Privacy Notice – How FocalSpec Oy uses customer data and marketing-related personal data
This is a privacy notice for the purposes of the EU General Data Protection Regulation (the ”GDPR”). Last amended 22 May 2018.
1. Data Controller
FocalSpec Oy, Elektroniikkatie 13, 90590 Oulu, www.focalspec.com
2. Contact details for issues concerning personal data
3. The purpose and legal basis for processing personal data
The purpose of processing personal data in connection hereto is to maintain customer contacts and to market FocalSpec’s products. The legal basis for processing the personal data is the performance of the customer agreement, or the customer’s request to take preparatory steps therefor (Article 6(1)(b) GDPR) and FocalSpec’s legitimate interest to market its products to its contacts (Article 6(1)(f) GDPR).
The information is not used for automated decision-making or profiling.
4. Personal data processed
FocalSpec processes such personal data as the data subject may give to FocalSpec. Such information includes name, title, company, billing information both for the data subject and the company, and, e.g., the names of the data subject’s or his/her company’s social media profiles, as well as information given on, e.g., business cards or in email footers. Additionally FocalSpec will process information concerning the customers, orders, order changes and the like.
In addition to information obtained directly from the data subject, FocalSpec may also record information, e.g., the IP address used by the data subject, use of the FocalSpec website as well as content, likes and similar from social media accounts.
5. Regular sources of data
Data is mainly obtained from the data subject him- or herself through, e.g., web forms on the FocalSpec website, in customer meetings and contacts and in similar contexts. Some data may also be obtained from public sources such as from company information services or the data subject’s social media accounts.
6. Storage periods
The data is stored for the duration of any customer relationship and for two years thereafter. Should FocalSpec during this time have a reasonable belief that the data may be needed longer, e.g., for a potential dispute, the data may be kept until the relevant statute of limitations period has expired.
Marketing data that are not connected to a customer relationship are kept for two years or until the affected party asks that it be removed.
To the extent any customer’s or marketing contact’s personal data would be processed based on the consent of the data subject, the data subject may withdraw the consent at any time. Withdrawing consent does not affect the legality of any already undertaken data processing measures, however.
7. Regular disclosures of personal data; transfers outside the EU/EEA
Personal data may be transferred to data processors such as an external company sending a newsletter of behalf of the company, e.g., MailChimp. Information may also be disclosed to FocalSpec’s re-sellers, some of which are located outside the EU. FocalSpec has entered into data processing agreements pursuant to Article 28 of the GDPR with these entities. In respect of those re-sellers located outside the EU or the EEA, FocalSpec also entered into an agreement including the standard contract clauses referred to in 46(2)(c) of the GDPR to ensure the safe processing of personal data outside the EU/EEA also.
FocalSpec also uses external analytics services, such as Google Analytics, Leadfeeder, etc., that may operate both inside and outside the EU.
Data may be published only if this has been agreed-on with the customer.
8. Information security
Appropriate care will be used in the processing of personal data and any data processed via IT systems adequately protected. When data is stored on Internet servers, the devices’ physical and digital information security is ensured. FocalSpec will ensure that the save data, server access rights, and information critical to the safe storage of the data are dealt with confidentially and only by those members of staff for whose job functions it is necessary.
9. The right to inspect data and have incorrect data rectified
All data subjects have the right to inspect personal data FocalSpec holds about them and to require that incorrect or lacking information be updated. Should the data subject wish to inspect his or her personal data, or ask that they be corrected, a written request can be sent to FocalSpec using the contact details provided above. FocalSpec may ask the requesting person to identify him- or herself, where necessary.
FocalSpec will respond to the data subject without undue delay and in any event within a month.
10. Other rights in connection to personal data
The data subject also has the right to object to his or her personal data being processed and to ask that information concerning him or her be removed from the register. The data subject also has all other rights provided for in the EU General Data Protection Regulation, such as the right to have the processing of personal data restricted in certain cases. Requests should be sent to FocalSpec in writing using the contact details provided above. FocalSpec may ask the requesting person to identify him- or herself, where necessary. FocalSpec will respond to the data subject without undue delay an in any event within a month. Should the data subject consider that FocalSpec has processed his or her data unlawfully, the data subject may file a complaint with the data protection supervisor of his or her place of residence or work. In Finland, the data protection supervisor is the Data Protection Ombudsman (see tietosuoja.fi).