Privacy Policy Statement
Data Controller
SataSafety Oy ( 2126860-4)
Hereinafter referred to as Company
Person responsible for data protection and/or contact person
Tapio Grundström
0509118467
tapio.grundstrom@satasafety.fi
Name of the personal data file
SataSafety Oy customer and marketing register
This privacy statement applies to our websites, marketing and customer relationship management as well as the processing of personal data related to the products and services offered.
Collected personal data and sources of information
We collect personal data necessary for managing customer relations.
Type of Data | Examples of Data Content |
Identification and contact information | Customer and/or representative's name and contact details. |
Information related to products and services including orders and customer communications | Information about orders, delivery times, and details related to contracts, billing, customer communication, and complaints. |
Information related to marketing (including direct marketing) and events, as well as consents and prohibitions given by the registered | Contact details for marketing purposes, and information collected during events and occasions. Consents and prohibitions concerning direct marketing. |
Information on the use of websites and other electronic services | IP address, identifiers for electronic communications, search and browsing information, browser and operating system information, and registration details |
We collect personal data from the registered individual themselves and from publicly available official registers and other external sources, such as the trade register or other similar public business register. Additionally, we collect information from contact forms filled out and use it for purposes related to maintaining customer relations as mentioned above.
Purposes of use and basis for processing personal data
Personal data are processed within the limits allowed by current legislation for the following purposes:
- delivering products and services and making customer contracts (contractual relationship or its preparation)
- managing the customer relationship (legitimate interest)
- informing and advising on services (legitimate interest)
- testing online services (legitimate interest)
- developing products and services (legitimate interest)
- collecting and analyzing user statistics (consent, legitimate interest)
- improving the user experience of our website and other services (consent, legitimate interest)
- billing, credit decisions, and debt collection (legitimate interest)
- marketing communications (legitimate interest)
- direct marketing, including electronic direct marketing and telephone marketing, as well as planning and measuring the effectiveness of advertising and marketing and combining and updating personal data for direct marketing purposes (legitimate interest, consent)
- managing stakeholder relationships and subcontracting, and cooperation with service providers (legitimate interest, contractual relationship or its preparation)
- internal reporting and other administrative measures (compliance with legal obligations)
- handling warranty and liability issues as well as complaints processing, and managing legal and administrative proceedings (legitimate interest)
- preventing and investigating misuse, and ensuring the security of information, people, and property (legitimate interest)
- handling other legal obligations (e.g., related to accounting and taxation) and reporting obligations
Additionally, when the processing of personal data is based on the individual's consent, the person may withdraw their consent at any time by notifying the contact person mentioned above.
The processing of personal data may be necessary to realize the legitimate interests of the Company and the registered individual's customer relationship. The Company has a legitimate interest in processing personal data for marketing, service, and customer analyses and service testing. Marketing purposes may also involve profiling. The registered individual then has the right to object to the processing of their personal data. When personal data are processed based on a legitimate interest, we have assessed the benefits and potential harms to the registered individual and determined that the registered individual's rights and interests do not outweigh the legitimate interest. We provide additional information on request regarding the processing of personal data based on legitimate interest.
Processors of personal data
Access to personal data is limited to personnel responsible for managing customer relationships and marketing.
Recipients of personal data
In processing personal data, various service providers and other third parties may be used, such as providers of technical solutions or server space or accounting and financial management service providers. We ensure that the contracts with the third parties we use for processing personal data comply with data protection legislation.
Personal data may be disclosed to third parties in situations mandated by law or by authorities or to investigate abuses, and to ensure security. Additionally, personal data may be required to be disclosed during legal proceedings or similar legal processes.
If the Company is involved in a merger, business transaction, or other corporate restructure, personal data may be disclosed to the parties involved in the arrangement or those assisting in the arrangement.
We provide additional information on request regarding the recipients of personal data.
Transfer of personal data outside the European Economic Area
Personal data is not transferred outside the European Union or the European Economic Area unless it is necessary for the technical implementation of the service. In cases of data disclosure and transfer, the level of data protection required by data protection legislation and other necessary security measures are adhered to.
We provide additional information on request regarding the transfers of personal data and the protective mechanisms used.
Cookies
We use cookies and other similar technologies on our site. A cookie is a small text file that the browser stores on the user's device. Cookies contain an anonymous, unique identifier that allows us to identify and count the different browsers visiting our site. The purpose of using cookies and similar technologies is to analyze and develop our services to better serve users and to target advertising. Users can manage their consent through the cookie tool on our website.
Protection of personal data
We protect personal data using appropriate technical and organizational methods. Data are collected into databases that are protected by firewalls, passwords, and other technical security measures. The databases and their backups are located in locked and guarded premises, and access to the information is limited to certain pre-designated individuals.
Retention and destruction of personal data
Personal data are retained as long as they are needed for the purpose for which they were collected and processed, for the implementation of the contract, or as long as the law and regulations require. Thereafter, personal data is properly destroyed.
Rights of the registered individual
The registered individual has the following rights:
- Right to access personal data. The registered individual has the right to confirm whether their personal data is being processed and other information about the processing of personal data as required by data protection legislation. The registered individual has the right to obtain a copy of the personal data.
- The registered individual can request the correction of data if the information is incomplete or incorrect.
- The registered individual can request the deletion of data when there is no lawful basis independent of the individual's consent for processing the data.
- The registered individual has the right to limit the processing of personal data if the accuracy or legality of the data so requires, or as per the right to object, the registered requests the processing to be limited to retention of the data. The registered individual has the right to object to the processing of data for direct marketing purposes based on the Company's legitimate interest.
- The registered individual can request the transfer of data to another data controller. The right to transfer primarily applies to personal data that the registered has provided to the data controller in a structured and machine-readable format, and for which the processing is based on the individual's consent or a contract, and/or where processing is carried out automatically.
- Right to withdraw consent. If the processing of personal data is based on the individual's given consent, the registered individual has the right to withdraw their consent for the processing of their personal data. Withdrawing consent does not affect the legality of processing based on consent before its withdrawal.
- The registered individual should submit requests concerning their rights in writing or by email at the following contact details:
SataSafety Oy
Request for inspection/other concerning personal data
tapio.grundstrom@satasafety.fi
The identity of the requester can be verified before processing the request. The Company responds to requests within 1 month of the presentation of the request, unless there are specific reasons to extend the response time.
The registered individual has the right to lodge a complaint with the competent data protection authority if they believe that their personal data has been processed in violation of data protection legislation.
The contact details of the Finnish Data Protection Authority are here.