Privacy statement

 

PRIVACY STATEMENT
18.8.2020

Description of the customer data register

Controller

Piristeel Oy
Metallitie 4, FI-62200 Kauhava, Finland

Contact person in matters relating to the register

Vesa-Matti Noponen
Metallitie 4, FI-62200 Kauhava, Finland
vesa-matti.noponen(at)piristeel.fi
Tel. +358 44 734 0155

Data protection officer

Minna Marttala
Metallitie 4, FI-62200 Kauhava, Finland
minna.marttala(at)piristeel.fi
Tel. +358 6 433 8845

Purpose of processing personal data

Personal data is processed on the grounds of a registered customer relationship for the following pre-defined purposes:

  • Creating, managing and maintaining the customer relationship
  • Providing information about our services, marketing, sales, management and invoicing
  • Sponsorship cooperation

 

Information content of the register

Company
First name
Last name
Address
Telephone number
Business ID
Customer information
Information about products/services purchased

Regular sources of information

Information is obtained from the data subjects upon the emergence of the customer relationship, via an online form, by telephone, on the internet, by e-mail or in another way.

Regular disclosures of information

The details of resellers and trained Pisko inspectors (Company, company’s address, company’s telephone number, inspector’s name) are disclosed on Piristeel Oy’s website.

Transfer of data outside the EU or EEA

Piristeel will not transfer data outside the EU or EEA.

Register protection principles

Manual data: Personal data will be kept confidential. Information on paper is stored in a locked facility that can only be accessed by authorized persons.

Electronically processed data: The information network and hardware on which the register is located is protected with a firewall and, if necessary, other technical measures, such as by encrypting the data, taking into account the costs of the measures. Only system administration personnel have access to the system. The hardware is located in a locked and supervised computer room.

Data storage period

Personal data is processed for as long as the customer relationship is in force.

Prohibition of direct marketing

A data subject has the right to prohibit the use of the data for direct marketing.

Right of access

Everyone has the right, after providing the information necessary to search for the information, to find out what information pertaining to them has been stored in the personal data register or that there is no information pertaining to them in the register. The person wanting to review the information pertaining to themselves shall present a request for it to the controller with a personally signed document or in person at the controller’s office. Said request shall be submitted to the above-mentioned contact person.

Right to request rectification of data

The controller rectifies, erases or supplements personal data in the register that is incorrect, unnecessary, incomplete or outdated from the point of view of the purpose of processing proactively or at the request of the data subject. The data subject shall contact the person responsible for register-related matters at the controller to rectify the data.

Right to lodge a complaint

In accordance with Article 77, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

Reporting a personal data breach to the supervisory authority

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Reporting a personal data breach to the data subject

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.