Privacy statement for customer and marketing register
Approved May 17, 2018
Business ID: 0961194-0
Mailing address: Tietotie 1, 90460 Oulunsalo
Telephone: +358 20 7810 200
Data protection officer
In their report Proventia Oy has concluded that no Data Protection Officer will be chosen, because the core activities of the company are not comprised of processing tasks that require regular and systematic monitoring of data subjects on a large scale or target the special categories of personal data. Tasks related to data protection are the responsibility of the IT manager:
Telephone: +358 50 4855 504
Mailing address: Tietotie 1, 90460 Oulunsalo
Customer and marketing register
Purpose for processing personal data
Proventia's entitlement for processing personal data is based on the customer relationship between Proventia Oy and its customer, the consent of the customer, an assignment given by the customer, the targeting of marketing and sales or other appropriate connection.
Personal data may be processed for the following purposes:
- customer relationship management
- product warranties
- managing, implementing, developing and monitoring customer-related communications and marketing
- collecting and processing customer feedback and customer satisfaction data
- targeting communications, marketing and services, and managing contact and customer history
- organising meetings with potential customers
- sending sales material
Proventia Oy does not perform profiling based on the customer's personal data.
Data content of the register
The customer register contains and processes the following personal data, for example:
- e-mail address, phone number and other necessary contact information
- organization and position
- contact information of the organization
- customer relationship management data (notes)
- the products and services purchased by the customer and their billing and related invoicing and other payment transaction data
- data provided by the data subject
- content provided by the data subject, such as customer feedback and additional information, such as requests, customer satisfaction data or other similar information
- business transaction history, and
- other data provided for Proventia Oy by the customers, potential customers and stakeholders.
Regular data sources
Data is primarily obtained from the data subject themselves, the use of services related to the customership or an appropriate connection, as well as communication, transaction and other related events. Data may also be provided by parties offering address, updating, or other similar services. The collection of data on new potential customers is based on business operations and the data is collected from public sources.
Cookies may be used to collect data such as the following:
- user's IP address
- time of visit
- pages viewed and the visit duration
- organization, country and city of the visitor
- browser and operating system information
- referring site, search terms that led to the site
Cookies used on our website
Principles of securing the register
The data contained in the digital register is technically protected with firewalls, by giving access to authorised persons with a personal username and password, and by other technical measures that comply with the industry standards.
Regular data transfer
Proventia Oy may pass or transfer personal data to companies in the same corporation and third-party contractors participating in providing their services. Data is transferred to partners only for purposes that support the function of the register (for example direct marketing, polling and market research). The partners are not allowed to use the data for other purposes or transfer it to third parties.
Data transfers outside of the EU or EEA
Data will not be automatically transferred to third countries or international organisations. Possible data transfers outside of the EU or EEA requested by the customer are performed in a way that meets the requirements regarding data transfer in the EU General Data Protection Regulation.
Right of access
Data subjects have the right to inspect the data recorded on them on the register. In addition, with a sufficiently detailed and individualised access request, they have the right to obtain their personal data and recorded information. The access request is made in writing or in another certifiable format and delivered to the address mentioned in section 2.
Proventia Oy may request the subject to clarify their request in writing if necessary, and the identity of the subject may be confirmed if necessary, before taking other actions.
The right of access may be denied for reasons prescribed by law. Using the right of access is essentially free of charge.
Right to rectification and erasure of data
Data subjects have the right to have inaccurate, unnecessary, incomplete or obsolete data rectified or erased or restrict the processing of the data. Data subjects must deliver their requests on the matter to Proventia Oy to the address mentioned in section 2
Right to object
Based on their particular situation, data subjects have the right to object to the processing of their personal data performed by Proventia Oy insofar as the grounds for the processing is the customer relationship between Proventia Oy and the data subject.
Data subjects may deliver their objections on processing their personal data to Proventia Oy to the address mentioned in section 2. In the request, the data subject must specify the special circumstance on which they base their objection.
Proventia Oy may refuse to comply with the objection for reasons prescribed by law.
Other rights pertaining to personal data processing
The data subjects have the right to demand a restriction on processing their personal data. Data subjects also have the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used and machine-readable format and have the right to transfer this data to another data controller. In addition, data subjects have the right to object to data processing, automated decision-making and profiling.
If the personal data is processed based on the subject's consent, the subject has the right to withdraw their consent by notifying Proventia Oy to the address mentioned in section 2.
Right to lodge a complaint with a supervisory authority
Data subjects have the right to lodge a complaint with a competent supervisory authority, if the data controller has not followed applicable data protection regulations.
Erasure and storage period of personal data
Proventia Oy deletes the customer's data on the register when there are no operational grounds for processing the data or if the concerned party themselves exercises their legal right to demand Proventia Oy to erase data concerning them.
Digital data is erased by overwriting and paper documents are destroyed appropriately with consideration to data protection once there are no grounds for processing and storing the data. The data is not erased, however, if the law prescribes otherwise or a competent supervisory authority has initiated a process that requires Proventia Oy to store the data or if a Finnish court of law has been requested to decide on safeguarding the data.
Changes to the privacy statement
Proventia reserves the right to change this privacy statement by publishing amendments on the company website.