Oy Duell Bike-Center Ab (2464132-0)
Kauppatie 19
65610 Mustasaari
Sami Ilvonen sami.ilvonen (at) duell.eu
The purpose of use for the filing system is to promote business operations, create new customer relationships and to communicate with potential customers. Collected data are used to create and maintain new customer relationships as well as carry out other business-related tasks. The basis of processing is legitimate interest.
The data controller’s legitimate interest allows the direct B2B marketing of products and services that are related to the recipient’s area of responsibility within their company. The data controller’s legitimate interest for processing collected and used personal data is based on the company’s direct marketing needs and the freedom to engage in commercial activity. Direct marketing is considered a legitimate interest in accordance with the EU General Data Protection Regulation
The data controller’s personnel and outsourcing partners when applicable.
The register may contain the following information: - Contact information, such as name, email address, and phone number - Information related to job description, such as position, area of responsibility - Contact and background information of employing company - Activity information, such as participation in events or contacts by sales and customer service - Possible permissions and consent - Possible other data collected with the data subject’s consent - Data on marketing content used by the data subject (use data), including - information on sent, opened and clicked marketing content - information on visits to the company’s website, such as time, pages visited, and duration of visit - technical data related to online use, such as IP address, browser, and other related information - Information on ordered and downloaded manuals and other materials - Cookies Data concluded from use data analytics (inferred data), including - interests - lead points, indicating activity level of content use
- Data provided by the data subjects themselves through the website, email correspondence, or other channel - Company’s customer register - Company contact person details obtained from Suomen Asiakastieto’s decision-maker register, the company’s public website, social network sites, and other similar registers.
Personal data are stored for only the duration that is necessary for the above-mentioned purposes of processing in accordance with current legislation. Email messages related to targeted direct marketing and use data related to the company’s website are automatically deleted at regular intervals.
The data stored in the register is used solely by the data controller and its employees, except when an external service provider is used either to provide added value services or to support credit-related decision-making. Data will not be disclosed to external parties or to the data controller’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, matters related to the management of the customer relationship, outstanding invoices, or debt collection.
The data in the register will be transferred outside the EU or EEA to the UK. It is also possible that service providers outside the EU/EEA are used for processing or that the clouds of service providers are located outside the EU/EEA, in which case SCC standard clauses are used as the basis for data transfer and additional safeguards are implemented for data transfers, such as internal guidelines (on pseudonymisation of personal data and the like) and possibly TIA analysis where appropriate.
Manually processed documents containing customer data (e.g. printed emails or their attachments, printed online forms or other similar documents) are, after initial processing, stored in a locked and fireproof space. Only specific employees who have signed confidentiality agreements have the right to process manually stored customer data. The protection of all data in the filing system is carried out in accordance with the regulations and principles of the Data Protection Act, regulatory provisions, and good data processing practices.
Only specific employees working for or on behalf of the organisation have the right to use for example workstations whose software can be used to maintain data on potential customers. Each specific user has their personal username and password. Each user has signed a confidentiality agreement. The system is protected by a firewall to prevent external attacks on the system, and workstations are protected by relevant security software. The protection of all data in the filing system is carried out in accordance with the regulations and principles of the Data Protection Act, regulatory provisions, and good data processing practices.
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site. Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website. The following types of data are collected using cookies: - visitor’s IP-address - time of visit - browsed pages and time of browsing - visitor’s browser - other? Your rights A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved. Disabling cookies may affect the functionality of the website. GOOGLE ANALYTICS We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or persons. Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads Google Analytics -monitoring can be disabled with a Chrome add-on.
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed. The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.
The data subject has the right to transfer his or her own data from one system to another. The transfer request can be addressed to the registry contact person.
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified. A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed. If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority. The complaint can also be lodged in a member state where you are a permanent resident or where you are employed. Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700 tietosuoja@om.fi www.tietosuoja.fi/en/
Right to restrict processing The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system. Right to object The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system. If you are acting as the contact person of a company or organisation, your data cannot be erased during this time. The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.