CUSTOMER AND MARKETING REGISTER
Enedo Plc (0195681-3), Linnoitustie 4 B, 02600 Espoo, Finland, tel. +358 9 478 466
2. CONTACT PERSON FOR THIS REGISTER
Samuli Räisänen, Enedo Plc, Linnoitustie 4 B, 02600 Espoo, Finland, tel. +358 50 407 7034, firstname.lastname@example.org
3. PURPOSE AND CRITERIA FOR PROCESSING PERSONAL DATA
|Data subjects||Purpose of data processing||Criteria|
|Customers||Customer contacts and customer relationship management||Controller’s legitimate interest, Consent of a customer or Performance of a contract|
|Potential customers and website users||Contact requests and newsletter subscriptions submitted via website||Controller’s legitimate interest, Consent of a customer or Performance of a contract|
Our service providers are Redland (website IT management), Seravo (hosting) and Microsoft (email/O365 services), Google (www-analytics) and Nasdaq (press releases).
We process information ourselves and use subcontractors that process personal data on behalf of us. We have outsourced our website IT management to a service provider who administers and secures the server where the data is stored.
4. CONTENT OF THE REGISTER
The register may contain the following information:
|Data||Customer||Potential customer or website user||Purpose of use|
|Employer/Company||Yes||Yes||Customer relationship management, targeted marketing|
|IP address||No||Yes||Targeted marketing|
5. REGULAR SOURCES OF INFORMATION
Personal data is collected primarily from the data subject herself/himself i.e. from customers, potential customers and website users during website visits or through other personal or digital communication.
6. RELEASE OF INFORMATION
As general rule, personal data are not released for marketing purposes outside Enedo Plc. Some data may, however, be selectively released to a third party commissioned by the Controller to execute a targeted marketing campaign. In such case, the Controller retains the ownership of the data and the third party has no right to use the data for anything other than the commissioned task. We have ensured that all our service providers comply with data protection legislation.
7. TRANSFER OF DATA OUTSIDE EU/EEA
Where possible, the data is stored in a selected and secure data centers located in Europe. Some of our service providers (Section 3) may use backup servers located outside the EU and EEA in the United States. We have made sure that our service providers are committed to the so-called Privacy Shield frameworks (https://www.privacyshield.gov/list) designed by the EU and the United States to ensure that the data transmitted from Europe to the United States is processed in compliance with data security practices.
8. PRINCIPLES FOR THE PROTECTION OF DATA FILES AND DURATION OF DATA PROCESSING
Safe and secure data processing is important for us. We have employed the following means to secure the protection of data files:
- Access to the system requires a used ID and a password
- The system is protected by firewalls and other technological means
- Data files can only be accessed and used by employees of the Controller who are designated and appointed for the task – Use of the register is protected with user-specific Ids, passwords and access rights
- The register is located on a computer, which is located on a server in an ICT room protected from unauthorized access
- The facilities are locked and guarded
- The data files are backed up regularly As a general rule, personal data is stored as long as it is necessary for the purpose of customer relation management or other purpose of processing the data. Web site form data sent via this contact request is deleted automatically within six (6) months after being submitted. If you have subscribed press releases, you can cancel the subscription anytime by pressing the Unsubscribe-link at the bottom of press release.
9. RIGHT OF ACCESS AND RIGHT TO REQUIRE RECTIFICATION
The data subject has the right to access her/his personal data stored in the register. The data subject has right to require rectification or erasure of her/his personal data. The data subject has also right to withdraw her/his consent.
10. OTHER RIGHTS AS A DATA SUBJECT
The data subject has at any time right to require rectification, erasure or limitation of processing of inaccurate, unnecessary, incomplete or outdated personal data. The data subject has at any time right to prohibit using her/his personal data for direct marketing purposes. We never sell or otherwise transfer personal data to third parties in order for them to initiate direct marketing campaigns. All requests and requirements concerning sections 9 and 10 should be submitted personally or in writing to the contact person for this register mentioned in section 2. The data subject has also the right to lodge a complaint with the supervisory authority if she/he feels that we are violating existing data protection legislation when processing her/his personal data.