Privacy Policy Statement

1. Controller

Kaskea Group Oy
Opastie 10, 62375 Ylihärmä, Finland

Telephone +358 (0)6 4822 200


2. Contact person in matters concerning the filing system

Kaskea Group Oy
Vesa Rautava
Opastie 10, 62375 Ylihärmä, FINLAND

Telephone +358 (0)6 4822 200



3. Name of filing system

Kaskea Group Oy’s Customer Data Filing System.


4. The purpose of processing personal data

The principal purpose of the filing system is the management, handling and maintenance of customer relationships. The personal data in the filing system is used for the marketing and sale of products and services directed at the customer and for producing and implementing services; for communications towards customers, to invoice for products and services, to receive and collect payments; to target marketing and/or direct marketing at customers.

The legal basis for keeping a filing system and processing the personal data in it is the controller’s legitimate interest.


5. Data content of the filing system

The following personal data may be stored in the filing system:

person’s name
mobile phone and/or other telephone number
email address
email thread
information about sales and quotations


6. Duration of personal data storage

Personal data is stored for as long as the customer relationship continues. After the customer relationship has ended, the personal data will be stored for a maximum of 10 years from the date of the customer relationship ending. Personal data may be stored for longer than this if the applicable legislation or the Company’s contractual obligations towards third parties require a longer storage period.

The data may be erased if the data subject requests the erasure of the data concerning them after the customer relationship has ended and all the rights and obligations of the customer and controller have been carried out. The data may be marked as archived/non-active even before the above-mentioned time. The storage of personal data for a longer period than the one specified above requires the anonymisation of the personal data. The filing system is regularly reviewed for outdated data.

The personal data of potential customers is stored in the direct marketing filing system for as long as the data subject continues to perform tasks which the marketed product or service relates to, provided that the data subject has not forbidden direct marketing targeted at them. If the data subject forbids direct marketing, information about them and their request not to be targeted with direct marketing may, however, be stored in the direct marketing filing system in order to ensure that their wishes are adhered to.


7. Regular sources of information

Personal data is collected in connection with the establishment of the customer relationship, during the customer relationship and during the work performed to create a potential customer relationship. The data is collected directly from a corporate customer or the data subject themselves. If the data subject consents (for example, by accepting cookies), data and supplementary data may also be collected from the Finnish Population Information System and other third-party filing systems. Data may also be collected in connection with various marketing activities, such as events. In terms of an organisation’s data, data may also be sought in the Finnish Patent and Registration Office’s Business Information System, or public sources such as websites.


8. Regular disclosure of data

Data is disclosed to the controller’s group companies for the purposes described in section 4 of this Privacy Policy Statement and to any other personal data filing systems of the controller’s Group, as well as to cloud service providers for processing material in the appropriate systems.  Disclosures are always carried out in accordance with and within the scope of the currently valid data protection legislation.


9. Transferring data outside the EU or EEA

Personal data may be transferred to the controller’s service providers outside the EU and EEA. In such situations, the service provider has undertaken to comply with the Privacy Shield framework in accordance with the requirements of the General Data Protection Regulation.


10. Principles of filing system protection

A. Manual data material
Manual data material is stored in facilities that only specific persons can access.

B. Electronically stored data
The controller’s staff who participate in the processing of the data and any external persons acting on behalf of the controller are under an obligation of professional secrecy with regard to all the data in the filing system. The filing system is protected through user identification, passwords and access rights.


11. Profiling

The controller may also utilise data for profiling purposes. Profiling is implemented using an identifier which makes it possible to combine data relating to the data subject, created through the use of the service. A profile created in this way may, for example, be compared to profiles created on other data subjects.
The purpose of profiling is to examine the demand for the services and also customer behaviour.


12. The data subject’s right to object to the processing of their personal data and to direct marketing

The data subject has the right to object to the profiling and other processing activities relating to themselves, which the controller directs at the data subject’s personal data in so far as the basis of processing the data is the controller’s legitimate interest. The data subject may present their objection in accordance with section 14 (Contacting the controller) of this Privacy Policy Statement. In connection with their objection, the data subject must specify the particular situation, based on which they object to the processing of their data. The controller may refuse to carry out the request relating to the objection on grounds provided by law.

The data subject may present to the controller their consent or denial as regards direct marketing or profiling.


13. Other rights of the data subject relating to the processing of personal data

13.1 The data subject’s right to access their data (right of access)

The data subject has the right to check what data concerning themselves has been stored in the controller’s filing system. The request for checking such data must be made according to section 14 (Contacting the controller) of this Privacy Policy Statement. Right of access may be denied on grounds provided by law. In principle, using the right to check the data is free when done once a year.

13.2 The right to request the rectification and erasure of data and the restriction of its processing

After discovering an error in the data concerning themselves, the data subject may request that the data be rectified, erased or that its processing be restricted in accordance with section 14 (Contacting the controller) of this Privacy Policy Statement. The data subject also has the right to request that the controller restrict the processing of their personal data, for example, in a situation where the data subject is waiting for the controller’s reply to the data subject’s request for the rectification or erasure of their data.

13.3 The right to transfer data from one system to another

In so far as the data subject has themselves supplied information processed on the basis of the data subject’ consent or instruction, the data subject has the right to obtain such information for themselves, usually in a machine-readable form, and the right to transfer such data to another controller.

13.4 The right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint to the competent supervisory authority if the controller has failed to comply with the applicable data protection regulations in their activities.

13.5 Other rights

If the data subject’s personal data is being processed on the basis of their consent, the data subject has the right to withdraw their consent by informing the controller of their withdrawal in accordance with section 14 (Contacting the controller) of this Privacy Policy Statement.


14. Contacting the controller

In all questions relating to the processing of personal data and situations relating to the use of a data subject’s rights, the data subject should contact the person specified in section 2. Questions and requests must be made in writing. When necessary, the controller or the person specified in section 2 may ask the data subject to clarify their request in writing and the data subject’s identity may be verified, if necessary, before any other action is taken.