Groundec Oy (Business ID: 3121096-7)
Contact point for matters and inquiries related to the personal data file:
Description of file: Groundec’s customer and marketing register.
2. Data subjects
The personal data file is used to store data on Groundec’s customers.
3. Basis and purpose of keeping the personal data file
Basis of keeping the personal data file:
- The basis of processing the personal data of Groundec’s customers is a contractual relationship.
Purpose of the processing of personal data and the personal data file:
Personal data is only processed for the following predefined purposes:
- creating, maintaining, managing, and developing customer relationships;
- order management and delivery;
- invoicing and administration;
- informing customers, providing technical support, and reporting on malfunctions; and
- electronic newsletters.
4. Personal data to be stored in the personal data file
The customer register contains the following personal data:
- first and last name of the person;
- address, postcode and town;
- phone number.
- business ID.
The following data is collected on the contact form:
- first and last name of the person;
- phone number;
5. Rights of data subjects
The data subject has the following rights. Requests to exercise such rights should be made via email to:
Right of access
The data subject may check the personal data stored in the personal data file.
Right to rectification
The data subject may request rectification of any inaccurate or incomplete data concerning them.
Right to object
The data subject may object to the processing of personal data if they feel that their data has been processed unlawfully.
Prohibition on direct marketing
The data subject has the right to prohibit the use of their data for direct marketing.
Right to erasure
The data subject has the right to request the erasure of data if its processing is not necessary. After considering any requests for erasure, we will either erase the data or give a justified reason why the data cannot be erased.
The controller may have a statutory or other such right not to erase the data as requested.
Withdrawal of consent
If the processing of personal data concerning the data subject is only based on consent, rather than a customer relationship or membership, for example, the data subject may withdraw such consent.
The data subject may lodge a complaint against any decision to the Data Protection Ombudsman.
The data subject has the right to demand that we restrict the processing of any disputed data until the issue is resolved.
Right to complain
The data subject has the right to lodge a complaint to the Data Protection Ombudsman if they feel that their personal data is being processed in contravention of any data protection laws currently in force.
Data Protection Ombudsman’s contact details: https://tietosuoja.fi/en/contact-information
6. Regular sources of data
The customer data in this personal data file is only obtained:
- directly from the customer at the time of establishing the customer and contractual relationship.
7. Disclosure of data
Groundec may disclose personal data to its partners to the extent permitted by law, unless the data subject has prohibited such disclosure. Data may only be disclosed for purposes that support the concept of Groundec’s customer register.
Data may also be disclosed to third parties in the context of matters relating to debt collection and invoicing, as well as demands made by competent authorities on the basis of laws currently in force.
We have ensured that all of our service providers comply with data protection laws.
8. Duration of processing
- Personal data based on a customer relationship will be retained for as long as the contractual relationship is valid and for a further 2 years from its conclusion.
- Personal data obtained on the contact form will be retained for 2 years.
9. Processors of personal data
Personal data is processed by the controller and its employees. The processing of personal data may also be partly outsourced to a third party, in which case contractual arrangements will be used to guarantee that personal data is processed in compliance with data protection laws in force and otherwise appropriately.
10. Location and transfer of data outside the EU
As a general rule, personal data is not transferred to countries outside the European Union or the European Economic Area. Where data is nevertheless transferred, the controller will ensure that the target country fulfills the criteria of data protection laws either through the Privacy Shield framework or in an otherwise verified manner.
The personal data file is located on a secure server. The customer is entitled at any time to obtain information on the location of data processing.
11. Automated decision-making and profiling
The data stored in the personal data file is not used for automated decision-making nor profiling of data subjects.
12. Securing the personal data file
The data stored in the electronic personal data file is secured from unauthorized access by means of firewalls, personal user names and passwords, and generally accepted technical means. Access to the data stored in the personal data file is limited to those employees whose work duties require access to such data. All users of the personal data file are bound by the obligation of secrecy. No physical copies are made of the personal data file. The controller will immediately notify all interested parties and the data protection authority of any possible data breach in compliance with the General Data Protection Regulation.