Privacy policy

1. The controller

Bevenic Group Oy

Contact information:
Kellonkärki 9
FI-70460 Kuopio

For all matters concerning the register, contact:

2. Data subjects

Bevenic Group Oy’s customers and potential customers who have requested further information and/or an offer for our services. Website users.

3. Purpose of use of personal data

The personal data of customers are processed for the purposes of processing orders and commissions, marketing products and services, developing services, customer surveys, contacts, billing, collection, reporting and other activities related to the management of the customer relationship.

4. Lawful basis for processing personal data

The controller processes personal data on the basis of a contract with a customer for the performance of the contract or for pre-contractual measures. The processing of personal data for customer relationship management and marketing purposes is possible on the basis of the controller’s legitimate interest in the customer relationship.

5. Personal data to be recorded in the register (only the data that are processed are listed here)

Data Customer Website users
IP-address X

6. Regular data sources

Customer data is normally obtained from the customer himself.

7. Regular data disclosures

The data will not be disclosed for marketing purposes outside Bevenic Group Oy. We have ensured that all our service providers comply with data protection legislation. We regularly use the following service providers:

  • Zoner Oy, website hosting, Finland
  • Google Analytics – Google LLC, USA
  • We may disclose information to a collection agency if it is necessary to monitor payment.

8. Duration of processing

  • As a general rule, personal data will be processed for two years from the date of the last offer or invoice.
  • For website visitors, data will be processed for two years.

Please note that the controller may have a legal or other right not to delete the requested data. The data controller is obliged to keep the accounting records for the period specified in the Accounting Act (Chapter 2, Section 10) (10 years). Therefore, accounting records cannot be deleted before the expiry of this period.

9. Transfer of data outside the EU

The Google LLC Privacy Policy operates under the EU-U.S. Privacy Shield program, so the transfer of data is legal under the EU General Data Protection Regulation and the level of data protection is ensured by the EU-U.S. Privacy Shield program. Google LLC encrypts or encrypts data wherever it is held.

10. Automated decision-making and profiling

We do not use data for automated decision-making or profiling.

11. Register security basics

Personal data is confidential. Electronic registers are protected by firewalls, usernames and passwords. Bevenic Group Ltd uses SSL (Secure Sockets Layer) encryption. SSL encryption (https) is designed to make the data transmitted unreadable to anyone other than us.

Personal data on paper is stored in a locked room with smoke detectors.

12. Cookies

What is a cookie?

The controller uses cookies on its website. A cookie is a small text file that is stored by an internet browser on a user’s device.

Use of cookies on the website

On its website, the controller uses both session cookies, which can be deleted, and cookies that are stored in the user’s browser. Session cookies are stored in the memory of the user’s browser only for the time the browser is open. The purpose of storable cookies is to identify the user’s browser for the purpose of the user’s next visit to the website. In addition, the controller uses cookies to monitor visitor traffic to its website and to make its service more user-friendly, secure and seamless. The controller also uses the Google Analytics web analytics service on its website to perform the controller’s data collection activities using cookies. The cookies collected through Google Analytics are stored on the servers of the service provider concerned, which may be located outside the European Union.

Blocking the use of cookies

In the browser settings, the user can specify whether he or she wishes to accept or refuse the use of cookies. The user can also configure the browser setting to notify the use of cookies on the website, allowing the user to accept the use of cookies on a case-by-case basis. If the user blocks the use of cookies, this may affect the performance of the controller’s website.

13. Rights of the data subject

The data subject has the following rights, the exercise of which should be requested at the following address:

Right of access

The data subject may check the personal data we have stored.

Right to rectification

The data subject may request the rectification of inaccurate or incomplete data concerning him/her.

Right to object

The data subject may object to the processing of personal data if he or she considers that the personal data have been processed unlawfully.

Direct marketing ban

Data subjects have the right to object to the use of their data for direct marketing.

Right of withdrawal

The data subject has the right to request the erasure of data if the processing is no longer necessary. We will process the request for erasure, after which we will either delete the data or provide a reasoned justification why the data cannot be deleted.

Withdrawal of consent

Where the processing of personal data concerning a data subject is based solely on consent, and not, for example, on customer or membership, the data subject may withdraw consent.

The data subject may appeal against the decision to the Data Protection Ombudsman

The data subject has the right to request that we restrict the processing of the disputed data until the matter is resolved.

Right of appeal

The data subject has the right to lodge a complaint with the Data Protection Ombudsman if he or she considers that we are in breach of the applicable data protection legislation when we process personal data.

Contact the Data Protection Ombudsman: