Privacy Policy 

Creation date 16 April 2021 

 

Controller 

Kopar Oy 

Business ID 0727282-6 

 

Contact person in matters related to the data file  

Roni Jahila 

Sepänkatu 2, FI-39700 Parkano, Finland 

+358 40 825 3050, 

roni.jahila@kopar.fi 

 

Name of data file and data subjects 

Kopar Oy:n Myynti ja markkinointirekisteri (‘Sales and marketing register of Kopar Oy’) 

In the data file, we process the personal data of our customers, potential customers and their representatives. 

 

Purpose of processing 

The purpose of processing the personal data in the data file is to manage the customer relations and tasks related to the business operations of Kopar Oy as well as to offer, sell, market and advertise products and services. We collect, store and process personal data for pre-determined purposes only. 

 

Types of personal data collected  

The following types of data may be stored concerning the data subject: 

  • Name 
  • Company 
  • Telephone number 
  • Email address 
  • Address 
  • Job title 
  • Consent-related information 
  • Generally available classification information 
  • IP address information or another identifier 
  • Data collected with cookies 
  • The page(s) visited 
  • The duration of the visit 
  • The pathway to the site 
  • The links clicked 
  • Information collected from social media channels 
  • Invoicing information 
  • Customer relationship information

We may also collect other types of data based on your consent. 

 

Sources of personal data 

We collect personal data mainly from communications with the data subjects or later in connection with the use of our services. We may also collect contact information from public sources. 

Information concerning customers is received from the customers in connection with invitations to tender, orders, agreements and other types of communication. 

The information of potential customers is received in connection with sales, events or other types of communication. Only the information of potential customers who have consented to receive marketing or communications will be collected. 

 

Grounds of processing personal data 

We see to it that we always have legal grounds for processing your personal data. 

We process personal data stored in the marketing register based on either our legitimate interest (e.g. direct marketing to our customers and development of our services) or your consent. 

We process our customers’ data based on agreement. 

 

Transfer and disclosure of personal data 

Your personal data is processed by members of our company’s personnel as part of their work. 

In some cases, your personal data may be disclosed confidentially to our partners or our subcontractors who process personal data on the basis of a written commission agreement. 

Such cases include, for instance, data centre and cloud services intended for storing data, providers of the IT systems we use and external services acquired to support sales and marketing. 

Our subcontractors and partners process personal data as agreed, according to our written guidelines and only for agreed, legal purposes. 

 

Transfer of personal data outside the EU and the EEA 

Data may be transferred outside the EU and the EEA within the limitations set by the Regulation. We will only transfer personal data outside the EU and the EEA to corporations whose sufficient level of data protection has been verified with agreements or in another manner required by the Data Protection Act. Data may be transferred in connection with system development, for example. 

Our partners and subcontractors may only process your personal data in order to manage tasks related to customer relationship management or maintenance carried out on our behalf. We always ensure that our partners do not process transferred personal data for any other purposes. 

 

Storage period of personal data  

We store your personal data only for as long as is required for the purposes described in this policy. Data that is no longer required is erased at least once a year. 

 

Information security measures 

We respect the confidentiality of your personal data. 

We collect and process personal data in systems and data files protected by firewalls, passwords and other technological means. The systems are located in locked and guarded facilities and the data can only be accessed by authorised individuals. Access to the data file is only granted to individuals who need the data for work-related purposes. Access rights to the data file require a username granted by the administrator to the systems and customer databases. The administrator also specifies the level of access rights granted to each user. Launching the application requires a personal password. The use and logins of the data file are monitored. Paper documentation is stored in locked cabinets or in an archive room. 

We disclose personal data to our partners, such as our subcontractors, only in a confidential and restricted manner on the basis of agreements. Our partners must commit to ensuring adequate information security and the legal processing of personal data in all aspects of the processing. 

The persons who process personal data are bound by an obligation of secrecy. 

Our website uses a TLS-encrypted HTTPS connection, which ensures the protection of all electronic personal data. In the browser, this is indicated by a green/grey lock icon on the left in the address bar. If there is data in a manual format, they are stored in locked premises that cannot be accessed by third parties and destroyed securely. 

 

Cookie policy  

Cookies are small text files that are automatically stored on your computer/terminal device when you visit different websites. Our web service uses cookies so that we can provide a high-quality service which is as user-friendly as possible. 

We use cookies to develop our services and website, to analyse the use of the website (Google Analytics) and to target and optimise marketing. With the aid of website traffic monitoring, we develop our website to improve it and to create a better user experience. We also use services such as Facebook Pixel to target marketing. 

If you do not wish the online service to collect data through cookies, you can prevent cookies (most browser software allow the user to disable cookies). You can prevent Google Analytics from collecting data about you. Read more about this on Google’s website. However, please note that in this case, it is possible that the online service does not function properly. 

 

Your rights 

  1. Right of access (right of review)
    You have the right to know your personal data stored in the data file. You can request access to your data as described in this policy.
  2. Right to demand rectification or erasure of data (right to be forgotten)
    We will erase, rectify or supplement, on our own initiative or at the request of the data subject, any data that is erroneous, unnecessary, incomplete or obsolete with regard to the processing.
  3. Right to restriction of processing
    The data subject has the right to request the restriction of the active processing of their personal data when, for instance, the data subject contests the accuracy of their personal data and requests the rectification or erasure of the data. In this case, the personal data in question may only be stored, not otherwise processed. The restriction of processing is ensured by technical means. Before the restriction of processing is lifted, we will inform the data subject of this. 
  4. Right to object to the processing of personal data
    You have the right to object the processing of personal data concerning you provided that there is no compelling reason for the processing of the data, overriding your rights, or that the processing is not required for handling a legal claim.
  5. Right to data portability
    As far as the data subject has provided data to the customer data file themselves and the data is processed on the basis of the data subject’s consent or commission, the data subject has the right to receive this data in a machine-readable format, as a rule, and the right to transmit this data to another data controller.
  6. Withdrawing consent
    If personal data is processed on the basis of the data subject’s consent, the data subject has the right to withdraw their consent by informing us of this. You can withdraw your consent as described in the section “Requests related to the rights” of this policy.
  7. Right to lodge a complaint with a supervisory authority
    The data subject has the right to lodge a complaint with a competent supervisory authority if the data controller has not complied with the applicable data protection regulations in their operations.

 

Contact information for requests related to the rights of data subjects 

Any enquiries and requests related to the data file can be submitted either in person by presenting an identity document or by sending an email to sales@kopar.fi. After this, we may contact you over the phone to verify your identity. 

You can collect the requested data from our office on the agreed date and time. 

We respond to requests within one (1) month of submitting the request unless there are special reasons for a longer response time. We may also refuse to fulfil your request on grounds defined in applicable law. 

As a rule, exercising your rights is free of charge. 

 

Obligatory provision of information 

If you do not approve of the processing of your personal data within the framework of the purposes and rights described in this Privacy Policy, it is likely that we cannot serve you and fully realise the purpose of our operations. 

 

Validity of the Privacy Policy 

We always update the most recent, valid Privacy Policy in this address.