Oy Duell Bike-Center Ab (2464132-0)
Kauppatie 19
65610 Mustasaari
Sami Ilvonen sami.ilvonen (at) duell.eu
Legitimate interest
The purpose of the register is the controller's business, the opening of new customer relationships and related communication. The information obtained is used to establish and maintain customer relationships and for other business needs of the controller.
The legitimate interest of the controller to process the personal data collected and used is based on direct marketing needs and the freedom to conduct a business. Direct marketing is a legitimate interest of an undertaking under the EU General Data Protection Regulation. The controller needs to process personal data in order to carry out its business tasks. The processing of personal data in this context cannot necessarily be justified by a legal obligation or a contract with an individual. In the balancing test, the controller has identified legitimate interest as the most appropriate ground for processing in view of the nature and scope of the processing and the exercise of the rights and freedoms of data subjects. The controller has assessed that the legitimate interest will not cause serious harm to the rights and freedoms of the individuals concerned (the data subjects).
Name, organisation represented, contact details.
The data controller’s personnel and outsourcing partners when applicable.
Personal data filing system contains the following information: - First and last name of person - Community represented - Email address - Postal address - Phone number - IP numero - Information on previous orders - Information on discussions during customer negotiations
Data are collected from email messages and business cards received from customers as well as during phone conversations and face-to-face meetings with customers. Data can also be received from interest groups, such as mass communication, marketing or contact forms on the company website. Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, matters related to the management of the customer relationship, outstanding invoices, or debt collection.
Personal data are stored for only the duration that is necessary for the above-mentioned purposes of processing in accordance with current legislation.
The data stored in the register are used solely by the company and its employees, except when an external service provider is used either to provide added value services or to support credit-related decision-making. Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, matters related to the management of the customer relationship, outstanding invoices, or debt collection.
The data in the register will be transferred outside the EU or EEA to the UK. It is also possible that service providers outside the EU/EEA are used for processing or that the clouds of service providers are located outside the EU/EEA, in which case SCC standard clauses are used as the basis for data transfer and additional safeguards are implemented for data transfers, such as internal guidelines (on pseudonymisation of personal data and the like) and possibly TIA analysis where appropriate.
After initial processing, manually processed documents containing customer data (e.g. printed e-mails or their attachments, printed web forms or similar) are stored in locked and fire-safe storage facilities. Only designated employees who have signed a confidentiality undertaking are authorised to process manually stored customer data. The protection and processing of data in the register is in accordance with the provisions and principles of the Data Protection Act, the regulations of the authorities and good data processing practice.
Only certain employees of the organisation and companies acting on its behalf are entitled to access, for example, workstations with software that can maintain information on potential customers. Each designated user has his or her own personal user name and password. Each user has signed a confidentiality undertaking. The system is protected by a firewall which protects external access to the system and the workstations with appropriate security software. The protection and processing of data in the register is in accordance with the provisions and principles of the Data Protection Act, the regulations of the authorities and good data processing practice.
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site. Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website. The following types of data are collected using cookies: - visitor’s IP-address - time of visit - browsed pages and time of browsing - visitor’s browser Your rights A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved. Disabling cookies may affect the functionality of the website.
The data subject has the right to check what information about him or her is in the register. The request for inspection must be made in writing or by means of a verifiable e-mail address. Data subjects have the right to object to the processing and disclosure of their data for the purposes of direct marketing, distance and direct selling, market research and opinion polling by contacting the controller's customer service desk.
Where a legitimate interest is used as a ground for processing, the data subject does not have the right to transfer his or her data from one system to another.
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified. A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed. If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.
The data subject has the right to request restriction of processing, for example if the personal data in the register are inaccurate. Contact the person responsible for the register.
The data subject has the right to request personal data concerning him or her and the right to request the rectification or erasure of personal data. Such requests may be addressed to the contact person of the register. If you are the contact person of a company or organisation, your data cannot be deleted during this period.
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority. The complaint can also be lodged in a member state where you are a permanent resident or where you are employed. Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700 tietosuoja@om.fi www.tietosuoja.fi/en/
Data subjects have the right to object to the disclosure and processing of their data for direct marketing and other marketing purposes, to request that their data be made anonymous where applicable, and to be completely forgotten.