1. Data Controller
Bevenic Group Oy / Bevenic Oy
Kellonkärki 9
FI-70460 Kuopio
In matters concerning the register contact:
tietosuoja@bevenic.com
2. Data Subjects
Customers and potential customers of Bevenic Group Oy and Bevenic Oy who have requested further information and/or an offer for our services. Website users.
3. Purposes and legal basis for processing personal data
Customers’ personal data are processed for the purposes of processing orders and commissions, marketing products and services, developing services, customer surveys, contacts, billing, collection, reporting and other measures related to customer relationship management.
The controller processes personal data on the basis of a contract with a customer for the performance of the contract or for pre-contractual measures. The processing of personal data for customer relationship management and marketing purposes is possible on the basis of the controller’s legitimate interest in the customer relationship. For marketing purposes, business data is collected and stored in order to fulfill the aforementioned purposes.
4. Categories of personal data processed, data content and data sources
We only collect personal data that is relevant and necessary for the purposes described in this Privacy Policy.
5. Personal data categories and data content
Personal data category and examples of data content
Contact information: Name and contact details of the contact person for the customer.
Customer-related details: Role and job title of the person, organisational structure of the customer
Website usage: IP address and behaviour of website users
Other voluntary information*: Information voluntarily provided by the data subject
*Voluntary information that is not necessary to provide.
6. Data sources
Customer information is regularly obtained from the customer himself/herself. In addition, information is collected from publicly available data from companies.
7. Retention of personal data
We will retain personal data for as long as necessary to fulfill the purposes specified in this Privacy Policy, unless there is a legal obligation to retain personal data for a longer period (e.g. responsibilities and obligations relating to specific legislation, accounting obligations or reporting obligations). We may also retain personal data for longer periods if we need the information to resolve a dispute or to prepare, present or defend a legal claim.
The information will be reviewed every two years. When the personal data is no longer needed as defined above, the data will be deleted or made anonymous within a reasonable period of time.
8. Recipients of personal data
The data will not be disclosed for marketing purposes outside Bevenic Group Oy. Personal data may be disclosed or transferred to other companies belonging to the same group, subject to the conditions of data protection legislation, where there is a legitimate basis for the disclosure or transfer. Group companies may process personal data for the purposes specified in this Privacy Policy.
We use external service providers and subcontractors to process personal data, who act as processors of personal data. For example, service providers providing IT systems and other services are involved in the processing of personal data. Details of the recipients of personal data will be provided on request.
9. Transfer of personal data outside the European Economic Area
As a general rule, we process data within the EU and EEA. If personal data is transferred outside the EU or EEA to a country for which the European Commission has not issued an adequacy decision, we will ensure the lawfulness of the transfer of personal data through an appropriate safeguard mechanism or by using the European Commission’s standard contractual clauses. Further information on the safeguards used will be provided upon request.
10. Security of processing of personal data
We process personal data in a manner that aims to ensure appropriate security and data protection in all circumstances, including protection against unauthorized processing and accidental loss, destruction or damage.
The processing of personal data is subject to appropriate technical and organisational safeguards to ensure this, including the use of firewalls, encryption techniques, secure equipment rooms, appropriate access control and access management.
In accordance with this Privacy Policy, we may also use external service providers to process personal data, in which case we will ensure that we have the necessary contracts in place to comply with data protection legislation.
11. Data subject rights
Data subjects have rights guaranteed by data protection legislation. Please note, however, that the application of these rights in each individual situation depends on the purpose and context of the processing of personal data.
12. Right of access
The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed. If they are processed, the data subject has the right of access and the right to obtain a copy of the personal data upon request, in accordance with the limits of data protection legislation.
13. Right to rectification and erasure
The data subject has the right to request the correction of inaccurate or incorrect data. In addition, the data subject has the right, within the limits of data protection legislation, to request the erasure of his or her data. We will also delete, correct and complete on our own initiative any personal data that we discover to be inaccurate, unnecessary, incomplete or outdated for the purposes of processing.
14. Right to data portability and to restriction and object to processing
The data subject has the right to receive the data in a structured, commonly used and machine-readable format and to transfer the data to another controller, provided that the data subject has provided the data for processing based on consent or for the performance of a contract and the data are processed automatically.
In addition, the data subject has the right to request restriction of the processing of personal data under the conditions set out in the data protection legislation. In addition, where the personal data suspected of being inaccurate cannot be rectified or erased or where there is uncertainty about the erasure request, we will restrict access to the data.
The data subject has the right to object to the processing of personal data based on legitimate interests, including profiling. We may refuse a request if the processing is necessary for the purposes of compelling legitimate interests. However, the data subject always has the right to object to the processing of personal data for direct marketing purposes and profiling in relation to direct marketing.
15. Right to withdraw consent
Where the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw his or her consent. Such withdrawal shall have no effect on the processing previously carried out.
16. Exercise of rights
Requests concerning data subjects’ rights are made in writing or electronically (contact details in section 2 of the Privacy Statement). The identity of the person concerned will be verified before the data are provided. The request will be answered within a reasonable time and, where possible, within one month of the request and the verification of identity. If the data subject’s request cannot be complied with, the data subject will be informed in writing of the refusal.
17. Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a data protection authority if the data subject considers that his or her personal data have been processed in breach of the applicable legal provisions. The contact details of the Finnish Data Protection Authority can be found here.
18. Changes to the Privacy Policy
We may need to amend and update this Privacy Policy as necessary due to changes in practices or data protection legislation. Please check back regularly for the latest version.