Kaskea Group Oy
Opastie 10, 62375 Ylihärmä, Finland
Telephone +358 (0)6 4822 200
2. Contact person in matters concerning the filing system
Kaskea Group Oy
Opastie 10, 62375 Ylihärmä, FINLAND
Telephone +358 (0)6 4822 200
3. Name of filing system
Kaskea Group Oy’s Customer Data Filing System.
4. The purpose of processing personal data
The principal purpose of the filing system is the management, handling and maintenance of customer relationships. The personal data in the filing system is used for the marketing and sale of products and services directed at the customer and for producing and implementing services; for communications towards customers, to invoice for products and services, to receive and collect payments; to target marketing and/or direct marketing at customers.
The legal basis for keeping a filing system and processing the personal data in it is the controller’s legitimate interest.
5. Data content of the filing system
The following personal data may be stored in the filing system:
mobile phone and/or other telephone number
information about sales and quotations
6. Duration of personal data storage
Personal data is stored for as long as the customer relationship continues. After the customer relationship has ended, the personal data will be stored for a maximum of 10 years from the date of the customer relationship ending. Personal data may be stored for longer than this if the applicable legislation or the Company’s contractual obligations towards third parties require a longer storage period.
The data may be erased if the data subject requests the erasure of the data concerning them after the customer relationship has ended and all the rights and obligations of the customer and controller have been carried out. The data may be marked as archived/non-active even before the above-mentioned time. The storage of personal data for a longer period than the one specified above requires the anonymisation of the personal data. The filing system is regularly reviewed for outdated data.
The personal data of potential customers is stored in the direct marketing filing system for as long as the data subject continues to perform tasks which the marketed product or service relates to, provided that the data subject has not forbidden direct marketing targeted at them. If the data subject forbids direct marketing, information about them and their request not to be targeted with direct marketing may, however, be stored in the direct marketing filing system in order to ensure that their wishes are adhered to.
7. Regular sources of information
Personal data is collected in connection with the establishment of the customer relationship, during the customer relationship and during the work performed to create a potential customer relationship. The data is collected directly from a corporate customer or the data subject themselves. If the data subject consents (for example, by accepting cookies), data and supplementary data may also be collected from the Finnish Population Information System and other third-party filing systems. Data may also be collected in connection with various marketing activities, such as events. In terms of an organisation’s data, data may also be sought in the Finnish Patent and Registration Office’s Business Information System, or public sources such as websites.
8. Regular disclosure of data
9. Transferring data outside the EU or EEA
Personal data may be transferred to the controller’s service providers outside the EU and EEA. In such situations, the service provider has undertaken to comply with the Privacy Shield framework in accordance with the requirements of the General Data Protection Regulation.
10. Principles of filing system protection
A. Manual data material
Manual data material is stored in facilities that only specific persons can access.
B. Electronically stored data
The controller’s staff who participate in the processing of the data and any external persons acting on behalf of the controller are under an obligation of professional secrecy with regard to all the data in the filing system. The filing system is protected through user identification, passwords and access rights.
The controller may also utilise data for profiling purposes. Profiling is implemented using an identifier which makes it possible to combine data relating to the data subject, created through the use of the service. A profile created in this way may, for example, be compared to profiles created on other data subjects.
The purpose of profiling is to examine the demand for the services and also customer behaviour.
12. The data subject’s right to object to the processing of their personal data and to direct marketing
The data subject may present to the controller their consent or denial as regards direct marketing or profiling.
13. Other rights of the data subject relating to the processing of personal data
13.1 The data subject’s right to access their data (right of access)
13.2 The right to request the rectification and erasure of data and the restriction of its processing
13.3 The right to transfer data from one system to another
In so far as the data subject has themselves supplied information processed on the basis of the data subject’ consent or instruction, the data subject has the right to obtain such information for themselves, usually in a machine-readable form, and the right to transfer such data to another controller.
13.4 The right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint to the competent supervisory authority if the controller has failed to comply with the applicable data protection regulations in their activities.
13.5 Other rights
14. Contacting the controller
In all questions relating to the processing of personal data and situations relating to the use of a data subject’s rights, the data subject should contact the person specified in section 2. Questions and requests must be made in writing. When necessary, the controller or the person specified in section 2 may ask the data subject to clarify their request in writing and the data subject’s identity may be verified, if necessary, before any other action is taken.