Back
Customer Register of Suomen Kaukokiito, Privacy Statement
Updated
03.02.2025
Registrar
Suomen Kaukokiito Oy (0114330-2)
Teollisuustie 7
Tampere
33330
0105100
Contact person in matters concerning the register
Marjo Viitala
Teollisuustie 7, 33330 Tampere, Finland
tel. +358 (0)10 5100
tietosuoja@kaukokiito.fi
Draft date
31.10.2021
Basis for processing personal data
The register is used to maintain the organisation’s customer register as well as to manage, archive and process customer orders inquiries, service requests, offers and manage customer relationships in general. The data may be used to develop operations and produce more personalised, targeted content in our online service as well as for statistical purposes. Personal data is processed as permitted and required by the General Data Protection Regulation (GDPR).
The data in the register may be used in the organisation’s own registers; for example, to target marketing without disclosing any personal data to external parties. The organisation may use partners to maintain its customer and service relationships, in which case some register data may be transferred to the partners’ servers due to technical requirements.
The data is processed only to maintain the customer relationship of the controller organisation through technical interfaces. The organisation has the right to publish data contained in the customer register electronically or as a written list, unless expressly prohibited by the customer. Here a list refers to, for example, postal labels for direct marketing or similar. The customer has the right to prohibit the publication of their data by reporting this to the controller’s customer service, by email (email address) or to the contact person for the register.
Basis of legitimate interest
The legal basis for the processing is the agreement.
Recipients and recipient groups
The personnel of the controller and outsourced partners (transport companies, financial administration, IT), where applicable.
Data content of the register
The personal data register may include the following information:
- First name and last name of the person
- Represented company
- Email address
- Customer number
- Business ID
- Postal address
- Telephone number
- Web address
- IP address
- Information about the previous orders
- Possible previous reminders or claims
- Payment information or dafaults
- Bank account number
- Service order information
- Email communiation related to the service request
- Address book if saved by the user
Regular sources of information
Data is collected through the registrations of the customers and notifications submitted by the customer during the customer relationship. Data is collected also about service requests, orders and transport damage notifications. Name and address information is also received from the authorities and companies providing update services.
Data may also be collected from the subcontractors who are related to the use or production of the service. Information about the customers’ other activities in the digital environment may be collected from partners’ websites, information systems or other digital sources to which the customer logs in through an electronic invitation (link), cookies or by using an ID provided to the customer. The customer register data can only be accessed by the organisation, with the exception of
situations in which an external service provider is used either to produce an added value service or
support a credit decision.
Data is not disclosed outside the organisation or for the use of its partners, except in matters related to a credit application, recovery or invoicing and when required by the legislation. Personal data is not disclosed outside the European Union, unless it is necessary for ensuring the technical implementation of the controller or its partners. The personal data of the data subject are disposed of upon the user’s request, unless otherwise required by the legislation, open invoices or recovery actions.
Personal data retention period
Ten (10) years after the termination of the customer relationship.
Regular transfers of information
The customer register data can only be accessed by the organisation, with the exception of situations in which an external service provider is used either to produce an added value service or support a credit decision.
Data is not disclosed outside the controller or for the use of its partners, except in matters related to a credit application, recovery or invoicing and when required by the legislation. The personal data of the data subject are disposed of upon the user’s request, unless otherwise required by the legislation, open invoices or recovery actions.
Data transfer outside the EU or EEA
Personal data is not disclosed outside the European Union, unless it is necessary for ensuring the technical implementation of the organization or its partners.
Principles of registry protection A: Manual material
Contact details collected at customer events and other documents containing manually processed customer information are stored, after initial processing, in a locked and fire-safe storage premises. Only designated employees who have signed non-disclosure agreements have the right to process manually recorded customer information.
The data in the register are safeguarded and processed in accordance with the provisions and principles of the Data Protection Act, instructions of the authorities and good data processing practices.
Principles of register protection B: Electronic material
Only the organisation’s designated employees and employees of companies operating on behalf of the organisation have the right to access the client-owner and customer register and maintain its information. Each designated user has their own personal IDs and passwords. Each user has signed a non-disclosure agreement. The system is protected by a firewall, which provides protection for external contacts to the system.
The data in the register are safeguarded and processed in accordance with the provisions and principles of the Data Protection Act, instructions of the authorities and good data processing practices.
Cookies
We use cookies on our websites. A cookie is a small text file sent to and saved on the user’s computer. Cookies do not damage users’ computers or files. The primary purpose of cookies is to improve and adapt the visitor’s user experience on the website as well as to analyse and enhance the functionality and content of the website.
Data collected by cookies can also be used for marketing and targeting the marketing as well as for marketing optimisation. A visitor cannot be identified solely on the basis of cookies. However, data collected by cookies can be linked to other information obtained from the user in other contexts, such as when the user fills out a form on our website.
Cookies are used to collect the following information:
- visitor’s IP address
- time of the visit
- browsed websites and times of visiting
- visitor’s browser
Your rights
Users visiting our website can, at any time, disable the use of cookies by changing their browser settings. Most browsers allow the disabling of cookies and erasure of already saved cookies. Disabling cookies may affect the functionality of the website. GOOGLE ANALYTICS Statistical information on the use of our website is collected by the Google Analytics service. The purpose of this is the website’s monitoring, development and marketing planning. The information of an individual user or person cannot be identified from the collected data.
The website also uses Google Analytics Demographics to collect target group- and theme-related information, such as the user’s age, gender and interests. Settings related to the collection of this information can be changed through your own Google account at https://www.google.com/settings/ads
If you wish, you can disable Google Analytics tracking through the Chrome browser add-on.
Inspection right, i.e. the right to get access to personal data
Data subjects have the right to access the information that has been registered about them. The right of access request must be submitted in writing by contacting the controller’s customer service or register contact person in Finnish or in English. The right of access request must be signed.
The data subject has the right to prohibit the use and disclosure of their information for direct advertising, remote selling, direct marketing as well as marketing and opinion research by contacting the controller’s customer service.
The right to transfer data from one system to another
The data subject has the right to transfer their information from one system to another. The transfer request can be submitted to the register contact person.
The right to demand correction of information
Personal data saved in the register which is incorrect, unnecessary, incomplete or outdated in terms of the purpose of the processing must be rectified, removed or supplemented.
The personally signed request for rectification must be submitted in writing to the organization’s customer service or the contact person of the personal data register.
The request must specify which data is requested to be rectified and on what grounds. The data is rectified without undue delay.
The rectification of the data is reported to the party from which the incorrect data was obtained or disclosed to.
The person responsible for the register provides a written certificate of the refusal to rectify the data, which states the reasons for the refusal. The party concerned may refer the refusal to the Data Protection Ombudsman for a decision.
The right to file a complaint with the supervisory authority
If you deem that your personal data has been processed in breach of the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority.
The complaint can be lodged also in the Member State where you have your permanent place of residence or workplace.
Contact details of the national supervisory authority: The Office of the Data Protection Ombudsman
PO Box 800, Ratapihantie 9,
00521 Helsinki, Finland
tel. +358 (0)29 566 6700
tietosuoja@om.fi
https://tietosuoja.fi/en/home
Other rights related to the processing of personal data
The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing, the right to request for the anonymization of their data, where applicable, and the right to be forgotten.
