PRIVACY STATEMENT

CONTROLLER

The controller is Silvasti Group.

CONTROLLER CONTACT DETAILS

Silvasti Group
Kiilatie 1
40320 Jyväskylä

Tel. +358 42 453 41
Email: dataprotection@silvasti.com
Business ID: 2150180-8

REGISTER NAME

The customer and marketing register of Silvasti Group

PURPOSE AND REASON FOR PROCESSING PERSONAL DATA

The data of customers of the Silvasti Group and their contact persons are stored in the register. Personal data is processed for purposes related to the management, administration and development of customer relationships, providing services and products, sales and delivery as well as the development and invoicing of services and products. Personal data is also processed in connection with purposes related to investigating possible complaints and other claims.

In addition, personal data is processed in customer communications, such as for sending the customers notifications and news, event invitations, in surveys and market research as well as in marketing. As part of marketing, personal data may be processed also for purposes related to direct marketing and electronic direct marketing.

The customer has the right to forbid all the direct marketing directed at them.

The reason for processing personal data is the customer relationship between the controller and customer, the customer’s consent, customer assignment or another appropriate connection.

The controller processes the information and uses partners in processing personal data for and on the behalf of the controller.

REGISTER DATA CONTENT

The following data and similar data may be stored on the data subject: personal data, such as name, job title, employer’s address information, telephone number, e-mail address, credit rating and the name of the company the data subject represents. In addition, we may store background data related to sales and data related to contacting the customer as well as purchase and order history.

RETENTION PERIOD OF PERSONAL DATA

The controller stores personal data in the customer register until the customer relationship between the controller and customer can be seen to have ended. The time of ending is defined from the expiration of the validity of a customer contract or from the latest service contact to which five years are added. Data used as invoice basis are stored for the period required in legislation related to accounting.

REGULAR DATA SOURCES

Data is received from the data subjects or orders of service. Data may also be acquired from official registers (for instance, the trade register). In addition, we use the open business data found online.

REGULAR DISCLOSURE OF DATA

Data is disclosed to the subcontractors of Silvasti Group in accordance with customer contracts to provide services and carry out the business operations. Customer data may also be disclosed to a partner for handling debt collection.

DATA TRANSFER OUTSIDE THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA

Personal data may be transferred to locations outside the EU/EEA area if required by the service production. In these cases, data privacy is ensured in accordance with data privacy legislation and other regulations.

It may also be possible that personal data can be stored in servers located outside EU/EEA or technical support may be asked outside EU/EEA.

DESCRIPTION OF THE PRINCIPLES OF REGISTER PROTECTION

Any possible manual material is stored on locked premises where only designated people may access it when it is necessary for them for realising their work.

Only authorised employees or partners may access digital material using their personal login credentials. There are different levels of access rights, and each user is granted sufficient rights for their work but in an as limited manner as possible.

DATA SUBJECT´S RIGHTS

According to the General Data Protection Regulation (GDPR), data subjects of our person registers have special rights.

  1. Data subject’s right of access (right to inspection)
    The data subject has the right to inspect what data about them is stored in the register. The right to inspection may be rejected based on legal grounds. Primarily, using the right to inspection is free.
  2. Data subject’s right to rectification, erasure or restriction of processing
    The data subject has the right to rectify data about them. The data subject also has the right to demand the controller to restrict the use of their personal data, for instance, in a situation in which the data subject is awaiting a reply to their request concerning the rectification or erasure of their data.
  3. Data subject’s right to data portability
    For the parts that the data subject has provided data to the marketing register and it is processed based on the data subject’s consent or assignment, the data subject has the right to receive this kind of data primarily in machine-readable format. In addition, the data subject has the right to transfer this data to another controller.
  4. Data subject’s right to lodge a complaint with the data protection authority
    The data subject has the right to lodge a complaint to the competent data protection authority if the controller has not complied with the applicable data protection regulations in their operations.
  5. Other rights
    If personal data is processed based on the data subject’s consent, the data subject has the right to revoke their consent by notifying us.

All requests concerning data subject’s rights should be sent by email to dataprotection@silvasti.com.