Customer Register B2C
Privacy Policy
Last updated:
April 19, 2024
Metsäavain Oy (2908433-2)
Tervasuontie 211 A
82110 Heinävaara
Akseli Juurinen
akseli.juurinen@metsaavain.fi
+358 40 1606157
Contract
The purpose of this register is to maintain the B2C customer register of the organization, manage customer orders, archive and process them, and manage customer relationships. The data may be used for business development, statistical purposes, and providing more personalized and targeted content in our online services. Personal data is processed within the limits allowed and required by data protection regulations. The data in the register can be used within the organization’s own systems, for example, to target advertisements, without disclosing personal data to external parties. The organization may use partners to maintain customer and service relationships, and in such cases, parts of the register may be transferred to the partner’s servers for technical reasons. The data is only processed for the maintenance of the customer relationship through technical interfaces. The organization has the right to publish information contained in the customer register in an electronic or printed directory unless the customer specifically prohibits it. This directory may include items like mailing labels for direct marketing, or similar purposes. The customer has the right to object to the publication of their data by notifying the customer service or the contact person of the register by email or through customer service.
The legal basis for processing the collected and used personal data is based on the freedom of business activity. The controller must process personal data to carry out business-related tasks. The processing of personal data in this context cannot necessarily be justified by a statutory obligation or an agreement made with the individual. In the balancing test, the controller has determined that the legitimate interest is the most appropriate legal basis for processing, taking into account the nature and scope of the processing and the rights and freedoms of the data subjects. The controller has assessed that processing under legitimate interest does not cause significant harm to the rights and freedoms of the data subjects.
Customer’s personal details
Customer’s usage data
The controller’s personnel and outsourcing partners (financial administration) as applicable.
The customer register contains the following data:
First and last name
Email address
Postal address
Phone number
Website address
IP address
Details of previous orders
Login details, where the feature is enabled for the customer.
Data is obtained from the customer’s registrations and notifications during the customer relationship. Name and contact details may also be updated by update services provided by authorities or companies. Information may also be obtained from subcontractors related to the use or delivery of the service. Other data regarding customer actions in a digital environment may be collected from the websites, information systems, or other digital sources of cooperation partners, where the customer logs in via electronic invitation (link), cookies, or by using provided credentials. The customer register data is solely for the organization’s use, except when using an external service provider either to deliver added-value services or for credit decisions. The data will not be disclosed to third parties or partners except in matters related to credit applications, collections, or billing, and as required by law. Personal data will be deleted upon the user’s request unless legislation, outstanding invoices, or collection actions prevent deletion.
10 years after the end of the customer relationship.
Customer register data is only used within the organization, except when external service providers are used to deliver additional services or support credit decisions. The data is not disclosed to external parties or the organization’s partners, except in matters related to credit applications, collections, or billing, and as required by law. Personal data will be deleted upon request, unless legislation or open invoices or collection actions prevent deletion.
Data in the register is not regularly transferred outside the EU/EEA. However, it is possible that non-EU/EEA service providers are used in processing or that service providers’ servers are located outside the EU/EEA. In such cases, the transfer of data is based on SCC (Standard Contractual Clauses) and additional security measures, such as internal guidelines on pseudonymization of personal data or a possible TIA (Transfer Impact Assessment), will be implemented when required.
Contact information and other customer data collected during customer transactions are stored after initial processing in locked, fireproof storage areas. Only authorized employees who have signed confidentiality agreements have the right to process manually stored customer data. The protection and processing of register data comply with data protection law, regulations from authorities, and good data processing practices.
Only authorized employees of the organization and its contractors have the right to access and maintain the customer register. Each defined user has a personal username and password. All users have signed confidentiality agreements. The system is protected by a firewall to prevent unauthorized external access. The protection and processing of register data comply with data protection law, regulations from authorities, and good data processing practices.
We use cookies on our website. A cookie is a small text file sent to and stored on the user’s computer. Cookies do not harm users’ computers or files. The primary purpose of using cookies is to improve and customize the visitor’s experience on the website, as well as to analyze and improve the functionality and content of the site. Data collected through cookies may also be used for targeting communication and marketing, as well as optimizing marketing actions. Visitors cannot be identified solely through cookies. However, the information collected through cookies can be linked to information that may have been obtained from the user in other contexts, for example, when the user fills out a form on our website. The following information is collected using cookies:
Visitor’s IP address
Time of visit
Pages visited and viewing times
Browser used by the visitor
Your rights:
Visitors to our website have the option to block cookies at any time by adjusting cookie settings in the cookie banner. Some browser programs also allow users to turn off cookies or delete already stored cookies. Blocking cookies may affect the functionality of the website.
Profiling or automated processing does not apply to the personal data being processed.
A data subject has the right to check what data is held about them in the register. The request for access must be made in writing by contacting the controller’s customer service or the contact person of the register in either Finnish or English. The request should be sent from a verifiable email address. The data subject has the right to object to the processing and transfer of their data for direct marketing, remote sales, direct marketing, as well as market and opinion research purposes by contacting the controller’s customer service.
The data subject has the right to transfer their data from one system to another. Requests for data portability should be addressed to the contact person of the register.
Any inaccurate, unnecessary, incomplete, or outdated personal data in the register must be corrected, deleted, or supplemented. The correction request must be made in writing, either hand-signed or from a verifiable email address, to the customer service or the person responsible for the personal register. The request should specify which data needs to be corrected and the basis for the correction. The correction will be made without delay. The person from whom the incorrect data was obtained or to whom the data has been transferred will be informed of the correction. If the correction request is denied, the person responsible for the register will provide written justification, stating the reasons for rejecting the request. The individual can submit the refusal to the data protection authority for a resolution.
The data subject has the right to request a restriction on the processing of their personal data, e.g., if the data in the register is incorrect. Contact the person responsible for the register.
The data subject has the right to request their personal data, as well as the right to request the rectification or deletion of personal data. Requests should be addressed to the contact person of the register. If you act as a contact person for a company or organization, your data cannot be deleted during this time.
If you believe that your personal data is being processed in violation of data protection regulations, you have the right to lodge a complaint with a supervisory authority. You can file the complaint in the country where you have your permanent residence or workplace. Contact details for the national supervisory authority:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Phone switchboard: +358 29 566 6700
Registry: +358 29 566 6768
Email: tietosuoja@om.fi
Website: www.tietosuoja.fi
The data subject has the right to refuse the transfer and processing of their data for direct marketing and other marketing purposes, request anonymization of their data where applicable, and the right to be completely forgotten.