This is the Registry and Privacy Statement of KK-Palokonsultti Oy in accordance with the Data Protection Act of Finland (§ 10 and § 24) and the EU General Data Protection Regulation (GDPR). This statement was created on September 1st 2019, last updated February 22nd 2021 and translated from Finnish origin on May 15th 2021.
KK-Palokonsultti Oy (Business ID FI20748323)
Piispantilankuja 4, 02240 ESPOO, FINLAND
Office phone: 044 752 0777 (weekdays 09-16)
Contact person responsible for the register
The name of the register
KK-Palokonsultti Oy’s customer, marketing and stakeholder register.
Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is:
- personal consent (documented, voluntary, individualized, informed and unambiguous)
- an agreement to which the data subject is a party
- legitimate interest of the registrar (customer relationship)
The purpose of the processing of personal data is to communicate with customers, maintain customer relationships, recruit, events, and marketing and communication. The data is not used for automated decision-making or profiling.
Information content of the register
The information stored in the register is: name and position of the person, company or organization, contact information (phone number, e-mail address, postal address, street address), website addresses, IP address of the network connection, profiles in social media services, information about subscribed services and their changes, billing information, and other information related to the customer relationship and the services ordered.
Regular sources of information
The information stored in the register is obtained from the customer, for example from messages sent through web forms or e-mail, telephone conversations, via social media services, and from contracts, customer meetings and other situations where the customer discloses his/her information.
Regular disclosures and transfers of data outside the EU or the EEA
The information is not routinely disclosed to other parties. The information may be published if agreed with the customer. Information may also be transferred outside the EU or the EEA.
The records in the register shall be handled with care and data processed by information systems shall be appropriately protected. When register information is stored on servers connected to the Internet, the physical and digital security of the hardware and software is properly addressed. The registrar shall ensure that the stored information, as well as server access and other information critical to the security of the personal data, are treated confidentially and only by the employees whose job description includes such treatment.
Retention periods for personal data
Personal data collected for any purposes will not be kept longer than necessary, but the data subject has a “right to be forgotten” only if there is not any legal obligations to continue processing personal data.
Basic customer information related to the customer agreements is retained for three months after the end of the customer relationship. After that the data is deleted or anonymized. The data processed on the basis of the consent of the customer will be kept until the customer withdraws his/her consent. Messages containing personal information in the e-mail archive will be kept for seven years. Accounting materials are kept for six years in accordance with the Accounting Act.
Documents containing personal data (including electronic documents) will be retained in accordance with legal obligations, if the documents are believed to be relevant to ongoing or possible future legal proceedings.
Right of inspection and right to request correction of information
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. In addition, the person has the following rights:
- the right to restrict processing (for example in marketing)
- the right to object to the processing
- the right to withdraw consent
- the right to lodge a complaint with the supervisory authority
If a person wishes to check or correct the data stored about him or her, the request must be sent in writing to the registrar. The registrar may ask the applicant to prove his or her identity, if necessary. The registrar responds to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).
Other rights related to the processing of personal data
A person in the register has the right to request the removal of his or her personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU’s general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests to the the registrar must be sent in written form. The registrar may ask the applicant to prove his or her identity, if necessary. The registrar responds to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).