Privacy policy and description of data file

1. Controller

Jucat Oy, Puurtajankuja 3, 60100 Seinäjoki

 

2. Person responsible for data file

Jukka Rintala

jukka.rintala@jucat.fi

+358 50 590 6103

 

3. Name of data file

Jucat Oy marketing and customer register

 

4. Lawful basis for and purpose of personal data processing

According to the EU’s General Data Protection Regulation, lawful bases for the processing of personal data include

– the data subject’s consent (documented, voluntary, individual, informed, and unambiguous)

– a contract, to which the data subject is party

– the controller’s legitimate interest (e.g., a pre-contract customer relationship, an employment relationship, membership).

Personal data is processed for customer contact, maintenance of the customer relationship, marketing, etc.

Data will not be used for automated decision-making or profiling.

 

5. Content of the data file

Data which is recorded on the data file includes: the person’s name, position, company/organization, contact details (telephone number, e-mail address, postal address), website addresses, IP address, user credentials/profiles in social media services, information about ordered services and changes to ordered services, information concerning ordered services and any changes to them, invoicing information, and other information relating to the customer relationship and ordered services.

Website visitors’ IP addresses and cookies that are necessary for the function of the service are processed on the grounds of legitimate interest, including e.g. managing data security and collecting statistics on site visitors in cases where the data can be considered personal data. Separate consent will be required for third-party cookies as necessary.

 

6. Regular sources of data

Data which is recorded on the data file is obtained via Google Analytics or from the customer, from e.g. messages sent via online forms, e-mails, telephone calls, social media services, contracts, customer meetings and other situations in which the customer discloses their data.

Personal data about companies’ and other organisations’ contact persons may also be collected from public sources, such as websites, directories, and other companies.

 

7. Regular disclosure of data and data transfer outside of the EU or EEA

Data will not regularly be disclosed to other parties. Data can be published when the customer has agreed to publication.

Data can also be transferred by the controller outside of the EU or EEA. Data will not be disclosed to the USA without the express consent of the data subjects.

 

8. Principles of data file protection

Due care will be taken when processing the data file, and data that is processed using information systems will be appropriately protected. When data file data is stored on Internet servers, the physical and digital data security of the equipment will be appropriately ensured. The controller will ensure that the stored data, user rights to the servers, and other information that is critical to the security of personal data are processed confidentially and only by those employees whose job description involves personal data processing.

 

9. Right to access personal data and to request rectification

Every person on the data file has the right to access the data about themselves that has been recorded on the data file and to request the rectification of inaccurate or incomplete personal data. If the data subject wishes to access their data or have it rectified, a request should be sent in writing to the controller. If necessary, the controller can request the person submitting the rectification request to provide personal ID to verify their identity. The controller will respond to the customer within the time outlined in the EU’s General Data Protection Regulation (primarily within one month).

 

10. Other rights relating to the processing of personal data

A person on the data file has the right to request that their personal data is erased from the data files (“the right to be forgotten”). The data subject also has other rights as set out in the EU’s General Data Protection Regulation, such as restricting personal data processing in certain situations. All requests must be submitted in writing to the controller. If necessary, the controller can request the person submitting the rectification request to provide personal ID to verify their identity. The controller will respond to the customer within the time outlined in the EU’s General Data Protection Regulation (primarily within one month).

Cookies