fbpx

Data protection description

Name of register

Customer and marketing register

This stores and handles personal information in accordance with the EU’s GDPR. We may alter this data protection description from time to time, either by giving advance notice of this or without giving notice. We recommend that you visit this data protection description page from time to time to take note of changes.

Register controller:

Company name: Flexmill Oy
Y-tunnus: 2838097-3
Osoite: Ilveskaari 19B, 01900 Nurmijärvi
Puhelin: 0400 320 755

Person responsible for register matters:

Company name: Flexmill Oy
Martti Kivelä, CEO

The purpose of the handling of personal information:

Our operations are based on lawful business operations, and thus we also comply with the EU regulation on the storage of personal information – in brief, this is the following six points:

  • The information that we store about a person is lawful, reasonable and transparent in terms of its handling. This means that you can have access to your information at any time.
  • The information is limited to the purpose of use – for example, information that we collect about people is limited to only a particular usage purpose. We will not pass on your information to external parties unless there is an appropriate reason for doing so.
  • We will minimise the information we store – we will only store what is necessary.
  • We will seek to keep our information accurate.
  • We will limit the storage of information – a usage period is defined for the information, after which it is deleted, either automatically or as a matter of routine, unless there is a legally-grounded reason to keep it.
  • We store intact and reliable information, secured through back-up copies, for example.

We collect and store information based on customer relationships or associated with business operations, on possible new customers. The principal purposes for the usage of information are: Internet marketing, reporting, production of services, customer communications, the planning and targeting of marketing, analysis, development of customer service, tracking of payments and the development of the service and business, as well as for other comparable usage purposes. Flexmill Oy uses personal information for distance selling and direct marketing purposes in the ways permitted by the Personal Data Act. The collection of the information of potential new customers is based on the business operations and we collect the information ourselves.

The data content of the register:

We store the minimum amount of information relating to the customer relationship, which typically includes the individual name of the person, their company and contact details, such as their e-mail address and telephone number.

The information collected is:

  • First name and surname
  • Title
  • Contact information (such as the name of the company, contact details etc.)
  • Other text-form information relating to the customership
  • Marketing consent or prohibition
  • IP address information or another identifier
  • Information collected through cookies
  • Information collected through social media channels
  • Address of www pages

Normal sources of information:

Sources of information used include the following:

  • LinkedIn, Google Analytics and the web forms on the website.
  • Personal information is collected from the registered person themselves in the register controller’s own operations, in association with dealing with customers, including by phone, in the online service and at customer events.
  • In addition, with regard to our business operations, e.g. in connection with the acquisition of new customers, we may use names taken from the media, for example, which we may contact with a view to doing business.

Normal passing on of information:

We use the services of third parties for the handling and storage of such data which may include personal information. However, third parties act purely as handlers of personal information who have a right to handle such information only within the scope of the services agreed on, and Flexmill Oy remains the only register controller of this kind of information.

We shall pass on personal information in a limited manner to other parties – in practice, this means the following:

  • We use the tools of e-mail marketing. What is stored in these is only the name, company and e-mail address.
  • In order to take care of customer relationships, we use a CRM tool, in which we store, in a minimised form, things including the following: the name of the person, their contact details and features related to the customer relationship, such as meetings and other activities.
  • We use an invoicing system, in which we store, in a minimised form, things including the following: the personal name of the customer, their contact details and features related to the customer relationship, such as invoicing and the accounts ledger.
  • In order to take care of new customerships, we use a CRM tool, in which we store, in a minimised form, things including the following: the name of the person, their contact details and features related to the customer relationship, such as report requests from the site.
  • In order to take care of customer relationships, we use our website, on which we store, in a minimised form, things including the following: the name of the person, their contact details and features related to the customer relationship, such as report requests from the site.
  • Information can be passed on to the authorities within the limits in accordance with prevailing legislation or when decrees demand it, for example in order to investigate malpractices.

Transferral of information outside the EU or EEA

In the handling of data in accordance with the purposes specified in this data protection policy, we use partners and in association with this, we may pass on the personal information that we handle outside the EU or EEA, complying with the legislation that is in force in any given situation. In the case of countries where a sufficient level of data protection has not been ensured, transferrals are based on appropriate protective measures, such as the standard contract clauses approved by the European Commission or a monitoring authority.

Register protection principles

Flexmill Oy has appropriate technical and organisational security practices and processes to secure personal information against loss, misuse or other comparable illegal access.

The personal information contained in the register is stored confidentially. There are guidelines in the organisation of the register controller on the use of the register and access to the person register is restricted so that only those employees who have the right to do so with regard to their work tasks, and as far as their tasks require, have access to the information contained in the register stored in the system and are authorised to use it. The personnel who handle personal information are under an obligation of secrecy.

The system is protected with protection software. Access to the system requires entering a user ID and password from each user of the register. The server environment is protected with passwords and an appropriate firewall. The data traffic between the server and the computer of the user is transmitted in an encrypted form. In addition, the data network and equipment where the register is located are protected with a firewall and through other technical measures. Destroying of materials containing personal information is done is a data-secure manner.

Inspection rights

You have the right to get access to your personal information and have erroneous information that concerns you corrected. You have the right to demand deletion of your personal information at any time unless the interests that we are entitled to, or a requirement laid down by law, prevent the deletion of some personal information. Information shall be handed over in a form that is comprehensible to the customer, and in writing if so required. Requests are to be addressed with a personally signed letter to Flexmill Oy, Ilveskaari 19B, 01900 Nurmijärvi.

The right to demand correction of information

The register controller shall correct, delete or supplement information in the register that is, in terms of handling, erroneous, unnecessary, deficient or out of date, either independently or when demanded to do so by the registered person. In addition, personal information can be deleted if the customer misuses the service or, with the aid of the service, carries out criminal or other prohibited actions. The registered person must contact the register controller for the correction of information. Requests are to be addressed with a personally signed letter to Flexmill Oy, Ilveskaari 19B, 01900 Nurmijärvi.

Other rights relating to the handling of personal information

A registered person also has the right to prohibit the register controller from handling information relating to them for the purposes mentioned in this register description, unless it is agreed otherwise between the register controller and the registered person. Requests for correction of information pertaining to marketing prohibitions (calls, printed direct marketing, text messages and e-mail) are to be addressed with a personally signed letter to Flexmill Oy, Ilveskaari 19B, 01900 Nurmijärvi.

Cookies

A cookie is a small file which the website stores on the computer of the visitor and which the browser of the visitor offers to the website every time the visitor visits the site. We use the kind of cookies on our website that do what they are supposed to do – namely, improve the user experience or monitor the traffic of the web pages of Flexmill Oy. You can refuse use of cookies or set an alert for cookies from the settings of the browser.

Analyses of web pages and advertising cookies

In order to obtain additional information about the traffic on our website, we use an analysis tool and advertising provided by a third party.

The web pages of Flexmill Oy use the Google Analytics web analysis service provided by Google Inc. (’Google’). Google Analytics uses cookies in order to analyse how users use the site. The information created by a cookie on how you use the website (including your IP address) is sent and stored by Google on servers in the United States. Our site uses IP anonymisation. This means that Google shortens/anonymises the last octet of the IP address of the citizens of the member states of the European Union and the European Economic Area. Only in exceptional circumstances is the whole IP address sent to and shortened by Google’s servers in the United States. Google uses this information on behalf of the web page provider to assess the usage of the page, to draw up reports relating to the traffic of web pages for web page suppliers and for offering other services relating to the traffic of web pages and the usage of web pages to the web page provider.

You can prevent the collection of information by Google and the usage of information (cookies and IP addresses) by downloading and installing a browser add-on program, which can be obtained here: https://tools.google.com/dlpage/gaoptout?hl =en or by using other advertising and tracking blocking tools.

We also use Google Analytics in order to analyse the information of the AdWord and DoubleClick Cookies services. You can prevent the handling of this information through the privacy settings of Google here: https://myaccount.google.com/

Updated 14.2.2018