Privacy policy
Kinnusen Mylly Oy Privacy Policy
1. Data Controller
Kinnusen Mylly Oy
Murrontie 2, 91600 Utajärvi, Finland
tel. +358 8 5144700
mylly@kinnusenmylly.fi
2. Contact person for register matters
Tuomas Kinnunen
Murrontie 2, 91600 Utajärvi, Finland
tel. +358 40 580 6979
tuomas.kinnunen@kinnusenmylly.fi
3. What is the legal basis and purpose of the processing of personal data?
The processing of personal data is based on the company’s legitimate interest based on a customer relationship or another relevant connection.
The purpose of the processing of personal data is to
- deliver our products and services and to develop them through gathering feedback
- promote the company’s sales
- fulfil our contractual and other promises and obligations
- manage our customer relationship
- analyse and profile the behaviour of our customers or other data subjects
We process the data ourselves and use partners who work on our behalf to process personal data. These include parties who conduct surveys in close partnership with us and with whom we have clear signed written agreements in place regarding the processing of personal data.
4. What data do we process?
We process the following personal data of customers:
- the data subject’s basic data such as name, occupation, role in the company
- the data subject’s contact details such as email address, phone number
- information concerning the company and its contact persons such as the business ID, industry, names of contact persons and billing persons, and their contact information
- any information concerning the customer relationship and the contract such as past and current contracts and deliveries.
5. What are the sources of the data?
Collecting data from the persons in question by means of forms at trade fairs, phone, mobile app or email, for example.
Personal data may be collected and updated for the purposes described in this Privacy Policy from publicly available sources and based on information received from the public authorities or other third parties, within the limits of applicable law. Such updating of information will be carried out manually or by automated means.
6. To whom do we disclose and transfer data, and do we transfer data outside the EU or the EEA?
Data may be disclosed to the public authorities under mandatory regulation. The data is stored in our ICT service provider's cloud service, whose data centres are located in EU Member States. We do not transfer data outside the EU or EEA.
7. How do we protect the data, and how long do we keep it?
Only those of our employees who have the right to process customer data for their work are entitled to use the system containing personal data. Each user has their own username and password in the system. The data is collected in databases protected by firewalls, passwords and other technical means. We delete personal data manually at the request of the person in question, where permitted by law.
8. What are your rights as a data subject?
As a data subject, you have the right to inspect the personal data concerning you stored in the personal data register, and to request the rectification or deletion of the data. You also have the right to withdraw or amend your consent.
As a data subject, in accordance with the General Data Protection Regulation (as of 25 May 2018), you have the right to object to or request restriction of the processing of your data and to lodge a complaint with a supervisory authority regarding the processing of personal data.
9. Who can you contact?
All contacts and requests regarding this policy must be made in writing or in person to the contact person named in section two (2).