Privacy Policy

This Privacy policy acts as frame for the personal data collected by Pankaboard Oyj according to the European Union General data Protection Regulation (GDPR) and the local legislation.

Effective from May 25th 2018

Data controller is Pankaboard Oyj, registered address Ruukintie 2, 81750 Pankakoski. Controller manages the collected data. Subsidiaries of the data controller may also manage the personal data or share the management responsibility.

This Privacy Policy concerns the representatives of our clients and suppliers.

This Privacy policy describes the type of personal data we collect, how we use the data, how we manage the data, how long we hold the data, who we share the data with and the rights the data subject has for collected personal data. We also tell how to contact us in case of questions or comments about our privacy policy or if you want to use your rights.

Privacy policy

  • Collected data
  • How collected data is used
  • How we manage and protect the user data
  • Time to hold of collected data
  • Sharing the data
  • Transferring the data
  • User rights
  • Changes in privacy policy
  • Contact information
  • Collected data

We collect personal data in interaction with our clients and suppliers. We collect the following data (within the local legislation):

  • Contact information (Name, email address, telephone number)
  • Other information you may give us in questionnaires or
  • In contact forms in our website

Use of collected data

Data controller collects and uses the collected data for the following purposes (within the local legislation):

a) Sales and marketing

All data is managed by different legal basis which among others are:

a) Consent, or separate agreement if needed according to legislation
b) Confirming that our activities follow the legal contractual requirements or qualifications to make contracts

Google analytics

The cookies on this website may be used by and delivered to you by us or by third party web analytics services, such Google Analytics and Google TagManager. The collected data is saved to Google Analytics. If the visitor chooses not to accept our cookie policy by clicking ”Accept”, it may affect the experience and the cookie consent will be displayed on every page load. By accepting the cookies the visitor agrees to the terms of service.

Google’s Privacy Policy is available here.

This site is also protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Legal aspects

Data controller can manage the personal data in certain business purposes which includes the following aspects:

Detecting and blocking a fraud
Improving the safety of our website and information systems
Always when we handle personal data for these purposes we make sure that your rights are fully appreciated. You have a right to object handling your personal data, please see detailed “Rights of the data subject”.

How we handle and protect personal data

We manage collected personal data also automatically for the purposes mentioned above and we hold the data a period of time that follows our internal policies. This makes sure that the personal data is not being held longer that is necessary.

We have administrational, technical and physical processes which are designed to protect your data from being destroyed, disappeared, modified, processed, revealed or being used by mistake, illegally or unauthorized. To make sure the safety and the confidentiality of the personal data we use the following safety processes:

  • Encryption of transferred data
  • Strong access control
  • Reinforced network infrastructure
  • Website control
  • Time to hold the data

We save the collected data for six months.

Sharing the data

We don’t share the personal data we have collected with others than mentioned in this privacy policy or described in separate notification given in connection to certain activities.

We can share the personal data collected about the data subject if needed by the law, law process or if authorities submit an official request and the sharing the data is seen as inevitable or necessary to avoid physical or monetary damage or to investigate fraud or illegal activities. We hold the right to transfer the collected personal data in case the business or asset sale or transfer (also in case of reorganization, business closure, bankruptcy).

Transferring the data

We don’t transfer the data outside the country where the data was originally collected or inside the country.

Rights of the data subject

According to GDPR articles 15-22 the data subject has the following rights:

  1. Right to access by the data subject: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
  2. Right to rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
  3. Right to erasure (‘right to be forgotten’): The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
  4. Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing data.
  5. Notification obligation regarding rectification or erasure of personal data or restriction of processing: The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
  6. Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller.
  7. Right to object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.
  8. Automated individual decision-making, including profiling: The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Always when personal data is being handled on the basis of consent as defined in GDPR article 7 the data subject has a right to cancel the consent at any time.

Changes in privacy policy

This privacy policy (and possible attachments) may be updated in case there are changes in our privacy policies or in legal requirements. We inform any significant changes in our website. In the beginning of each privacy policy there is mentioned when the policy has been updated.

Contact information

In case you have questions or comments about our privacy policy or if you want to use your rights as a data subject, please contact in the following address:

Tietosuoja / Pankaboard Oyj
Ruukintie 2,
81750 Pankakoski