Privacy Policy

1. DATA CONTROLLER

Fenno Water Ltd Oy
Business ID 2017447-0

Lastausväylä 9, FI-60100 Seinäjoki
Tel. +358 6 420 9500
Fax +358 6 420 9555

Karjalankatu 2 A 17, FI-00520 Helsinki
Tel. +358 9 446 972
Fax +358 9 446 973

 

2. POINT OF CONTACT

Outi Virtanen
Tel. +358 6 420 9500
outi.virtanen(at)fennowater.fi

 

3. NAME OF REGISTER

Fenno Water’s customer and marketing register

 

4. PURPOSE OF PERSONAL DATA PROCESSING/REGISTER

We collect and save information about our customers for communications related to the customer relationship
and for processing and delivering orders. With your consent, we also collect information for marketing purposes (direct marketing, such as sending product brochures and invitations to fairs).

 

5. BASIS FOR PROCESSING OF PERSONAL DATA

Personal data is processed based on agreement or consent:

• consent for direct marketing
• order or delivery contract.

The processing of personal data is not based on the legitimate interests of the controller.

 

6. DATA CONTENT OF REGISTER

The following data may be stored in the register:

• name and address of company and customer number
• name, e-mail address and phone number of contact person (if known)
• e-invoicing information.

 

7. REGULAR SOURCES OF INFORMATION

Information provided by the customer in connection with sending a contact form or placing an order and the completion of the order is stored in the register. The data is only used for marketing if the person providing the information has specifically agreed to this when providing their information.

We also use Google Analytics cookies to collect information about visitors to our website to obtain valuable information about the functionality and user-friendliness of our website. Such information includes, for example, the pages visited and the time spent on the site by the visitor. The information collected is completely anonymous and cannot be linked to a specific individual.

You can read Google Analytics’ privacy policy here.

 

8. REGULAR DISCLOSURES OF INFORMATION AND TRANSFER OF DATA OUTSIDE OF THE EEA

Personal data is processed for the purposes listed in this privacy policy. Data may be transferred to our service partners when they participate in the execution of actions.

Customer register data is not disclosed to third parties, with the exception of disclosure to the authorities as allowed and required by applicable legislation, e.g. when responding to data requests made by the authorities.

Data is not transferred outside of the European Union or the European Economic Area or to international organisations.

 

9. PRINCIPLES FOR PROTECTING THE REGISTER

We protect personal data carefully throughout their lifecycle. All the customer register data is stored electronically. The data content of the register is stored on the hard drive of one computer with password protection. The information systems are protected by means of firewalls.
The personnel are bound by confidentiality.

If we observe an event that would suggest that a data or data security breach has occurred, we start to investigate the matter immediately and attempt to prevent any damage caused by it. We inform the parties required to be informed of the data security breach in accordance with the legal requirements.

 

10. STORAGE, ARCHIVING AND DELETION OF PERSONAL DATA REGISTERS AND DATA CONTENTS

The data will only be stored in the register for the necessary time and extent, and the data controller will only use it for operations related to the purposes listed above.

 

11. RIGHTS OF THE DATA SUBJECT

The data subject shall have the following rights:

• Right to access their data
• Right to rectification
• Right to the erasure of their data
• Right to restriction of processing (denying the accuracy of data or illegal processing)
• Right to object (in case of direct marketing)
• Right to withdraw their consent
• Right to data portability (with regard to automatic processing)
• Right to be informed of data breach related to personal data

A person wishing to exercise their rights may contact the data controller. They may also lodge a complaint with the supervisory authority if they feel that the applicable data protection legislation is breached in the processing of their data.

 

12. WITHDRAWAL OF CONSENT

The data subject has the right to withdraw their consent for the processing of personal data if they want to do so.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The data subject has the right to withdraw their consent to direct marketing and prohibit the data controller from processing the data collected for the purpose of direct marketing.

The data subject should contact the data controller to withdraw their consent. With regard to processing of personal data based on contract, refusal to provide personal data prevents the delivery of the service.

 

13. DATA SUBJECT’S RIGHT OF ACCESS

The data subject has the right to access the data concerning them. The access request can be made in person to the data controller or by a letter signed by the data subject. The registers may be accessed with the data controller, or the data subject may request that the data controller collect the information about the data subject.

 

14. RIGHT TO RECTIFICATION

The data subject has the right to demand the rectification of inaccurate data. The rectification request must be sent to the point of contact by e-mail (see section 2). The request shall detail the incorrect data and provide the correct data.

 

15. AUTOMATED DECISION-MAKING OR PROFILING

The processing of personal data does not include any automated decision-making or profiling based on the personal data.

 

16. ADMINISTRATION OF THE REGISTER

The managing director and the office secretary make the decisions about operations related to the data file and execute the actions.

 

17. PERSON DEALING WITH MATTERS RELATED TO THE REGISTER

See section 2.

 

18. INFORMING US OF ISSUES AND DEFICIENCIES

If any issues and/or deficiencies are observed, the person in charge of the register must be informed immediately.