This is a privacy and data protection policy in accordance with Sections 10 and 24 of the Personal Data Act (523/1999) and the EU General Data Protection Regulaton (GDPR). Created 01/04/2018. Last reviewed 01/04/2018.

1. Data controller

Hautalan Sähkömoottori Oy
0398823-7
Hautalantie 17 33560 Tampere
+358 (0)3 3140 2111
info@hautalan.fi


2. Contact person for issues concerning the register


Anja Uusi-Rajasalo
+358 50 468 5876
anja.uusi-rajasalo@hautalan.fi


3. Name of the register


Hautalan Sähkömoottori Oy’s customer register and data protection policy


4. Purpose for processing personal data


Hautalan Sähkömoottori Oy’s customer register is used for the management of existing customer accounts and customer communications.

5. Data content of the register


First and last name
Contact details
Employer details
Details concerning the management and communications of the account


6. Regular data sources


The data to be stored in the register is obtained from the customer by means of e.g. messages sent via online forms, by email, phone, contracts, customer meetings and other situations in which the customer discloses his/her details.


7. Regular disclosures of data


Data shall not be regularly disclosed to other parties. Data can be disclosed to the extent agreed with the customer.

 

8. Transferring data outside the EU or the EEA


Data shall not be transferred outside the EU or the EEA.


9. Protection principles of the register


Care is taken in the processing of the register and data to be processed with data systems shall be protected appropriately with e.g. passwords. The data controller shall ensure that all saved data and servers’ access rights as well as other critical data in terms of the safety of personal data is processed in a confidential manner, and only by members of staff whose job description involves the processing of such data. Paper documents, which include personal data (customer agreements) shall be stored in locked cupboards.


10. Right to review


Each data subject has the right to review the data stored in the register about him/her and demand any errors to be rectified or and missing data to be added. If a person wishes to review the data stored about him/her, or wishes to demand the rectification of data, a request must be made in writing and submitted to the data controller. If necessary, the data controller may request the data subject to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).


11. Right to demand rectification of data


Data subjects shall have the right to request any rectification to personal data. The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit the processing of personal data in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data controller may request the data subject to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).


12. Other rights concerning the processing of personal data


The data subjects have the right to request any personal data concerning him/her to be removed from the register ("right to be forgotten"). The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit the processing of personal data in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data controller may request the data subject to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).