy and the data subject.

Data subjects may deliver their objections on processing their personal data to Proventia Oy to the address mentioned in section 2. In the request, the data subject must specify the special circumstance on which they base their objection.

Proventia Oy may refuse to comply with the objection for reasons prescribed by law.

Other rights pertaining to personal data processing 

The data subjects have the right to demand a restriction on processing their personal data. Data subjects also have the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used and machine-readable format and have the right to transfer this data to another data controller. In addition, data subjects have the right to object to data processing, automated decision-making and profiling.

If the personal data is processed based on the subject´s consent, the subject has the right to withdraw their consent by notifying Proventia Oy to the address mentioned in section 2.

Right to lodge a complaint with a supervisory authority 

Data subjects jave the right to lodge a complaint with a competent supervisory authority, if the data controller has not followed applicable data protection regulations.

Erasure and storage period of personal data

Proventia Oy deletes the customer´s data on the register when there are no operational grounds for processing the data or if the concerned party themselves exercises their legal right to demand Proventia Oy to erase data concerning them.

Digital data is erased by overwriting and paper documents are destroyed appropriately with consideration to data protection once there are no grounds for processing and storing the data. The data is not erased, however, if the law prescribes otherwise or a competent supervisory authority has initiated a process that requires Proventia Oy to store the data or if a Finnish court of law has been requested to decide on safeguarding the data.

Changes to the privacy statement

Proventia reserves the right to change this privacy statement by publishing amendments on the company website.