PRIVACY NOTICE

OT-Kumi Oy is a data controller within the meaning of the EU General Data Protection Regulation (“GDPR”) when processing customer data. We follow due care and comply with applicable legislation when processing personal data.

1. Controller

Name: OT-Kumi Oy
Address: Lieksentie 8, 91100 Ii, Suomi
Company ID: 0720557-8
Email: janne.lahdenpera(at)ot-kumi.com
Contact person: Janne Lahdenperä

2. Personal data, sources of data, purposes of processing and legal bases for processing

Controller collects two types of personal data: (i) Customer data and (ii) Technical data. Although OT-Kumi does not typically use Technical data (such as the IP address collected through cookies) for identifying a user, a person may in some cases be identifiable on the basis of such data and in these situations Technical data may be classified as personal data under data protection legislation.

In particular, Controller processes the following categories of personal data in the purposes defined below and on the following legal bases:

2.1. Name and contact details of the customer’s contact person, such as name and address of the customer, contact person’s email, telephone number

Data source: Name and contact details of the customer’s contact person, such as name and address of the customer, contact person’s email, telephone number. The customer or the customer’s contact person. The customer’s address can be verified from public sources such as the BIS (The Finnish Business Information System). Purposes of processing: Providing goods and services to customers, sales and marketing, developing, managing and maintaining customer relationships, business development.
Legal bases of processing: Contract
Storage time: Up to the duration of the customer relationship. The data can be erased prior to that if the contact person changes.

2.2. Job title of the customer’s contact person

Data source: Name and contact details of the customer’s contact person, such as name and address of the customer, contact person’s email, telephone number. The customer or the customer’s contact person. The customer’s address can be verified from public sources such as the BIS (The Finnish Business Information System).
Purposes of processing: Sales and marketing, customer relationship development, management and maintenance, business development.
Legal bases of processing: Contract
Storage time: Up to the duration of the customer relationship. The data can be erased prior to that if the contact person changes.

2.3. Contact details of the person who is subscribed to the newsletter, such as email address

Data source: The person who subscribed to the newsletter.
Purposes of processing: Sales and marketing, delivery of the newsletter.
Legal bases of processing: Consent (can be revoked by choosing to opt-out of the newsletter).
Storage time: As long as the person is subscribed to the newsletter.

2.4. Technical data, such as IP address

Data source: User’s device and data collected through the use of the website.
Purposes of processing: Providing services, business development, monitoring website usage and improving user experience, sales and marketing development.
Legal bases of processing: Consent (cookie consent on the website), which is revocable.
Storage time: For the time period specified in the cookie notice and cookie policy.

3. Personal data transfers outside EU/EEA

Personal data may be processed on behalf of OT-Kumi by its partners who may be located outside the European Union or the European Economic Area, or personal data may be processed from outside the EU or EEA, even if the data itself is stored in the EU/EEA (e.g. for system maintenance purposes).

We implement and use applicable agreements including Standard Contractual Clauses approved by the EU Commission or other applicable mechanisms of data transfer while transferring personal data outside EU/EEA to ensure compliance with privacy laws and regulations. We also ensure and require our processors to ensure, as required by law, that your personal data remains protected regardless of whether it is transferred outside the EU or the EEA.

4. Data recipients and processors

As a controller, we may disclose personal data to our partners when using their services as part of our business. Controller has appropriate personal data processing agreements or equivalent terms and conditions in place to ensure that data processing is in compliance with the applicable privacy laws and regulations.

Personal data is processed by, among others:

Tilitoimisto Simo Salonen Oy
Creamailer Oy
Chat-palvelu Tawk.to
Google Analytics for the purpose of monitoring the use of the website, for more information on the processing of personal data please see https://policies.google.com/privacy?hl=en-US

5. Data subject rights

Right of access

As a data subject, you have the right to request whether your personal data is being processed, as well as access to said data processed by the controller or its partners. Access request can be made to the controller’s address above. Please be prepared to prove your identity.

Right to rectification and removal

As a data subject, you have the right to request the removal, completion or rectification of personal data concerning you that is inaccurate, incomplete or unnecessary. However, this may be limited by applicable legislation and our obligations and need to retain your transaction history and we will provide further information. Please be prepared to prove your identity.

Right to restrict and object processing

As a data subject, you have the right to object to certain uses of your personal data if the data is processed for purposes other than those necessary to provide the products and services or to comply with a legal obligation. You may object to any further processing of your personal data even after you have given your consent and you may also withdraw your consent. You may also request the restriction of the processing of personal data to the extent said personal data is being processed subject to a Controller’s legitimate interest. Such request can be made to the controller’s address above. Please be prepared to prove your identity.

Right to data portability

As a data subject, you have the right to receive the personal data concerning you in a structured and commonly used format for transfer to another controller, insofar the processing is based on the legitimate interest of the Controller. Please be prepared to prove your identity.

Exercise of rights

As a Controller, we may request you to provide additional information to verify your identity. We may refuse unreasonably repetitive, excessive or manifestly unfounded requests. A request made once a year will not be considered repetitive.

Right to notify data protection authority

If you consider that the processing of your personal data is in breach of the applicable data protection legislation, as a data subject you always have the right to lodge a complaint with a data protection authority. For more information, please visit www.tietosuoja.fi.

6. Data security and protection of personal data

As a Controller we will implement all the reasonable, appropriate, technical and organizational security measures that are necessary taking into account the nature and purposes of personal data processing and the personal data. Such measures will include appropriate firewall, encryption, secure premises and access control solutions. If a personal data breach is detected regardless of the measures taken and such breach would like have a significant adverse impact to your privacy, we will inform you of the breach without undue delay.

7. Cookies

A cookie is a text file sent to and stored on a user’s computer. Cookies do not harm users’ computers or files. Cookies are used to collect information such as: downloaded pages, browser type, operating system, date and time. By applicable legislation, we may store cookies on your device if it is strictly necessary for the functioning of the site. We need your consent to use any kind of cookies.

If you wish, you may disable cookies in your browser settings. Disabling this function may result in some services to be slowed down or access to some websites to be blocked altogether. For example, when you shop online, cookies must be enabled.

We use cookies on our website to provide services, target marketing and improve the user experience. Below you will find more information about the applications on our website that use cookies.

If you wish, you may reject or delete cookies from our or third party websites by changing your web browser settings – see the “Help” section of your browser for more information. Most browsers automatically accept cookies, thus if you do not wish to allow them, you may need to actively delete or reject cookies.

For more information on the use of cookies in mobile browsers and how to reject or delete them, please see your mobile phone’s user guide. If you do not allow the use of cookies, you can still use our website, but not all functions may work properly.

We use cookies to tailor the content and advertising we offer, to support social media features and to analyse our traffic. This website uses different types of cookies. Some cookies are set by third party services appearing on our website.