1. Controller of data file
Business ID: FI24291383
Contact details for matters concerning data file:
2. Name of data file
InterControl Oy customer and marketing register
3. Data content in the register
The register lists the company’s business partners, customers and potential customers, and persons who have made contact with the company.
We also make use of public business data available online or collected from various authorities.
4. Purpose of use of personal data
The content of the register is used for managing user and customer relationships:
• Personal data are processed based on a registered customer relationship
• Personal data are processed based on consent
Purpose of data processing and use of data file
Personal data are only processed for purposes stated in advance, which are as follows:
• managing customer relationships
• providing information on our services
• analysing, grouping and reporting on customer relationships
• collecting and processing customer feedback
• carrying out market research and surveys
Additionally, anonymous tracking data are collected on the use of the website using the Google Analytics service:
• pages visited
• source of traffic
• device/browser used
• duration of visit
Tracking can be prevented by disabling cookies or using the browser’s Do Not Track option.
5. Personal data stored in the register
The customer register contains the following details:
• personal ID
• company name
• business ID
• customer number
• details of purchased products/services
6. Rights of the data subject
The rights of the data subject are listed below. Any requests concerning exercising those rights must be addressed to:
Right to access personal data
Data subjects may check the personal data that we have stored on themselves.
Right to rectification of data
Data subjects may request that we rectify any erroneous or incomplete data we have stored on themselves.
Right to object
Data subjects may object to the processing of their personal data if they consider improper processing to have taken place.
Direct marketing ban
Data subjects have the right to deny the use of their data for direct marketing purposes by informing the controller of the data file in writing.
Right to erasure
Data subjects have the right to request the erasure of their data when processing of the data is no longer necessary. After handling the request, we will either erase the data or provide justifiable grounds as to why we cannot erase them.
Please note that the controller of the data file may have a right, legal or otherwise, not to erase the requested data. The controller of the data file is required by the Finnish Accounting Act (Chapter 2, section 10) to store accounting materials for the period stated in the law (10 years). Therefore accounting-related data may not be removed before this period expires.
Cancellation of consent
If the processing of the data subject’s personal data is based entirely on consent (and not on e.g. a customer relationship or membership), the data subject may cancel their consent.
Complaints on decisions may be addressed to the Data Protection Ombudsman
Data subjects have the right to demand that processing of data involved in a conflict be restricted for the duration of the resolution of the conflict.
Right to appeal
Data subjects are entitled to make a complaint to the Data Protection Ombudsman if they feel that we have violated applicable data protection legislation in processing personal data.
Data Protection Ombudsman’s contact details: www.tietosuoja.fi/fi/index/yhteystiedot.html
7. Regular data sources
Regular sources of customer details:
• from the customers themselves at the start of the customer relationship
• from the customers themselves via an online form
• from the customers themselves by email
• from business and contractual partners and the authorities
• Personal data may also be obtained from providers of identification, authentication, address, update, credit rating or similar services.
• Personal data may also be obtained from the Digital and Population Data Services Agency’s population database and from other known systems.
8. Regular disclosures of data
Data are not usually disclosed for marketing purposes to parties outside of InterControl Oy.
We have ensured that all of our service providers comply with data protection legislation.
9. Duration of processing
We will store and process your personal data for as long as it is necessary to fulfil the stated purposes. Laws and regulations set certain requirements for the storage and use of materials containing personal data, which affect how long data are stored.
• Personal data are usually processed as long as the customer relationship remains in place.
• Any data subject may unsubscribe from our marketing using the links included in all of our marketing emails.
10. Processors of personal data
Personal data are processed by the controller of the data file and its employees. We may also outsource a part of our personal data processing to a third party, in which case we will contractually ensure that personal data are only handled according to valid data protection legislation and otherwise appropriately.
The persons handling your personal data have all received data protection and privacy training.
Our employees only have access to the personal data that are essential for them to complete their tasks.
The information system and its files are protected using technical protection methods commonly used in business operations. Personal data are handled confidentially, and the necessary level of data and processing protection is ensured using appropriate measures.
11. Transfers of data to outside the European Union
No personal data will be transferred outside of the European Union or European Economic Area unless it is essential for the maintenance and technical fulfilment of services. In such cases, we will ensure appropriate data protection as required by law.
12. Automated decision-making and profiling
Some of the data in the register may be used for profiling purposes. The aim of profiling is to analyse demand and customer behaviour for marketing purposes.
This policy was last updated on 1 October 2022, and it is valid until further notice.