This is Kuormat.com Finland Oy's registry and Privacy Statement in accordance with the EU's General Data Protection Regulation (GDPR). Prepared on 14.06.2021. Last modified on 08.11.2023.
We will update this Privacy Statement when necessary due to changes in data processing, changes to the service, or for any other reason. We will not make any significant changes to this Privacy Statement without notice. This Privacy Statement applies to the Kuormat.com website, the information collected from the website and the Kuormat.com service. Some of our services may be subject to a separate Privacy Statement, which is presented and applied in connection with that service.
1. The controller
Name: Kuormat.com Finland Oy
Business ID: 3192506-5
Postal address: Lintulahdenkatu 10, 00500, Helsinki
Email address: firstname.lastname@example.org
Kuormat.com has a data protection officer in charge of registry matters, who can be contacted via the contact information above.
2. Name of the register
Kuormat.com Finland Oy's marketing and customer register.
3. Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is the person's voluntary, informed and individual consent and the legitimate interest of the controller. The personal information collected is used to maintain and develop the customer relationship, communication and marketing.
4. Information content of the register
The information to be stored in the register may include: first name, surname, title, e-mail address, telephone number, name and contact details of the target company, industry, locations and any other information provided by the contact person, target company or other stakeholder. In addition, the register may store the necessary information according to the purpose of the service provided, such as the situation of the target company, needs, information on the target company's wish to be contacted, permission to send marketing material electronically and call recordings. The register may also store information related to the customer relationship between the controller and the data subject, such as ordering information, billing information, appointment information, complaints, feedback and other communication between the parties.
The IP addresses of the visitors of the website and the cookies necessary for the functions of the service are processed on the basis of a legitimate interest, e.g. to ensure data security and to collect statistics about visitors to the Site in cases where they may be considered personal data. If necessary, the consent of third-party cookies will be requested separately.
5. Regular sources of information
The information to be stored in the register is obtained from a person e.g. by information sent on forms, e-mail, telephone, through internet, through the usage of the service, through social media services, contracts, customer meetings, and other situations in which a person discloses their information. Data is also collected using the Google Analytics and PostHog tools.
Information on the contact persons of companies and other organizations can also be collected from public sources such as websites, directory services, registers kept by the authority within the limits allowed by law (e.g. ytj.fi) and other companies.
6. Data retention period
Personal data is deleted from the register if it is no longer needed for customer relationship development, marketing or other business purposes, or until the person himself or herself requests that his or her personal data be deleted pursuant to law.
7. Regular data transfers and data transfers outside the EU or the European Economic Area
The information is not regularly disclosed to other parties outside the company. The information may be published or shared with third parties to the extent expressly agreed with the customer.
We use the so-called cookie function. A cookie is a small text file that is sent to and stored on a user's computer, enabling the webmaster to identify visitors who visit the site frequently, to make it easier for visitors to log in to the service, and to compile aggregated information about visitors. With this feedback, we are able to continuously improve the content of our pages. Cookies do not harm users' computers or files.
If a user visiting our website does not want us to receive the above information through cookies, most browser programs allow you to disable the cookie function. This is usually done through browser settings.
9. Registry protection
The register shall be handled with due care and the information processed by the information systems shall be adequately protected. When registry data is stored on Internet servers, the physical and digital security of the hardware is adequately taken care of. The data is transferred over an SSL-secured connection. Electronic data is protected by a firewall, usernames and passwords. Only those persons employed by the controller who need the data in the performance of their duties have the right to process the data.
10. Automatic decision making
No automated individual decisions (Article 22 of the EU Data Protection Regulation) are taken.
11. Rights of the data subject
The person who provided the information has the right to check what information about him or her has been stored in the personal data register. A written request for verification must be sent signed to the controller.
The data subject has the right to request the correction or deletion of incorrect or outdated data. He or she also has the right to restrict or object to the processing of his data in accordance with Articles 18 and 21 of the EU Data Protection Regulation.
A person in the register has the right to request the removal of his or her personal data from the register ("the right to be forgotten"). Data subjects also have other rights under the EU's general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).