Privacy Policy

Regarding the Register of Customers and Stakeholders

Toijala Works Oy’s Privacy Policy regarding the Register of Customers and Stakeholders

We have updated our privacy policy to comply with the EU General Data Protection Regulation (GDPR). The GDPR applies from May 25, 2018 and it applies to all companies in the EU and outside the EU that offer their services to consumers and companies in the EU area.

1. Controller
Toijala Works Oy
Business ID: 1637388-0
Tehtaantie 22
FI-37800 Akaa, Finland
Tel. +358 (0)20 764 62
(Hereinafter “Toijala Works”)

2. Contact person for matters concerning the register:
Toijala Works Oy
Tel. +358 (0)20 764 62

3. Name of the register
Toijala Works’ Register of Customers and Stakeholders

4. Purpose of processing personal data
The purpose of processing personal data is to manage customer or other comparable relationships, to target advertising, direct marketing and online marketing activities, to conduct research and to develop business. The justification for processing personal data is Toijala Works’ legitimate interest, based on customer relationships and other authentic connections, as well as on possible consents given by the registered persons. In the processing of personal data, we use subcontractors on whose servers the data is stored. However, we do not disclose personal data to third parties for marketing or other purposes without the consent of the registered persons.

5. The register may contain the following data on customers:
– Given name and family name
– The person’s job title
– Email address
– Mobile and/or other phone number
– Organization and position
– Organization’s address
– Direct marketing permissions and prohibitions
– Information related to marketing and sales promotion (does not apply to potential customers)
– Information related to customer relationship management and communications (does not apply to potential customers)

6. Valid sources of data in the register
The register is compiled from Toijala Works’ customer information system, widely available internet sources, information obtained from customers in connection with commercial projects and other public sources. Personal data is also gathered from the customers themselves in connection with various marketing actions such as campaigns, exhibitions and happenings. Personal data may also be gathered and updated from companies that offer personal data services (for example, Fonecta).

7. Valid disclosures of data
The controller must not disclose customers’ personal data to outside parties unless required to do so by the Finnish authorities.

8. Transferring data outside the EU or the EEA
Personal data must not be transferred outside the EU or the EEA.

9. Data retention and removal, and the right to inspect
Personal data is retained for as long as is necessary for the purpose of using such data, such as during a customer relationship. The need to retain data is regularly reassessed in relation to the valid legislation. Registered persons have the right to inspect what personal data concerning them has been entered in the register. Inspection requests must be sent in writing to the contact person for matters concerning the register. Registered persons must, in this connection, verify their identity. The data must be deleted upon the request of a registered person or due to the ending of a customer relationship.

10. Prohibition of direct marketing and the right to demand correction of data
Registered persons have the right to prohibit the processing of their personal data for purposes of direct marketing by communicating with the controller’s contact person in writing. Registered persons also have the right to demand correction of any erroneous, incomplete or outdated personal data concerning themselves. The controller is obliged to correct such data at the earliest opportunity. Correction requests must be sent in writing to the controller.

11. Principles of register protection
All personal data is retained confidentially in the customer data system. Access rights to the system are given only to those employees who need this data in order to perform their work. The system requires a login with a personal username. The information network of the controller and its information technology partners, as well as the equipment where the register is located, are protected by a firewall and by other necessary technical measures.

Contact us

How can we help you? Submit a message with your contact details and we will get back to you.