This is SmartPipe Systems Oy’s privacy and data protection policy in accordance with EU General Data Protection Regulation (2016/679, “GDPR”) and applicable national legislation (including Finnish Data Protection Act 1050/2018). Drawn up on 1 April 2020
SmartPipe System Oy
2. Contact person responsible for the register
Marco Poulsen, tel. +358 400 604 401
3. Register name
Sales and marketing register of SmartPipe Systems Oy
4. Legal basis and purpose of personal data processing
The sales and marketing register of SmartPipe Systems Oy is used for the direct marketing of its services and events and similar activities, such as customer communications, acquisition of new customers, customer feedback collection and other business needs. Data may be used for the company’s development, for statistical purposes and for more personalised, targeted content on our online services. The company may use partners to maintain customer and service relationships, meaning that parts of the register data may be transferred to the partner’s servers due to technical requirements. Data is processed only to maintain and create customer relationships with the company through technical interfaces. The company has the right to publish data contained in the customer register either in electronic format or in writing, unless this is specifically forbidden by the customer. By ‘writing’, in this context we mean mailing stickers for direct advertising or the equivalent. The customer has the right to forbid publication of data by informing the register’s contact person.
5. Data content of register
The sales and marketing register contains data concerning the data subject’s duties or position in a company, organisation or public life, and other data related to customer account management, such as:
- Person’s first and last name
- Entity represented – Email address
- Postal address – Telephone number
- Data on previous customer mailings and invitations to events
- Data on discussions regarding requests for offers and customer meetings
6. Regular sources of data
Data stored in the sales and marketing register is primarily obtained from customers through their email messages, business cards, or during phone conversations or face-to-face meetings. Data may also be obtained from other stakeholders, such as through a website contact form or the equivalent, and from the ERP of SmartPipe System Oy.
7. Regular disclosure of data, and transfer of data outside the EU or EEA
Customers’ personal data is processed only in matters concerning the customer relationship and will not be disclosed to outsiders without the customer’s permission, unless otherwise provided by law.
Data is not regularly disclosed to third parties.
Data may be published to the extent agreed with the customer. Data will not be transferred by the controller outside the EU or EEA.
8. Principles of protecting the register
The register is processed with care, and data processed by data systems is protected appropriately. Data is collected in databases protected by firewalls, passwords and other technical means. The controller ensures that stored data and server access rights and other data critical in terms of personal data protection is handled confidentially and only by employees to whose job description it belongs.
9. Right of inspection and right to demand correction of errors
Each person on the register has the right to check data stored in the register about themselves and demand that any errors are corrected or incomplete data is completed. If a person wishes to check data stored about them or demand its correction, a written request must be sent to the controller. The controller asks the person who made the request to prove their identity. The controller will answer the customer within the period specified in the EU’s GDPR (as a rule within a month).
10. Other rights related to personal data processing
A person in the register has the right to request that their personal data be erased (“right to be forgotten”). Data subjects also have the other rights specified in the GDPR, such as restricting the processing of their personal data in certain circumstances. Such requests must be submitted in writing to the controller. The controller asks the person who made the request to prove their identity. The controller will answer the customer within the period specified in the EU’s GDPR (as a rule within a month).