Privacy and data protection policy
This is Suomen Kiinteistötekniikka group’s privacy and data protection policy in accordance with EU General Data Protection Regulation (2016/679, “GDPR”) and applicable national legislation (including Finnish Data Protection Act 1050/2018). Drawn up on 22 May 2019
1. Data controller
Suomen Kiinteistötekniikka Oy
2. Contact person in charge of register
Esa Kumpu, tel. 0400 331 141
3. Name of register
Sales and Marketing Register
4. Legal basis and purpose of processing personal data
The Sales and Marketing Register of the Suomen Kiinteistötekniikka group is used for the direct marketing of services and events of group companies and for comparable activities such as customer communications, the acquisition of new customers, the gathering of customer feedback, and other business needs of the company. Such data can be used to develop the company’s operations, for statistical purposes, and for the production of more personally targeted content within our online services. The company may use partners for the maintenance of customer and service relationships, in which case some register data may be transferred to partners’ servers due to technical requirements. The data will be used solely for the maintenance and creation of the company’s customer relationships via technical interfaces. Unless expressly forbidden by the customer, the company has the right to publish data, contained in the customer register, as an electronic or written list. In this case, ‘list’ refers to e.g. adhesive address labels for direct marketing, or to the equivalent. The customer has the right to forbid the publication of data by notifying the register’s contact person thereof.
5. Data content of register
The Sales and Marketing Register includes data related to the data subject’s duties or position within a company, organisation or public life, or other data relating to managing the customer account, such as:
- Person’s first name and surname
- The organisation they represent – Email address
- Postal address – Telephone number
- Information on previous customer mailings and invitations to events
- Information from discussions on requests for quotations and customer meetings
6. Regular sources of data
Data recorded in the Sales and Marketing Register is mainly obtained from customers in received email messages, visiting cards, by telephone or in face-to-face meetings. Such data can also be obtained from stakeholders through e.g. the contact form on the website or the equivalent, and from Suomen Kiinteistötekniikka’s ERP system.
7. Regular disclosures of data and its transfer outside the EU or EEA
Customers’ personal data is only processed in relation to the customer relationship, and is not disclosed to third parties without the consent of the customer, unless there are legal grounds for doing so.
Data is not normally disclosed to third parties.
Data can be published as agreed with the customer in relation to specific data. The data controller will not transfer data outside the EU or EEA.
8. Data protection principles of register
Due care and attention shall be observed when handling the register and the appropriate protection shall be provided for data processed with the help of information systems. Data shall be gathered in databases protected by firewalls, passwords and other technical means. The data controller shall ensure that recorded data, user rights to the server, and other data critical to the security of personal data are handled confidentially and only by those employees whose job descriptions include such handling.
9. Right of access and right to demand rectification of data
Every data subject shall have the right to access their data held on the register and to demand the rectification of any erroneous data, or the supplementation of incomplete data. If a person would like to check data recorded about him or her, or demand the rectification of such data, they must present the data controller with a written request for this. The data controller shall ask the party presenting such a request for proof of identity. The data controller shall respond to the customer within the time set by the EU’s General Data Protection Regulation (usually within a month).
10. Other rights related to the processing of personal data
Data subjects have the right to request the erasure of their personal data from the register (“right to be forgotten”). Accordingly, the data subject also has other rights in accordance with the EU’s General Data Protection Regulation, such as restricting the processing of personal data in certain circumstances. Requests must be presented to the data controller in writing. The data controller will ask the party presenting such a request for proof of identity. The data controller shall respond to the customer within the time set by the EU’s General Data Protection Regulation (usually within a month).