Westpak Oy Ab’s privacy and data protection policy

This is Westpak Oy Ab’s privacy and data protection policy in accordance with Sections 10 and 24 of the Personal Data Act and the EU General Data Protection Regulation (GDPR). Created 24/05/2018.

1. Data controller
Westpak Oy Ab, Maakunnantie 4, 27820 Säkylä, Business ID 2191122-5. More information about data protection and the processing of personal data can be requested:

infoatwestpak.fi

2. Data subjects
Customer register based on Westpak Oy Ab’s customer account or other appropriate connection

3. Legal justification and purpose for processing personal data
The legal justification for processing personal data in accordance with the EU’s General Data Protection Regulation is the data controller’s legitimate interest (e.g. customer relationship, employment, membership) or on the basis of the data subject’s consent. The purpose for processing personal data is to communicate with customers, maintain the customer relationship and marketing.

4. Data content of the register
The data to be stored in the register are name, address, phone number, email address and business ID.

5. Regular data sources
The data stored in the register are obtained from the customer on the basis of e.g. information submitted via web forms, e-mail, telephone, social media services, from agreements, customer meetings and other occasions where the customer hands over their personal information.

6. Anonymised data, use of analytics and cookies as well as other monitoring technologies
In addition to this, we can collection information on the use of our online services by using third-party analysis tools such as e.g. Google Analytics. The collection of data is automated and can include e.g. IP address, user’s actions in the online service, type of used device, browser type and language settings. This automatically collected data can be used to develop our online services, design and develop business and services as well as for marketing. Our online service may also include either our own or third-party, such as measurement and monitoring services’, cookies. Third parties may place cookies on your terminal device in connection with the use of Online services. Third parties may use the anonymised data obtained from the cookies for the purpose of targeted marketing in other online services. Our online service may also include social media add-ons.

7. Regular disclosures of data and transferring data outside the EU or the EEA
Data is not regularly disclosed to third parties. Data can be published to the extent agreed with the customer. Data shall not be disclosed outside the EU or European Economic Area.

8. Protection principles of the register
Care is taken in the processing of the register and data to be processed with data systems shall be protected appropriately. When register data is stored on servers, both the physical and digital data security of the systems are seen to in an appropriate manner. The controller sees to it that stored data, server access rights and other data critical to the security of the personal information are processed confidentially and only by those employees whose job description includes such processing.

9. Right to review and the right to demand for rectification of data
Each company or individual in the register has the right to review the data stored in the register about him/her and demand any errors to be rectified or and missing data to be added. If a person wishes to review the data stored about him/her, or wishes to demand their rectification, a request must be made in writing and submitted to the data controller. If necessary, the data controller may request the requestee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).

10. Other rights concerning the processing of personal data
The data subjects have the right to request any personal data concerning him/her to be removed from the register (“right to be forgotten”). The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit the processing of personal data in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data controller may request the requestee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).

11. Information about a data security violation
Westpak Oy Ab shall inform any data security violations to the data protection authorities and customers without undue delay.