Privacy and Registry statement

Privacy and Registry statement

Personal Data Act (523/99) 10 §, GDPR
Creation date: 28.10.2021.

1. Controller

Keyflow Oy
Satamatie 25
53900 Lappeenranta

2. Data protection officer

Ville Mikonsaari
044 077 8388

3. Register name

Website user register

Other registers:
Customer register
Data Files

4. Purpose of the processing of personal data

Personal data stored in the register is processed in accordance with the requirements of section 8 of the Personal Data Act for the management of the registrar’s customer relations. The processing of personal data is based on the customer relationship related to the data controller’s business, the customer’s consent, the order given by the customer or any other material connection to which the customer has given permission.

The registrar generally uses personal data for customer relationship management and development, complaint handling, customer communication, marketing planning and targeting, customer service development, payment control, and service and business development. The registrar uses personal data for distance selling and direct marketing purposes as permitted by the Personal Data Act.

In addition, the controller’s partners may, subject to certain restrictions, have the right to use the data for the above-mentioned purposes related to their own business, such as the development and implementation of various common services, concepts and business models and marketing (under the DPA). The information in the register can be momentarily transferred, for example, for sending marketing communications to a system whose data security has been ensured by the registrar and a potential partner.

5. Information content of the register

The register contains the following information about registered customers.
Information related to the person, customer relationship management and business connection, including:

  • Company name, business ID and contact person
  • Name of private customer
  • Address information (local address, postal code, post office)
  • Email address, phone number, website address
  • Purchase information such as product, price, quotation, delivery and billing information
  • Marketing authorizations (calling, print direct marketing, SMS, email and targeted digital advertising)
  • Customer relationship communication history (e.g. e-mails and call information), complaints
  • Participation in sweepstakes organized by the controller

6. Regular sources of information

Personal data is collected from the data subject himself in the registrar’s own activities in connection with customer transactions, for example in stores and business premises, by telephone, online service, customer events and customer meetings. Personal data may also be collected, stored and updated from companies and authorities providing update services, if permitted by the Personal Data Act and a matter-of-fact connection.

7. Regular disclosures and data retention

The data may be made available to the controller’s partners and authorities within the limits set by the applicable legislation. The information may be disclosed to the authorities if required by law or regulation, for example to investigate abuses. In addition, within the framework of the Personal Data Act, the data controller may transfer the information contained in the register containing the marketing authorization to its direct marketing registers after the end of the customer relationship and the material connection. Personal data stored in the ERP system is retained in accordance with the requirements of the Accounting Act (10 years), data stored in the CRM system is retained in accordance with the requirements of the Accounting Act, if applicable, and deleted if the request does not conflict with the requirements of the Accounting Act. In the complaint system, personal data is stored until the end of the investigation or for 1 year, after which the identifying personal data is deleted.

8. Data transfer outside the EU or the European Economic Area

The data will not be disclosed outside the EU or the European Economic Area without the customer’s consent. The servers required for the use of the programs are located in the EU or EEA territory or in the EU and non-EEA countries referred to in Section 22 of the Personal Data Act, where the EU Commission has determined the adequacy of the level of data protection.

9. Registry Security Principles

The personal data contained in the register will be kept confidential. The use of the register is instructed in the controller’s organization and access to the personal register is limited so that only those employees who have the right to do so on behalf of their duties and need the information in their duties have access to and use the information stored in the system. Personnel handling personal data are bound by professional secrecy.

Access to the system requires each user of the registry to enter a username and password. In addition, the data network of the controller and the hardware on which the registry is located are protected by a firewall and other technical measures. The destruction of materials containing personal data is done in a secure manner.

10. Right of inspection of the data subject

Upon request, the customer has the right to know what information about him or her has been stored and where the information is regularly obtained for the register, where the information is used and regularly disclosed. The information is provided to the customer in a comprehensible form and, if necessary, in writing. Data verification is free once a year. Requests are addressed in person by a signed letter to Keyflow Oy.

11. Other rights related to the processing of personal data

The data subject also has the right to prohibit the data controller from processing data concerning him or her for the purposes mentioned in this register description, unless otherwise agreed between the data controller and the data subject. Requests for correction of information concerning marketing bans (calling, printed direct marketing, text messaging and e-mail, targeted digital advertising) are addressed by a personally signed letter to Keyflow Oy.

12. Cookie Policy

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.