Privacy statement for customer and marketing register

Approved May 17, 2018 | Suomeksi

Data controller

Proventia Oy
Business ID: 0961194-0
Mailing address: Tietotie 1, 90460 Oulunsalo
Telephone: +358 20 7810 200

Contact  Person for matters concerning the register:

Petri Saari, Vice President, Sales & Marketing
Telephone: +358 40 777 5769
E-mail: petri.saari (at)
Mailing address: Tietotie 1, 90460 Oulunsalo

Data protection officer

Proventia Oy has concluded in its report that no Data Protection Officer is appointed because company´s core activities do not include data processing operations that require regular and systematic monitoring of the data to a large extent or are targeted to special categories of personal data. Data protection tasks are included in the task of CFO.

Contact information:

Kaisu Kivioja
Phone: +358 50 327 5774
E-mail: rekisterit(at)
Address: Nuottasaarentie 5, 90400 Oulu

Register name

Customer and marketing register

Purpose for processing personal data

Proventia's entitlement for processing personal data is based on the customer relationship between Proventia Oy and its customer, the consent of the customer, an assignment given by the customer, the targeting of marketing and sales or other appropriate connection.

Personal data may be processed for the following purposes:

  • customer relationship management
  • product warranties
  • managing, implementing, developing and monitoring customer-related communications and marketing
  • collecting and processing customer feedback and customer satisfaction data
  • targeting communications, marketing and services, and managing contact and customer history
  • organising meetings with potential customers
  • sending sales material 

Proventia Oy does not perform profiling based on the customer's personal data.

Content of the register 

The customer register contains and processes the following personal data, for example:

  • name
  • e-mail address, phone number and other necessary contact information
  • organization and position
  • contact information of the organization
  • customer relationship management data (notes)
  • the products and services purchased by the customer and their billing and related invoicing and other payment transaction data
  • data provided by the data subject
  • content provided by the data subject, such as customer feedback and additional information, such as requests, customer satisfaction data or other similar information
  • business transaction history, and
  • other data provided for Proventia Oy by the customers, potential customers and stakeholders.

Regular data sources

Data is primarily obtained from the data subject themselves, the use of services related to the customership or an appropriate connection, as well as communication, transaction and other related events. Data may also be provided by parties offering address, updating, or other similar services. The collection of data on new potential customers is based on business operations and the data is collected from public sources.

Principles of securing the register

The data contained in the digital register is technically protected with firewalls, by giving access to authorised persons with a personal username and password, and by other technical measures that comply with the industry standards.

Regular data transfer

Proventia Oy may pass or transfer personal data to companies in the same corporation and third-party contractors participating in providing their services. Data is transferred to partners only for purposes that support the function of the register (for example direct marketing, polling and market research). The partners are not allowed to use the data for other purposes or transfer it to third parties.

Data transfers outside of  the EU or EEA

Data will not be automatically transferred to third countries or international organisations. Possible data transfers outside of the EU or EEA requested by the customer are performed in a way that meets the requirements regarding data transfer in the EU General Data Protection Regulation.

Right of access

Data subjects have the right to inspect the data recorded on them on the register. In addition, with a sufficiently detailed and individualised access request, they have the right to obtain their personal data and recorded information. The access request is made in writing or in another certifiable format and delivered to the address mentioned in section 2.

Proventia Oy may request the subject to clarify their request in writing if necessary, and the identity of the subject may be confirmed if necessary, before taking other actions.

The right of access may be denied for reasons prescribed by law. Using the right of access is essentially free of charge.

Right to rectification and erasure of data  

Data subjects have the right to have inaccurate, unnecessary, incomplete or obsolete data rectified or erased or restrict the processing of the data. Data subjects must deliver their requests on the matter to Proventia Oy to the address mentioned in section 2

Right to object 

Based on their particular situation, data subjects have the right to object to the processing of their personal data performed by Proventia Oy insofar as the grounds for the processing is the customer relationship between Proventia Oy and the data subject.

Data subjects may deliver their objections on processing their personal data to Proventia Oy to the address mentioned in section 2. In the request, the data subject must specify the special circumstance on which they base their objection.

Proventia Oy may refuse to comply with the objection for reasons prescribed by law.

Other rights pertaining to personal data processing 

The data subjects have the right to demand a restriction on processing their personal data. Data subjects also have the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used and machine-readable format and have the right to transfer this data to another data controller. In addition, data subjects have the right to object to data processing, automated decision-making and profiling.

If the personal data is processed based on the subject's consent, the subject has the right to withdraw their consent by notifying Proventia Oy to the address mentioned in section 2.

Right to lodge a complaint with a supervisory authority 

Data subjects have the right to lodge a complaint with a competent supervisory authority, if the data controller has not followed applicable data protection regulations.

Erasure and storage period of personal data

Proventia Oy deletes the customer's data on the register when there are no operational grounds for processing the data or if the concerned party themselves exercises their legal right to demand Proventia Oy to erase data concerning them.

Digital data is erased by overwriting and paper documents are destroyed appropriately with consideration to data protection once there are no grounds for processing and storing the data. The data is not erased, however, if the law prescribes otherwise or a competent supervisory authority has initiated a process that requires Proventia Oy to store the data or if a Finnish court of law has been requested to decide on safeguarding the data.

Changes to the privacy statement

Proventia reserves the right to change this privacy statement by publishing amendments on the company website.