1. DATA CONTROLLER
Business ID: 2881816-2
Köydenpunojankatu 14, Logomo Byrå
20100 Turku, Finland
2. CONTACT PERSON FOR DATA FILE-RELATED MATTERS
3. NAME OF THE DATA FILE AND DATA SUBJECTS
Sometehdas Oy’s marketing and customer register.
We use the register to process the personal data of our customers as well as our potential customers and their representatives.
4. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
We process personal data to manage customer relationships, to communicate with customers and to improve the user experience of the Sometehdas.fi online service in order to target relevant content to users. We also process personal data for marketing purposes. We process your personal data for marketing purposes based on our legitimate interests and to manage customer relationships on the basis that it is necessary for implementing a contract between you and us. We may also send you direct marketing messages based on your consent. We do not process personal data for automated decision-making or profiling purposes.
5. CONTENT OF THE DATA FILE
The types of information we may collect about you include your name, email address, postal address, and any other information you provide. Cookies provide us with statistical data about the visitors of our website, which we use, for example, when planning our marketing. This allows us to target our communication efforts as precisely as possible. Information collected through cookies may also be used for the purpose of targeted marketing (remarketing), which is why you may see advertising content on products that you have previously viewed on our website, for example, on Facebook. We do not disclose your personal data to third parties for their direct marketing purposes.
The following information may be collected about data subjects:
- Name, email address and job title / area of responsibility
- Company’s name, contact information and field of business
- Information related to customer relationship management and communication (e.g. purchase and cancellation of services, feedback, and customer service interactions)
- Information related to the use of Sometehdas Oy’s website and services
- Information related to marketing and promotion, such as marketing efforts directed to the data subject and participation in them (e.g. competitions, webinars and events)
- Technical information and information related to the cookies sent to the data subject’s browser
6. REGULAR SOURCES OF DATA
The collection of names and other contact information is based on a customer relationship or other relationship with Sometehdas Oy. We collect information about you when you enter into a contract with us, when you register for an account or when you use the services of Sometehdas Oy. In other words, the personal information collected by us mainly consists of information provided by you. We also monitor cookies, and visiting Sometehdas Oy’s website leaves a trace, an IP address. Personal data may also be purchased for non-recurring marketing purposes from registers outside Sometehdas Oy. We may also collect personal data from public sources.
7. REGULAR DISCLOSURE OF DATA AND THE TRANSFER OF DATA OUTSIDE THE EU OR EEA
We do not disclose personal data to third parties. The data may be published to the extent agreed with the customer. In all cases, we will only transfer your personal data outside the EU/EEA for one of the following legitimate purposes:
- The European Commission has determined that an adequate level of data protection is ensured in the recipient country;
- We have implemented appropriate safeguards for the transfer of your personal data using standard data protection clauses approved by the European Commission. In such cases, you have the right to obtain a copy of these standard clauses by contacting us; or
- You have given your explicit consent for the transfer of your personal data, or there is another legal basis for the transfer of your personal data outside of EU/EEA, such as the EU–U.S. Privacy Shield framework adopted by the European Commission.
8. PRINCIPLES OF DATA PROTECTION
9. RIGHT OF ACCESS AND RIGHT TO RECTIFICATION
Data subjects have the right to request access to their personal information stored in the register and request the correction of any inaccurate or incomplete information. If a person wishes to check or rectify the information stored about them, the request must be sent in writing to the Data Controller. The Data Controller may ask the data subject to verify their identity before processing the request. The Data Controller will respond to the request within the time limit set by the GDPR (usually within a month).
10. OTHER RIGHTS CONCERNING THE PROCESSING OF PERSONAL DATA
Data subjects have the right to request the erasure of their personal data from the register (“right to be forgotten”). Data subjects also have other rights set out in the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the Data Controller. The Data Controller may ask the data subject to verify their identity before processing the request. The Data Controller will respond to the request within the time limit set by the GDPR (usually within a month).