Register description for the customer and stakeholder register and newsletter.
1. Data controller
+358 10 229 3100
2. Contact person for register-related matters
+358 50 453 2425
3. Register name
Customer and stakeholder register.
4. The purpose of data processing and its legal basis
The data controller uses the data in the customer register for the management and development of the customer relationship, the business and customer service, for sales and marketing, invoicing, and monitoring and collection of payments.
ST-Koneistus Oy processes data in accordance with applicable data protection legislation.
5. The register’s data content
The register contains the following customer data:
- Customer contact details, contact names and their telephone numbers, email addresses
- Data on customer orders and invoicing, and data which concerns customer relations and contracts
- Data on services and products
- Other potential data which is collected separately by consent
6. Regular data sources
We collect customer data that is given to us by the customers themselves, and can also collect such data from public and private registers, company websites, and through company data update services.
7. Regular data disclosure
Data contained in the register will not be disclosed to third parties without consent.
8. Transferring data outside the EU/EEC
Data contained in the register will not be transferred outside the EU or EEC.
9. Register protection principles
Electronically collected data is stored in databases that are protected by firewalls, passwords, and other technical methods. Access rights to electronically stored data are limited and secured by user IDs and passwords.
10. Storage period
The data collected in the register will only be stored for as long as, and in the scope required in relation to, the initial or compatible purposes for which the personal data was collected. The data controller assesses the necessity of storing the data in accordance with approved codes of conduct. The data controller also takes every reasonable step to ensure that any personal data which are found to be inaccurate, incorrect, or outdated in relation to the purposes for which such data are processed, are erased or rectified without delay.
11. Right of access
The data controller shall ensure that a register description file is available to data subjects. In accordance with Section 26 of the Personal Data Act, data subjects shall have the right of access to data which concerns them and which is stored in the register, or to be informed that the register does not contain any such data which relates to them. The data controller shall also state the sources of data in the register, as well as the typical purposes for which the data are used or disclosed. The data controller shall provide the aforementioned data upon request. Requests to access data shall be made in writing and should be addressed to the register’s named contact.
Data subjects are also entitled to request the correction, deletion, or completion of any incorrect data which relates to them.
12. Right of access
Data subjects have the right to submit matters regarding the Personal Data Act to the supervisory authority (Data Protection Supervisor) for processing.
Data Protection Policy For St-Koneistus’ Newsletter
What personal data do we collect for our newsletter, and what data do we save about the data subjects?
For its newsletter, ST-Koneistus Oy (hereinafter ‘ST-Koneistus’) will only collect the person’s (hereinafter ‘subscriber’) e-mail address, to which the newsletter will be sent.
In order to avoid incorrect newsletter subscriptions, we utilise a double confirmation of subscription.
- The subscriber cannot order the newsletter before they have ticked the box ‘I want to subscribe to the newsletter’ by clicking with the mouse.
- The newsletter subscription will not be activated before the subscriber has confirmed the order at the e-mail address to which the subscription relates.
In addition to the e-mail address, our WordPress Newsletter plugin will save the following data about the subscriber:
- The e-mail list(s) the subscriber joins. There are two options: the Finnish and English list. The subscriber can join both lists, if they wish.
- Information about whether the newsletter has been successfully sent to the subscriber.
- Information about whether the subscriber has opened the newsletter.
- Information about whether the subscriber has clicked the link in the newsletter.
- If the subscriber clicks the link in the newsletter, the URL address of the clicked link will also be saved.
- In addition, the IP address at which the newsletter is read will also be saved.
How can I cancel the newsletter subscription, and for how long will the data related to the subscriber be saved?
The subscriber can leave the mailing list in one of two ways:
- In the e-mail concerning the activation of the subscription, there is a link via which the subscription can be cancelled. The same activation e-mail also contains a link to the subscriber’s own subscription information, where the subscriber can afterwards manage the e-mail lists they have joined.
- The newsletter subscription can also be cancelled by clicking the ‘unsubscribe’ link sent in every e-mail.
We erase the data of the subscribers who have unsubscribed from the newsletter once a year. Data erasure will take place during the month of January. If the subscriber wants the data to be erased without delay (in the course of 30 days), they must send a data erasure request via e-mail to firstname.lastname@example.org.
What is the intended purpose of the collected personal data?
The e-mail address will only be used for sending the newsletter. The data collected by the WordPress Newsletter plugin will only be used for measuring the effectiveness of ST-Koneistus’s communications.
The data or e-mail addresses we collect will not be disclosed to third parties, excluding the WordPress Newsletter plugin we are using.