Privacy Policy
This Privacy Policy (hereinafter referred to as the “Policy”) explains how xxxxxx collects and processes customers' personal data. Personal data is processed in accordance with applicable legislation and the principles of the EU General Data Protection Regulation (GDPR).
Data Controller
The data controller under applicable data protection legislation is xxxxxx (hereinafter referred to as “xxxxxx”, “we”, “us”, or “our”). xxxxxx is responsible for ensuring that your personal data is processed in accordance with this Policy and applicable data protection laws.
Contact Details of the Data Controller
Company Name:
Business ID:
Address:
Email Address:
Contact Details of the Data Protection Officer
Address:
Email Address:
1. Collection of Personal Data
Your personal data may be collected in various ways depending on the situation. We collect and process personal data that:
you have provided to us when contacting us or doing business with us, for example during a customer relationship, when subscribing to our newsletter, or when requesting a quote or information;
is generated through visits to our website or purchases made through our online store;
is accumulated through the use or maintenance of our systems;
is received from our partners;
is obtained through automatic updates.
We collect and process the following categories of personal data:
basic information, such as name and contact details (email address, postal address, and telephone number);
customer relationship information, payment information, billing information, marketing consents and opt-outs;
customer inquiries and related correspondence, as well as records relating to data subject rights;
information generated through the use of our website, for example data collected through cookies or similar technologies (device identifier and type, operating system, and application settings);
log data.
2. Purpose and Legal Basis for Processing Personal Data
We collect and process only such personal data as is necessary for conducting our business, managing customer relationships, and other legitimate purposes.
Customer Relationship Management
We process personal data to maintain the customer relationship between you or the company you represent and us. In this case, the processing of personal data is based on a contract.
Marketing
We may contact you to inform you about new products or to market and sell our other products and services to you. We may also process your personal data for market research and customer surveys. In these cases, the processing is based on legitimate interest or consent.
Billing
We process personal data for invoicing purposes and to receive invoices. In these cases, the processing is based on a legal obligation, contract, and legitimate interest.
Service Development, Information Security, and Internal Reporting
We process personal data to ensure the security of customer relationships and our website, as well as to improve and develop our services. We may also compile internal reports based on personal data for management purposes and the proper administration of our business. In these cases, the processing is based on legitimate interest.
Compliance with Legal Obligations
We process your personal data to comply with legal obligations, such as accounting requirements, or to respond to legally binding requests from authorities. In these cases, the processing is based on a legal obligation.
Other Purposes for Which You Have Given Consent
We may process your personal data for other purposes if you have given your consent to such processing. In these cases, the processing is based on consent.
For processing activities based on legitimate interest, we have conducted a balancing test to ensure the lawfulness of the processing.
3. Transfers and Disclosures of Personal Data
We may transfer and disclose personal data to third parties:
as permitted or required by law, for example in connection with requests from competent authorities or legal proceedings;
when our partners or subcontractors process personal data on our behalf;
if we are involved in a merger, corporate restructuring, or the sale of all or part of our business;
when we consider disclosure necessary to protect our rights, your safety or the safety of others, investigate misuse, or respond to a request from an authority;
with your consent to the parties covered by that consent.
We have entered into Data Processing Agreements (DPAs) with processors of personal data, or the processing has been defined in the primary agreement. We instruct processors and ensure that personal data is processed appropriately and lawfully.
4. Transfers of Personal Data Outside the EU or EEA
If data processing requires transfers of personal data outside the European Union (EU) or European Economic Area (EEA), we use appropriate safeguards. We may transfer personal data outside the EU or EEA when our partners or their subcontractors are located outside these regions.
Squarespace's data transfer mechanisms.
5. Retention of Personal Data
Personal data is retained only for as long as necessary to fulfil the purposes described in this Policy.
Personal data is retained for the duration of the customer relationship. Personal data may also be retained after the end of the customer relationship to the extent permitted or required by applicable law. For example, we typically retain personal data after the customer relationship ends where necessary to respond to claims or legal actions. We also retain personal data as necessary to comply with your direct marketing opt-out request.
Personal data will be deleted when its retention is no longer necessary for compliance with legal requirements or the rights and obligations of either party.
6. Your Rights as a Data Subject
You have the rights granted under the EU General Data Protection Regulation, including:
the right to be informed about the processing of personal data;
the right of access;
the right to rectification;
the right to erasure ("right to be forgotten");
the right to restrict processing;
the right to object to processing;
the right to data portability;
the right not to be subject to automated decision-making.
The exercise of these rights depends on the legal basis on which the personal data is processed. Personal data that is necessary for the purposes described in this Policy, or that must be retained by law, cannot be deleted.
Where we process your personal data based on consent, you have the right to withdraw your consent at any time. We will then cease processing your personal data unless another legal basis for processing exists.
You may exercise your rights by sending a request to us at: name@domain.com.
If you believe that the processing of your personal data is not lawful, you have the right to lodge a complaint with the relevant supervisory authority. Contact details for the supervisory authority can be found on its website.
7. Cookies
We use cookies and similar technologies on the website tarusalokangas.fi. Cookies are small text files stored on your device to collect and remember useful information, improve the functionality and usability of our website, and enhance your browsing experience.
We may also use cookies and similar technologies for statistical purposes, such as compiling statistics about website usage to better understand how users interact with the website and to improve the user experience.
You can block the placement of cookies, restrict their use, or delete cookies from your browser. As cookies enable the proper functioning of our website, restricting their use may affect the usability of the website.
8. Information Security
We implement appropriate measures (including physical, technical, and administrative safeguards) to protect personal data against loss, destruction, misuse, and unauthorized access or disclosure. Personal data is accessible only to individuals who require it to perform their work duties.
9. Changes to This Policy
We reserve the right to amend this Policy. Any changes will be announced on our website, where you can also find the latest version of this Policy.
10. Contact Us
If you have questions regarding this Policy or would like further information about the processing of your personal data, please contact us by email at: