This is a combined personal data file description and newsletter to Nestor Cables’ customers, potential customers and website users. Its content adheres to Sections 10 and 24 of the Personal Data Act (523/1999) and Articles 12 and 13 of the EU General Data Protection Regulation.
Nestor Cables Ltd (FI21129073) Mittarikuja 5 90620 Oulu, Finland Sakari Määttä CFO +358 400 582 695 email@example.com
2. Data subjects
- Customers (contact persons)
- Potential customers
- Website users
3. Purpose and criteria for processing personal data
|Data subjects||Purpose of data processing||Criteria|
|Customers (contact persons)||Customer contacts, customer relationship management, customer service.||Controller's legitimate interest|
|Potential customers and website users||Contact requests and newsletter subscriptions submitted via website.||Controller's legitimate interest|
4. Data entries
The register may contain the following information:
|Data||Customer||Potential customer / website user||Purpose of use|
|Name||Yes||Yes||Identification / communication|
|Employer / company||Yes||Yes||Customer relationship management / targeted marketing|
|Role / title||Yes||Yes||Customer relationship management / targeted marketing|
|IP address||No||Yes||Targeted marketing|
5. Duration of data processing
As a general rule, personal data are processed for as long as the customer agreement for which the data are needed is valid. The data are entered as they are received from the data subjects themselves, and updated or removed as per updates sent by the data subjects to the Controller. Form data sent via this site are deleted within six (6) months after being submitted. If you want to stop receiving our email marketing messages, you can remove yourself from the mailing list by clicking the exit link included in each of the emails.
6. Your rights
Your rights are explained below. Any requests concerning your rights should be sent to firstname.lastname@example.org
Right of access
You have the right to access your personal data stored by us. In case of any errors or shortcomings, you may request us to correct or supplement the data.
Right of objection
If you feel that we have processed your personal data contrary to the law or that we have no right to process your data or part thereof, you can object to its processing at any time.
Ban on direct marketing
You can prohibit us from using your data for direct marketing purposes at any time. We will never sell or otherwise transfer your data to third parties in order for them to initiate direct marketing campaigns.
We purchase online advertising from, for example, Facebook and Google, but do not submit your personal data to them. Online advertising is not a form of direct marketing, but is based on cookies. For further information, please see 'Cookies' below.
Right of erasure
If you feel that certain data are no longer necessary in relation to the purposes for which they were collected or processed, you have the right to ask us to delete such information. We will review your request and either delete the data or give you a legitimate reason why the data cannot be erased. If you disagree with our decision, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman. In addition, you may request that we limit the processing of the disputed data until the matter has been resolved.
Right of appeal
You have the right to lodge a complaint with the Finnish Data Protection Ombudsman if you feel that we are violating existing data protection legislation when processing your data.
7. Regular sources of information
Data concerning potential customers are collected from said customers with their permission during website visits, or through other personal or digital communication.
8. Release of information
As a general rule, personal data are not released for marketing purposes outside Nestor Cables Ltd. Some data may, however, be selectively released to a third party commissioned by the Controller to execute a targeted marketing campaign. In such a case, the Controller retains the ownership of the data, and the third party has no right to use the data for anything other than the commissioned task. We have ensured that all our service providers comply with data protection legislation. Our regular service providers include the following:
- Pipedrive (Sales CRM)
- MailChimp (Newsletter)
- Microsoft (Email)
- Visma Group (Management of travel expenses)
9. Transfer of data outside the EU
Where possible, we store your personal data in a selected and secure data centre located in Europe. Some of the above service providers may use servers located outside the EU/EEA in the United States. Backup is used to ensure that your data remains safe in the event that the primary servers fail.
10. Principles for the protection of data files
- Safe and secure data handling is of utmost importance to us. To this end, we have employed a variety of means to protect your personal data.
- Access to the system requires a user ID and a password. The system is also protected by firewalls and other technological mean
- Data files can only be accessed and used by employees of the Controller who are designated and appointed for the task.
- Use of the register is protected with user-specific IDs, passwords and access rights.
- The register is located on a computer, which is located on a server in an ICT room protected from unauthorised access.
- The facilities are locked and guarded.
- The data files are backed up regularly.
Most Internet browsers automatically accept cookies, but if you want to, you can modify the settings of your browser and at any time disable the cookies. You can avoid cookies by modifying the settings in your web browser and banning their use.