Register and privacy statement
This is KVL-Tekniikka’s register and privacy statement that complies with the EU’s General Data Protection Regulation (GDPR). Drafted 26 July 2022
KVL-Tekniikka Oy, Ahteentie 1, 35300 Orivesi
telephone 010 2195 200 email: email@example.com
Contact person for the register
Minna Visakorpi, firstname.lastname@example.org, tel. 010-2195 211
Name of the register
User register for KVL-Tekniikka’s online service
Legal basis and purpose of processing personal data
The legal basis for processing personal data under the GDPR is:
- the person’s consent (documented and voluntary)
- the controller’s legitimate interest (customer relationship before agreement and employment relationship)
The purpose of processing personal data is contact with customers and job applicants.
Data content of the register
Details stored in the register in a customer relationship include the person’s name, position, company/organisation, phone number, email address.
Details stored in the register of job applicants include the person’s name, phone number, email, job applied for and region of job application.
Website visitors’ IP addresses and cookies necessary for functions in the service are processed on the basis of a legitimate interest, e.g., to ensure information security and for collecting statistical data on visitors to the site in case when these can be deemed to constitute personal data. Separate consent is requested for cookies of third parties, if necessary.
Regular data sources
Data stored in the register is obtained from customers, for example; in messages sent via online forms, via email, phone, on social media channels, in contracts, at customer meetings and in other cases where the customer discloses its information.
Data on contact persons at companies and other organisations can also be collected from public sources, such as websites or directory services and from other companies.
Regular disclosure of data and transfer of data outside the EU or the EEA
Data is not disclosed to other parties.
Principles of protecting the register
Caution is exercised in processing the register and all data processed by information systems is properly protected. When register data is stored on Internet servers, the physical and digital data protection of the server equipment is properly ensured. The controller ensures that stored data and access rights to servers and other data critical for the security of personal data is processed in confidence and only be employees whose job description entails this.
Right of inspection and right to rectification
Each person in the register is entitled to inspect all data pertaining to them that is stored in the register and demand the rectification of any inaccurate data or supplementing of incomplete data. If a person wants to inspect data stored on them or demand that it be rectified, the request must be submitted in writing to the controller. If necessary, the controller may ask that the person submitting a request for erasure of data provide proof of their identity. The controller must respond to the customer within a period of time specified in the GDPR (as a rule, within one month).
Other rights pertaining to the processing of personal data
Each person in the register is entitled to request that their personal data be erased from the register (“right to be forgotten”). Data subjects also have other rights under the EU’s General Data Protection Regulation, such as restriction of processing of personal data in certain situations. Requests must be submitted in writing to the controller. If necessary, the controller may ask that the person submitting a request for erasure of data provide proof of their identity. The controller must respond to the customer within a period of time specified in the GDPR (as a rule, within one month).