Pivaset Oy's PRIVACY NOTICE FOR CUSTOMER REGISTER
Controller
The controller of the register is Pivaset Oy (business ID 3303340-7). The contact person for register matters is: Otto Laitinen, Project Engineer.
Pivaset Oy
Address: Patruunapolku 5, 79100 Leppävirta
Phone: 020 1230 800
Email: info@pivaset.fi
Register name
The name of the register is Pivaset Oy's customer register.
Purpose of processing personal data
Personal data is processed for purposes related to managing, administering, and developing customer relationships, providing and delivering services, as well as invoicing. Data is also processed for investigating any complaints and other claims. Additionally, data is used for communication with customers, including informational and marketing purposes, including direct marketing.
Legal basis for processing
The legal bases for processing personal data are as follows, in accordance with the EU General Data Protection Regulation (GDPR):
The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
Content of the register
The register contains basic and contact information, information related to the company or organization, positions or job titles within the company or organization, as well as direct marketing permits and prohibitions.
Regular sources of information
Personal data is collected from the data subjects themselves. Additionally, data is collected and updated within the framework of applicable legislation from generally available sources related to the implementation of the customer relationship.
Storage period of personal data
Data is stored for the necessary time period in relation to the original purposes. The storage period is assessed every 5 years, and data is deleted within 10 years after the termination of the customer relationship.
Recipients of personal data and transfers
Personal data is not disclosed to third parties.
Transfer of data outside the EU or the EEA
Personal data included in the register is not transferred outside the EU or the EEA.
Principles of register protection
Personal data is stored securely, and access is restricted to authorized personnel only. Databases are protected by firewalls and technical solutions. Access to systems is granted only with personal user IDs.
Rights of the data subject
The data subject has the right to receive information about his or her personal data, the right to withdraw consent, the right to request correction or deletion of data, the right to restrict processing, the right to data portability, and the right to lodge a complaint with a supervisory authority.