Marketing - customers, prospects and potential customers - communication

Privacy statement

Updated
03.02.2025

Registrar
Suomen Kaukokiito Oy (0114330-2)
Teollisuustie 7
Tampere
33330
0105100

Contact person in matters concerning the register
Marjo Viitala
Teollisuustie 7, 33330 Tampere, Finland
tel. +358 (0)10 5100
tietosuoja@kaukokiito.fi

Draft date
31.10.2021

Basis for processing personal data
The register is used for the controller’s business operations, the launching of new customer accounts and related communications and also for communicating with existing customers and . The collected data is used for the creation and maintenance of customer accounts as well as for the controller’s other business needs such as organizing competitions, raffles and sponsorships, registering for events and also as a mailing list for sending newsletters.
The legal basis for the processing is the legitime interest.

Basis of legitimate interest
The launch of the customer relationship, negotiations and other activities related to the controller’s business operations and communication.
The legitimate interest of the controller to process the collected and used personal data is based on the direct marketing needs and the freedom to pursue a business. According to the EU Genera Data Protection Regulation, direct marketing is a legitimate interest of a company.

Recipients and recipient groups
The controller’s employees and outsourcing partners, where applicable (financial administration, marketing, IT maintenance).

Consent
The processing is based on the legitimate interest, so consent is not required.

Data content of the register
The personal data register includes the following information:
- First name and last name of the person
- Represented company
- Email address
- Postal address
- Office
- Telephone number
- Web address
- IP number
- Willingness to receive Newsletter
- Answers to competition question
- The sponsorship survey may include age, name, and hobby information about the sponsorship
target

Regular sources of information
Data is collected from email messages, business cards and telephone contacts received from the customer as well as from physical meetings. Data may also be collected from other stakeholders, for example, through mass communication, marketing, contact forms on web pages or similar.
The data is not disclosed outside the controller organisation or for the use of its partners, except in matters related to a credit application, recovery or invoicing and when required by the legislation or to the marketing partners. The data is only used for Kaukokiito’s own business operation purposes. Personal data is not disclosed outside the European Union, unless it is necessary for ensuring the
technical implementation of the controller or its partners.
The personal data of the data subject are disposed of upon the user’s request, unless otherwise required by the legislation, customer relationship management, open invoices or recovery actions.

Personal data retention period
The personal data is retained for ten (10) years.

Regular transfers of information
The register data can only be accessed by the controller and its employees, with the exception of situations in which an external service provider is used either to produce an added value service or support a credit decision.
Data is not disclosed outside the controller organisation maintaining the register or for the use of its partners, except for the marketing partners or when required by legislation.
The personal data of the data subject are disposed of upon the user’s request, unless otherwise required by the legislation, customer relationship management, open invoices or recovery actions.

Data transfer outside the EU or EEA
Personal data is not disclosed outside the European Union, unless it is necessary for ensuring the technical implementation of the controller or its partners.

Principles of registry protection A: Manual material
Documents containing manually processed customer information (e.g. printed emails or their appendices, printed online forms or similar) are stored, after the initial processing, in a locked and fire-safe storage premises.
Only designated employees who have signed non-disclosure agreements have the right to process manually recorded customer information.
The data in the register are safeguarded and processed in accordance with the provisions and principles of the Data Protection Act, instructions of the authorities and good data processing practices.

Principles of register protection B: Electronic material
Only the organisation’s designated employees and employees of companies operating on behalf of the organisation have the right to use, for example, workstations whose software enables the maintenance of the information of potential customers. Each designated user has their own
personal IDs and passwords. Each user has signed a non-disclosure agreement.
The system is protected by a firewall, which provides protection for external contacts to the system, and the workstations are protected by suitable security software.
The data in the register are safeguarded and processed in accordance with the provisions and principles of the Data Protection Act, instructions of the authorities and good data processing practices.

Cookies
We use cookies on our websites. A cookie is a small text file sent to and saved on the user’s computer. Cookies do not damage users’ computers or files. The primary purpose of cookies is to improve and adapt the visitor’s user experience on the website as well as to analyse and enhance
the functionality and content of the website.
Data collected by cookies can also be used for marketing and targeting the marketing as well as for marketing optimisation. A visitor cannot be identified solely on the basis of cookies. However, data collected by cookies can be linked to other information obtained from the user in other contexts, such as when the user fills out a form on our website.

Cookies are used to collect the following information:
- visitor’s IP address
- time of the visit
- browsed websites and times of visiting
- visitor’s browser

Your rights
Users visiting our website can, at any time, disable the use of cookies by changing their browser settings. Most browsers allow the disabling of cookies and erasure of already saved cookies. Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS
Statistical information on the use of our website is collected by the Google Analytics service. The purpose of this is the website’s monitoring, development and marketing planning. The information of an individual user or person cannot be identified from the collected data.
The website also uses Google Analytics Demographics to collect target group- and theme-related information, such as the user’s age, gender and interests. Settings related to the collection of this information can be changed through your own Google account at
https://www.google.com/settings/ads
If you wish, you can disable Google Analytics tracking through the Chrome browser add-on.

Inspection right, i.e. the right to get access to personal data
Data subjects have the right to access the information that has been registered about them. The right of access request must be submitted in writing by contacting the controller’s customer service or register contact person in Finnish or in English. The right of access request must be signed.
The data subject has the right to prohibit the use and disclosure of their information for direct advertising, remote selling, direct marketing as well as marketing and opinion research by contacting the controller’s customer service.

The right to transfer data from one system to another
The data subject has the right to transfer their information from one system to another.
The transfer request can be submitted to the register contact person.

The right to demand correction of information
Personal data saved in the register which is incorrect, unnecessary, incomplete or outdated in terms of the purpose of the processing must be rectified, removed or supplemented. The personally signed request for rectification must be submitted in writing to the controller organisation’s
customer service or the contact person of the personal data register. The request must specify which data is requested to be rectified and on what grounds. The data is rectified without undue delay.
The rectification of the data is reported to the party from which the incorrect data was obtained or disclosed to. The person responsible for the register provides a written certificate of the refusal to rectify the data, which states the reasons for the refusal. The party concerned may refer the refusal to the Data Protection Ombudsman for a decision.

The right to file a complaint with the supervisory authority
If you deem that your personal data has been processed in breach of the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority.
The complaint can be lodged also in the Member State where you have your permanent place of residence or workplace.

Contact details of the national supervisory authority:
The Office of the Data Protection Ombudsman
PO Box 800, Ratapihantie 9, 00521 Helsinki, Finland
tel. +358 (0)29 566 6700
tietosuoja@om.fi
https://tietosuoja.fi/en/home

Other rights related to the processing of personal data
The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing, the right to request for the anonymisation of their data, where applicable, and the right to be forgotten.