KevytLasku customer register privacy statement

Privacy statement in accordance with the Personal Data Act (Sections 10 and 24 of the Personal Data Act, 523/1999).

(policy updated 14 June 2019)

1. Controller

KevytLasku

Business ID: 3122865-7

Konepajankuja 1 A, 00510 Helsinki

Telephone: +358 400 800 680

2. Person in charge of registry matters

Ritva Kinnunen

KevytLasku

Telephone: +358 400 800 680

Email: info@KevytLasku.fi

3. Name of register

Customer register based on the company's customer relationships and other relevant connection (‘Company Customer Register’)

4. The purpose or supplying personal details

Personal details are processed for the purposes of managing and analysing customer relationships and other business relationships, plus service delivery and personalisation, business development and planning, and also marketing, distance selling, market and opinion research, and customer communications, which can also be handled electronically and in a targeted manner.

Personal details may be processed as permitted by applicable legal acts for the marketing purposes of the member companies and the company’s carefully selected affiliates, which includes the use of direct marketing, distance selling, and market and opinion research. The disclosure of personal details to partners may, in principle, only take place for purposes that support the concept of the registry and where the use of such personal details is not incompatible with the company’s purposes.

The company may use information which is gathered from the user’s terminal for all purposes that have been mentioned in this paragraph. As a rule, in order to provide location-based services or to enable an internal analysis of the user's activity, the user will explicitly have consented to the company's use of location data, or consent to use location data will unambiguously be apparent from the user's relationship with the company, or such location data will be anonymous. The user may revoke their consent at any time by deleting their browser's cookie history.

General conditions for processing personal details: Section 8 (1) (1), (2), (5), (6) and (7) of the Personal Data Act.

5. The register’s information content

The following information may be processed in the register for all data subjects:

  • First and last names
  • contact information (address, telephone number, email address)
  • the date and method of the commencement and termination of the customer relationship and/or business relationship
  • direct marketing authorisation and prohibitions
  • information regarding the utilisation of electronic services and content (eg. a newsletter sign-up), technical information sent to the data controller’s server by the data subject's browser (eg. IP address, browser type, browser version, the page via which the data subject has accessed our site), and cookies and related information which is sent to the data subject's browser
  • marketing and promotional information such as marketing activities and the participation of the data subject (eg. participation in marketing lotteries and also competitions and events)
  • customer relationship and other business communications and contact information (eg. purchase and cancellation information for paid products and services, order information for free products and services, delivery information, feedback, complaints, and customer service recordings such as phone calls, emails, chats, and text messages)
  • interests that have been indicated by the data subject
  • gender
  • date of birth
  • language
  • changes to the information identified above
  • information about online behaviour on the company's websites and services (eg. link clicks, browsed web pages, entry and exit pages)
  • Information that is based on any analysis of the use of the service or other information that is provided by the customer, such as potential interests or membership in a particular group of users.

In addition to the above, the register may process the following information about anyone who has purchased a product and/or service:

  • customer number
  • identity number
  • invoice and recovery information

6. Regular sources of data

Personal details about the data subject are collected from the data subject themself, from the various services that the data subject uses (including the company’s website and mobile services and the company’s social media channels), and various marketing activities such as marketing lotteries, plus competitions and events.

In addition, personal details may be collected and updated from other company registers, company partner registers, and authorities and companies which are providing personal data services.

7. Disclosure and the transfer of personal details

Data may be disclosed at the discretion of the data controller (to the extent permitted and required by applicable legal acts), such as, for example, to company partners, unless the data subject has opposed disclosure. The disclosure of personal data to partners may, in principle, only take place for purposes that support the concept of the company’s registry and where the use of the data is not incompatible with the company’s purposes.

Personal details may also be disclosed in the manner required by the competent authorities or by other bodies, on the basis of existing legislation, and for historical or scientific research purposes, provided that the data has been anonymised.

Personal details may be disclosed to purchasers in connection with mergers and acquisitions in cases which involve the company selling or otherwise arranging its business affairs. Personal details may be transferred to partners which have been selected by the data controller who processes those details on behalf of the data controller on the basis of the existence of agreement between the parties. In this case, the data processor does not have any right to process transferred data on its own account or in its own registers.

As a general rule, data is not transferred outside the territory of the Member States of the European Union or the European Economic Area unless it is necessary for the purposes for which such personal details are being processed in the first place, or where the technical implementation of such data processing makes it necessary. If this proves to be the case then the transfer of data must comply with the requirements of personal data legislation.

The company may transfer any data that is contained in the register to its own direct marketing registers after the termination of the customer relationship and any relevant connection.

8. Register security

The electronically processed data that is contained in the register is protected by firewalls, passwords, and other generally accepted technical means in the field of security. Manually maintained material is located within premises which ensure that unauthorised persons are prevented from entering them.

Only identified employees of companies which are acting for and on behalf of the data controller have access to personal data that is contained in the register with the right of access being granted by the controller.

9. Right of inspection, restriction, and rectification

The data subject has the right under the Personal Data Act to check which information concerning them is stored in the register. At the request of the data subject we will make the necessary corrections and additions to any personal details or will delete any details that are inaccurate, unnecessary, incomplete, or outdated for the purpose of processing. Contact our customer service centre to inspect and update your information. The request must be in writing and should be signed.

The data subject has the right to restrict the processing and disclosure of their personal details for the purposes of direct marketing, distance selling, other direct marketing requirements, and market and opinion polling by contacting our customer service centre.

10. Changing the privacy statement

The company is continuously developing its business and therefore reserves the right to change this privacy statement by providing due notification of such an intention in its services. Changes may also be based on changes in legislation. The company recommends that data subjects consult the content of the privacy statement on a regular basis.