Customer register - privacy policy

Creation date: 24.4.2020

Data controller

Lektar Oy

Hiekkakiventie 7
00710 Helsinki

Contact person in matters related to the filing system

Katja Koistinen

Info@lektar.com

Name of filing system

Customer register

Purpose of personal data processing

The purpose of the filing system is the maintenance of the company’s customer register, managing customer orders, data filing and processing, and the maintenance of customer relations.

Information can be used to improve the company’s operation, for statistical purposes, and for producing more personalised content in our online services. Personal data are processed in accordance with the requirements of the Personal Data Act.

Data in the filing system can be used in the company’s own filing systems for example for targeted advertising without disclosing personal data to external parties. The company may use partners to maintain customer and service relationships, which means that part of the data held within the filing system may be transferred onto a partner’s server due to technical requirements. These data will be processed solely for the purpose of maintaining the company’s customer relationships using technical interfaces.

The company has the right to publish data contained in the customer register as an electronic or written list unless the customer especially prohibits this. In this case a list means for example address labels used for direct mail advertising. The customer has the right to prohibit the publication of data by notifying the company’s customer service by email office@lektar.com or by contacting the filing system’s contact person.

Data processing is based on contract.

Data content of filing system

Personal data filing system contains the following information:

  • First and last name of person
  • Community represented
  • Email address
  • Postal address
  • Phone number
  • Information on previous orders

Regular data sources

Data are obtained during a customer’s purchase in a company’s shop, online service or retailer, or from client notifications when a customer uses a service provided by the company.

Data are obtained from registrations made by the customer as well as other notifications received during the course of the customer relationship. Updates to names and contact information are also received from authorities and companies providing update services. Data can also be obtained from subcontractors related to the use or production of a specific service.

Data on the customers’ other activities in the digital environment can be obtained from partner websites, data systems or other digital sources using electronic sign-in (link), cookies or customer-specific identifiers.

The data stored in the customer register are used solely by the company, except when an external service provider is used either to provide added value services or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, outstanding invoices, or debt collection.

Storage time

The data will be removed on 5 years after customer relationship has expired.

Regular disclosure of data

The data stored in the customer register are used solely by the company, except when an external service provider is used either to provide added value services or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law.

A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, outstanding invoices, or debt collection.

Transferring data outside the EU or the EEA

Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.

Filing system’s principles of protection A: Manual material

Contact information collected during customer events and other manually processed documents containing customer data are stored in a locked and fireproof space after initial processing. Only specific employees who have signed confidentiality agreements have the right to process manually stored customer data.

Filing system’s principles of protection B: Electronically processed functions

Only specific employees working for or on behalf of the company have the right to use the customer-owner or customer register and maintain data stored in it. Each specific user has his or her personal username and password. Each user has signed a confidentiality agreement. The system is protected by a firewall to prevent external attacks on the system.

Rights of the data subject

According to the General Data Protection Regulation (GDPR), data subjects have the right

to obtain information on the processing of their personal data of access to their data
to rectification of their data
to the erasure of their data and to be forgotten
to restrict the processing of their data
to data portability
to object to the processing of their data
not to be subject to a decision based solely on automated processing.

Cookies

We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.

Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.

The following types of data are collected using cookies:

  • visitor’s IP-address
  • time of visit
  • browsed pages and time of browsing
  • visitor’s browser


Your rights

A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved.

Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS

We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or persons.

Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads

Google Analytics -monitoring can be disabled with a Chrome add-on.

Information source

Data is collected from customers.

Right of access

The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed. The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.

Right to lodge

If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.

The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.

Contact information for the national supervisory authority: (Finland) Office of the Data Protection Ombudsman
PL 800, Ratapihantie 9, 00521 Helsinki, Finland
tel. +358 29 56 66700

tietosuoja@om.fi www.tietosuoja.fi

Right to rectification

Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator.

The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.

Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Other rights related to the processing of personal data

Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.

Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system.

If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.

Prospects and potential customers - privacy policy

Creation date: 24.4.2020

Data controller

Lektar Oy

Hiekkakiventie 7
00710 Helsinki

Contact person in matters related to the filing system

Katja Koistinen

Info@lektar.com

Name of filing system

Prospects and potential customers

Purpose of personal data processing

The purpose of use for the filing system is to promote business operations, create new customer relationships and to communicate with potential customers.
Collected data are used to create and maintain new customer relationships as well as carry out other business-related tasks.

Legal basis of processing data is legitimate interest

Data content of filing system

Personal data filing system contains the following information:

  • First and last name of person
  • Community represented
  • Email address
  • Postal address
  • Phone number
  • Information on previous orders
  • Information on discussions during customer negotiations

Regular data sources

Data are collected from email messages and business cards received from customers as well as during phone conversations and face-to-face meetings with customers.

Data can also be received from interest groups, such as mass communication, marketing or contact forms on the company website.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, matters related to the management of the customer relationship, outstanding invoices, or debt collection.

Storage time

The data are never separately removed.

Regular disclosure of data

The data stored in the register are used solely by the company and its employees, except when an external service provider is used either to provide added value services or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law.

A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, matters related to the management of the customer relationship, outstanding invoices, or debt collection.

Transferring data outside the EU or the EEA

Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.

Filing system’s principles of protection A: Manual material

Manually processed documents containing customer data (e.g. printed emails or their attachments, printed online forms or other similar documents) are, after initial processing, stored in a locked and fireproof space. Only specific employees who have signed confidentiality agreements have the right to process manually stored customer data.

Filing system’s principles of protection B: Electronically processed functions

Only specific employees working for or on behalf of the company have the right to use for example workstations whose software can be used to maintain data on potential customers. Each specific user has his or her personal username and password. Each user has signed a confidentiality agreement. The system is protected by a firewall to prevent external attacks on the system, and workstations are protected by relevant security software.

Rights of the data subject

According to the General Data Protection Regulation (GDPR), data subjects have the right

to obtain information on the processing of their personal data of access to their data
to rectification of their data
to the erasure of their data and to be forgotten
to restrict the processing of their data
to data portability
to object to the processing of their data
not to be subject to a decision based solely on automated processing.

Cookies

We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.

Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.

The following types of data are collected using cookies:

  • visitor’s IP-address
  • time of visit
  • browsed pages and time of browsing
  • visitor’s browser


Your rights

A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved.

Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS

We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or persons.

Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads

Google Analytics -monitoring can be disabled with a Chrome add-on.

Information source

Webform other contact routes like phone inquiaries. Data is given by prospects themselves.

Right of access

The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed. The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.

Right to lodge

If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.

The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.

Contact information for the national supervisory authority: (Finland) Office of the Data Protection Ombudsman
PL 800, Ratapihantie 9, 00521 Helsinki, Finland
tel. +358 29 56 66700

tietosuoja@om.fi www.tietosuoja.fi

Right to rectification

Taking into account the purposes of processing, any data stored
in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator.

The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.

Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Other rights related to the processing of personal data

Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.

Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system.

If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.