Sales and marketing register

General

The registrar commits to upholding the confidentiality of the personal information under its control and to complying with the data protection laws. In compliance with the EU’s General Data Protection Regulation (EU) 2016/679, also known as the “Data Protection Regulation,” explains how the controller gathers, processes, and manages personal data while ensuring that the conditions set by law for the safe processing of personal data and the protection of personal privacy are met. All natural persons whose personal data are in the data registrar’s Sales and Marketing Register are referred to as “registered” in this data protection statement.

The registrar monitors changes in data protection legislation and reserves the right to change or update this data protection statement if necessary. This Privacy Policy has been updated on 5.8.2024.

 

1. Registrar

GMM Finland Oy (ID 2860883-5), Yliopistonkatu 60 A (3rd floor), 33100 Tampere, Finland

 

2. Contact information in matters concerning the register

Email address: tietosuoja@honkajokioy.fi

In all questions related to the processing of personal data and in situations concerning the exercise of one’s own rights, the registrant is advised to contact the aforementioned e-mail address.

 

3. Register name

Sales and marketing register

 

4. Legal basis and purpose of personal data processing

The processing of personal data is based on one or more of the following grounds according to the Data Protection Regulation:

• consent given by the data subject

• legitimate interest of the data controller

• the contract concluded between the controller and the data subject

Personal data is processed for the following purposes:

• management and maintenance of customer relations

• customer acquisition

• marketing to customers and potential customers

• marketing targeting

• business planning and development

• delivery of the newsletter

• administration of campaigns and contests

• implementation of marketing bans

• invoicing

 

5. Data content of the register

The registrar collects only such personal data from the registrants that are relevant and necessary for the purposes described in this privacy statement.

The registrants’ personal information may be processed in the following ways:

• Name, postal address, telephone number and email address of the registrant

• The registrant’s employer or other organization, and information about the person’s role in the organization

• Contacts between the controller and the registered, complaints and other transaction information

 

6. Regular sources of information

Personal data is usually collected from the data subject themselves. This can happen, for example, when making an offer, concluding a contract or customer relationship, as well as in connection with various competitions and campaigns. In addition, personal data can be collected from general business registers and from public Facebook and LinkedIn accounts.

 

7. Regular data transfers

The registrar may disclose personal data to companies belonging to the same group within the limits permitted by law. Additionally, third parties that the controller selects as subcontractors may receive access to personal data. The controller only uses trusted contractual partners with whom the requirements set by the Data Protection Regulation have been taken into account in the contracts.

The controller can also provide personal data to the authorities in statutory cases. In addition, personal data may be disclosed in connection with a possible business sale or other business arrangement to the buyer of the business or to another relevant entity related to the business arrangement.

 

8. Transfer of personal data to third countries

In principle, personal data is not transferred outside the EU and the European Economic Area. However, if this is done for a special reason, the transfer will be carried out in accordance with the requirements set by the Data Protection Regulation.

 

9. Data retention period

Personal data is stored only for as long and to the extent as is necessary in relation to the purposes for which the personal data has been collected. Personal data is deleted when its storage is no longer necessary to fulfil the law or the rights or obligations of either party.

The registrant can unsubscribe from the e-mail marketing list via the unsubscribe link in each marketing e-mail.

 

10. Principles of registry protection

The controller has taken appropriate technical and organizational measures to protect your personal data. The following protective measures are used to ensure the security of personal data:

• Access to the register is limited by access rights so that only those persons who have the right to do so due to their work duties can access the information.

• The devices and information systems used to process personal data are technically protected in sufficient ways.

• The staff has received instructions regarding the secure processing of personal data.

• The use of paper-based material is avoided, and personal data is printed only when necessary. Paper printouts are securely destroyed immediately after processing.

• Disposal of materials containing personal data is done securely.

• If, despite the security measures, a data security breach occurs, the breach will be reported to the Data Protection Commissioner as soon as possible and to the relevant data subjects, if the Data Protection Regulation requires this.

 

11. Rights of the data subject

The registered person has the right to check the information entered in the register about them and to receive a copy of this information. The registered person also has the right to demand the correction of incorrect personal data, the right to request the deletion of their data from the register, the right to object or request to limit the processing of personal data, and to withdraw their consent to the processing of personal data.

The registrant should note that they cannot use all their rights in all situations. The use of rights is affected, for example, by the basis on which personal data is processed.

All requests regarding the data subject’s rights must be addressed to the email address mentioned in the contact information (see section 2).

The registered person also has the right to file a complaint about the processing of personal data to the data protection officer, whose contact information can be found at tietosuoja.fi.