Effective from May 25th 2018
Data controller is Pankaboard Oyj, registered address Ruukintie 2, 81750 Pankakoski. Controller manages the collected data. Subsidiaries of the data controller may also manage the personal data or share the management responsibility.
- Collected data
- How collected data is used
- How we manage and protect the user data
- Time to hold of collected data
- Sharing the data
- Transferring the data
- User rights
- Contact information
- Collected data
We collect personal data in interaction with our clients and suppliers. We collect the following data (within the local legislation):
- Contact information (Name, email address, telephone number)
- Other information you may give us in questionnaires or
- In contact forms in our website
Use of collected data
Data controller collects and uses the collected data for the following purposes (within the local legislation):
a) Sales and marketing
All data is managed by different legal basis which among others are:
a) Consent, or separate agreement if needed according to legislation
b) Confirming that our activities follow the legal contractual requirements or qualifications to make contracts
Data controller can manage the personal data in certain business purposes which includes the following aspects:
Detecting and blocking a fraud
Improving the safety of our website and information systems
Always when we handle personal data for these purposes we make sure that your rights are fully appreciated. You have a right to object handling your personal data, please see detailed “Rights of the data subject”.
How we handle and protect personal data
We manage collected personal data also automatically for the purposes mentioned above and we hold the data a period of time that follows our internal policies. This makes sure that the personal data is not being held longer that is necessary.
We have administrational, technical and physical processes which are designed to protect your data from being destroyed, disappeared, modified, processed, revealed or being used by mistake, illegally or unauthorized. To make sure the safety and the confidentiality of the personal data we use the following safety processes:
- Encryption of transferred data
- Strong access control
- Reinforced network infrastructure
- Website control
- Time to hold the data
We save the collected data for six months.
Sharing the data
We can share the personal data collected about the data subject if needed by the law, law process or if authorities submit an official request and the sharing the data is seen as inevitable or necessary to avoid physical or monetary damage or to investigate fraud or illegal activities. We hold the right to transfer the collected personal data in case the business or asset sale or transfer (also in case of reorganization, business closure, bankruptcy).
Transferring the data
We don’t transfer the data outside the country where the data was originally collected or inside the country.
Rights of the data subject
According to GDPR articles 15-22 the data subject has the following rights:
- Right to access by the data subject: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
- Right to rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
- Right to erasure (‘right to be forgotten’): The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
- Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing data.
- Notification obligation regarding rectification or erasure of personal data or restriction of processing: The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
- Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller.
- Right to object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.
- Automated individual decision-making, including profiling: The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Always when personal data is being handled on the basis of consent as defined in GDPR article 7 the data subject has a right to cancel the consent at any time.
Tietosuoja / Pankaboard Oyj