1. The controller

Name: Siparila Oy
Business ID: 1982051-9
Postal address: Varaslahdentie 1, 40800 Vaajakoski, Finland

2. The person responsible for the register

Name: Meri Rajala
Phone: 044 778 7447
Email: meri.rajala@siparila.fi

3. Name of the register

Siparila / Customer register for electronic services

4. Purpose of processing personal data

Personal data of the customer may be processed for the following purposes:

  • managing and administering a client or other relationship based on a material connection
  • analysis and statistics
  • planning, analysis and development of the business activities of the controller and of companies belonging to the same group as the controller.
  • marketing by the controller and its affiliated companies, including direct marketing and targeting of the data subject's interest, for example through profiles created on the basis of the customer's purchase history or other data.
  • opinion and market research; and
  • other similar uses that do not conflict with the uses described above.

5. Data content of the register

Basic information about the data subject, such as:

  • first name and surname
  • contact information (e.g. postal addresses, telephone numbers, email addresses)
  • information on the profession or status in the workplace of the contact persons of business customers

Information relating to your customer and other relevant relationship and your use of the services and content, such as:

  • registration data for the controller's services (e.g. login username and password)
  • profiling and interest data provided by the data subject
  • information about the purchase, such as information about the goods and services purchased, including information about product warranties, and the necessary information about payment, billing and collection.
  • customer communication data, including recordings of customer service calls
  • feedback and complaints, including information relating to defects and product liability
  • browsing and other data concerning the use of the controller's electronic services and content, including the technical data (IP address, browser) sent by the data subject's browser to the controller's server and the cookies sent to the data subject's browser and related data, if personal data are associated with the cookies.
  • information relating to marketing and promotion, such as the marketing measures targeted at the data subject, their use and the information provided in connection with them, as well as direct marketing authorisations and prohibitions.

6. Regular sources of information

Information about the data subject is regularly obtained from the data subject himself/herself, inter alia, when the data subject participates in the controller's marketing activities.

Data may also be obtained through the controller's online shop or other electronic services, in which case data may also be collected by means of cookies or other similar technologies.

Personal data may also be collected and updated from other registers of the controller and of companies belonging to the same group as the controller, as well as from authorities and companies providing personal data services, such as the Population Information System and other similar registers.

7.Regular disclosures and transfers of data outside the EU or EEA

Personal data may be disclosed only to the extent permitted and required by applicable law.

The controller may disclose personal data to partners carefully selected by the controller for marketing purposes, unless the data subject has objected to such disclosure. In addition, the controller may transfer the data to its own direct marketing register after the end of the material connection.

Personal data is not regularly disclosed for purposes other than those mentioned above. However, the controller is entitled, to the extent permitted by law, to disclose personal data, for example in situations related to the sale of a business.

In addition, the controller may disclose data for statistical and analytical purposes, for example, in such a way that the data disclosed cannot be linked to an individual person.

Data is not regularly transferred outside the territory of the Member States of the European Union or the European Economic Area. However, if the transfer is necessary for the purposes of the processing of personal data or for the technical implementation of the processing, the transfer will be carried out in accordance with the requirements of personal data legislation.

8. Principles of register protection

Personal data in electronic format is protected by technical means generally accepted in the information security industry, such as firewalls and passwords. Only identified employees of the controller and of companies acting on behalf of and for the account of the controller have access to the data contained in the electronic register, subject to personal access rights granted by the controller.

Manual files containing personal data are kept in locked premises.

9. Right of inspection, prohibition and correction

The data subject has the right under the Personal Data Act to check what information about him or her has been stored in the register by sending a request for inspection to the controller. The request for inspection must be in writing and signed or, alternatively, may be made in person at the controller's premises.

The data subject has the right to object to the processing and disclosure of data concerning him or her for the purposes of direct marketing, distance and direct selling, market research and public opinion polls by contacting the controller. The data subject also has the right to request the correction of inaccurate data by contacting the controller.