Personal data act

DESCRIPTION OF FILE

PERSONAL DATA ACT (523/1999) §10

CONTROLLER

Citec Group Oy Ab
P.O. Box 109
FI – 65101 Vaasa
Phone +358 6 3240 700

NAME OF THE REGISTER

Marketing register of Citec Group Oy Ab

THE PURPOSE OF THE REGISTER

The personal data included in the marketing register is processed for the purpose of marketing the controller’s and/or its subsidiaries’ services as well as for communicating relevant business events and other news relating to the controller’s group to current and potential customers and its contact persons.

The processing of personal data included in the register can be outsourced to external service providers in accordance with applicable data protection legislation.

THE CONTENTS OF THE REGISTER

The type of personal data saved and processed are

  • Name
  • Title/position
  • Business phone number
  • Business e-mail address

REGULAR SOURCES OF INFORMATION

The regular source of personal data is the contact persons themselves, the controller (or a subsidiary thereof) or the relevant customer company based on business relationship.

DISCLOSURE AND TRANSFER OF DATA

The only regular destination of disclosure is within the controller and its subsidiary companies. The controller may from time to time also disclose information to co-operation partners who provide marketing and communication services to the controller.

The data is transferred within Citec Group but not outside the European Union or the European Economic Area.

PRINCIPLES FOR PROTECTION OF THE DATA

Data is collected into the register located on server that is protected by firewalls, passwords and other technical measures in accordance with the controller’s principles for data protection. The server is located in Finland in locked and guarded premises and is accessed only by authorized personnel. A manual register does not exist.

The access is controlled by access rights granted and defined by the controller, username and password. Access to the data register is only granted to those employees of the controller or its subsidiaries who are involved in marketing activities or who need the information for the justified business purposes. The data register can be accessed only in the protected network of the controller. The information in the register is treated confidentially.

RIGHT TO RECEIVE AND INSPECT DATA

As a rule, each person shall, after having supplied sufficient identification criteria, have the right to receive and inspect such information in the register, which relates to him/her, or to receive a notice that the register contains no such information. Anyone who wishes to receive and inspect information relating to himself/herself, shall submit a written request to this effect to the controller as a personally signed or otherwise comparably verified document or appear personally in the premises of the controller.

RECTIFICATION AND REMOVAL OF DATA

Anyone whose personal information has been stored in the register has the right to request rectification and/or removal of such data. A written request in this regard shall be directed to the controller by a personally signed or otherwise comparably verified document or by appearing personally in the premises of the controller. The request shall be sufficiently individualized and justified in order for the controller to process the request appropriately.