Privacy Statement for SRV’s Decision-Maker Register

 

1       Controller

SRV Group Plc, business ID 1707186-8

P.O. Box 555, Tarvonsalmenkatu 15

FI-02601 ESPOO, FINLAND

2      Contact person for matters related to the filing system

Anita Höytiä

P.O. Box 555, Tarvonsalmenkatu 15

FI-02601 ESPOO, FINLAND

Tel. +358 40 74 333 20

Email anita.hoytia@srv.fi

3      Name of the filing system

SRV’s decision-maker register (B2B marketing)

4      Basis and purpose of the processing of personal data

The legal basis for the processing of personal data is SRV’s legitimate interest (direct marketing). The purposes of processing personal data include the following: direct marketing of SRV’s products and services (direct marketing via mail, phone and electronic channels), online advertising and the targeting of such direct marketing and advertising, organising of marketing competitions and prize draws and conducting of opinion polls and market research. The data is also used in the planning and development of SRV’s business, products and services.

5      The information content of the filing system and categories of data subjects

The filing system contains the following information on potential business customers and the related decision-makers, contact persons and other stakeholders:

  • Name, title, age, gender, first language, company, postal address, email address, phone number
  • Refusals and consent related to direct marketing
  • Public information concerning tasks and status in business life or in a public office
  • Information provided by data subjects themselves (e.g. the professional interest areas of the data subject)

6      Information sources

As a rule, the information in the filing system is collected from the data subjects themselves based on information obtained via phone, online or in connection with a contact request, other form-filling or event participation. In addition, personal data can be collected and updated from the business register and other public and private registers.

7       Disclosure and transfer of data and transfers to countries outside the EU or European Economic Area

As a rule, SRV does not disclose to external parties any data included in the filing system. However, data can occasionally be disclosed in accordance with law, for example, to cooperation partners selected by SRV for direct marketing purposes if the data subject has not refused to consent to such processing and disclosure.

As a rule, personal data is not transferred to locations outside the EU or EEA. If, as an exception, personal data is transferred to a location outside the EU or EEA, SRV ensures that the level of data protection is adequate by using, for example, the standard clauses approved by the EU Commission.

8      Principles for securing the filing system and the period for retaining data

Only employees who are authorised to process data due to their work tasks have access to the system that contains personal data. Each user has a unique user ID and password for the system. Data is collected into databases that are protected with firewalls, passwords and other technical means. Databases and the related backups are located in locked premises and data can be accessed only by pre-defined persons.

Personal data is retained for as long as necessary for the purpose for which the personal data is used. In principle, data is stored permanently within the limits permitted by law. SRV regularly assesses the necessity to retain data, in addition to which it takes reasonable measures to ensure that the filing system does not include personal data that is incompatible with the purpose of the processing or that is outdated or incorrect.

9       Rights of data subjects

Data subjects have the right to prohibit the controller from processing the data subject’s personal data for purposes related to direct marketing, market research, opinion polls and any profiling related to these. Such a refusal of consent can be provided at any time to the contact person of the filing system or, for example, by unsubscribing to messages in the manner described in marketing messages.

Data subjects have the right to check their own information stored in the filing system, and they have the right to demand that data is corrected or erased. Such requests must be submitted in person or in writing to the address provided in section 2.

In accordance with the General Data Protection Regulation, data subjects have the right to object to the processing of their data, request that the processing of their data be restricted and lodge a complaint concerning the processing of personal data to the data protection ombudsman.