Jaakkoo Taara Oy (0204650-4)
Ruissalontie 4
20200 Turku
Petri Korte
privacy@jt.fi
Customer register B2B
2025-04-14
Legitimate Interest
The main reason for having a customer register is:
Provision of services.
Data subjetcs data will be processed to deliver ordered products or services for business, to provide
a service purchased or to otherwise perform a contract.
Contacting customers.
With the data of the data subject we can identify a person and respond to the sent feedback or
reclamation. Additionally, the data will be processed to provide customer communication and to
resolve disputes.
Marketing.
Data subjects data will be processed to market our goods and services.
Business and service development.
We may use data for analytical, statistical and reporting purposes and to develop our business,
products and services.
The data controller has a legitimate interest because the processing takes place within a client relationship, it processes personal data for direct marketing purposes, to prevent fraud and to ensure the network and information security of data controllers IT systems.
As a a controller we have performed the balance test to carefully evaluate, whether or not we may use legitimate interests as a basis for the processing of personal data.
Client information
The data controller’s personnel and outsourcing partners when applicable.
The customer register contains the following information:
- First and last name of person
- Represented entity
- Email address
- Postal address
- Phone number
- Webpage address
- IP Address
- Information on previous orders
- (Other?)
Customer data is collected when purchases are made through the company’s physical stores, online services, or authorized retailers. We also receive information directly from customers, for example, when they register for a service or submit other notifications during the customer relationship.
Updates to customer details, such as name and contact information, may be received from public authorities or third-party update services. Additionally, data may be obtained from data processors involved in delivering or supporting specific services.
We may also collect data about customers’ activities in digital environments through partner websites, data systems, or other online sources. This may include information collected via electronic logins, cookies, or unique customer identifiers.
The information stored in our customer register is used exclusively by our company, except in cases where an external service provider supports us with value-added services or credit-related decision-making.
We do not share personal data with third parties or partners unless it is required for credit applications, invoicing, debt collection, or by legal obligation. Personal data is not transferred outside the EU unless it is essential for the technical operation of our services or those of our partners.
If requested, personal data will be deleted unless retention is required by law, due to unpaid invoices, or ongoing debt collection processes.
10 years from the end of the customer relationship.
The data stored in the customer register are used solely by the company, except when an external service provider is used either to provide added value services or to support credit-related decision-making.
Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law.
A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, outstanding invoices, or debt collection.
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities. If the data is tranferred to USA, we use EU-US Data Privacy Framework. On the basis of the adequacy decision, personal data can flow freely from the EU to companies in the United States that participate in the Data Privacy Framework.
Contact information collected during customer events and other manually processed documents containing customer data are stored in a locked and fireproof space after initial processing. Only specific employees who have signed confidentiality agreements have the right to process manually stored customer data.
The protection and processing of data in the register complies with the provisions and principles of the Data Protection Act, regulations of the authorities and good data processing practice.
We protect the processing of the personal data in our customer register with appropriate technical and organisational protection measures, such as access limitations and passwords and, when feasible pseudonymisation and anonymisation of the personal data.
These are for examble;
Firewall, virus and intrusion protection, sign-on with specific access permissions. Manual material is
stored in a locked document cabinet, keys have been signed as received by their holders.
The person processing the personal data stored in the register is also bound by a confidentiality obligation. In addition to this, our data protection policy as applicable form time ensures that personal data is processed in accordance with the applicable data protection law.
Only specific employees working for or on behalf of the company have the right to use the customer-owner or customer register and maintain data stored in it. Each specific user has his or her personal username and password. Each user has signed a confidentiality agreement.
The protection and processing of data in the register complies with the provisions and principles of the Data Protection Act, regulations of the authorities and good data processing practice.
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.
Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.
The following types of data are collected using cookies:
- visitor’s IP-address
- time of visit
- browsed pages and time of browsing
- visitor’s browser
- other?
Your rights
A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved.
Disabling cookies may affect the functionality of the website.
GOOGLE ANALYTICS
We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or persons.
Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads
Google Analytics -monitoring can be disabled with a Chrome add-on.
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English.
The request must be sent from a recognable email address.
The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.
The data subject has the right to transfer his or her own data from one system to another.
The transfer request can be addressed to the registry contact person.
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.
The request must be sent from a recognable email address.
The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.
Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.
If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.
The data subject has the right to request a restriction on processing—for example, if the personal information held is inaccurate. In such cases, processing will be limited until the data controller has verified the accuracy of the information.
The data subject has the right to object at any time to processing of personal data concerning them for direct marketing purposes. We will process the objection to processing of personal data for purposes other than direct marketing after which we will end the processing or inform the data subject about a legitimate reason why the processing of such data will be continued.
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.
The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.
NOTICE: ADD HERE ALL THE CONTACT INFORMATION OF THE DATA OMBUDSMAN OFFICE
Contact information for the Finnish national supervisory authority:
Office of the Data Protection Ombudsman
PL 800, Lintulahdenkuja 4,
00530 Helsinki tel. +358 29 566 6700
tietosuoja@om.fi
www.tietosuoja.fi/en/
Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.
Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system.
If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.
The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.