Privacy Statement for SRV’s Marketing Register

 

1       Controller

SRV Construction Ltd, Business ID 1728244-6

P.O. Box 555, Tarvonsalmenkatu 15

FI-02601 ESPOO, FINLAND

2      Contact person for matters related to the filing system

Arja Nissinen

P.O. Box 555, Tarvonsalmenkatu 15

FI-02601 ESPOO, FINLAND

Tel. + 358 40 5018792

arja.nissinen@srv.fi

3      Name of the filing system

SRV’s marketing register

4      Basis and purpose of the processing of personal data

The legal basis for the processing of personal data is SRV’s legitimate interest (direct marketing) and the data subject’s consent when that is required for sending electronic direct marketing messages.

The purposes of processing personal data include the following: direct marketing of SRV’s products and services (direct marketing via mail, phone and electronic channels), online advertising and the targeting of such direct marketing and advertising, conducting of opinion polls and market research and organising of marketing competitions and prize draws. The data is also used in the planning and development of SRV’s business, products and services.

5      The information content of the filing system and categories of data subjects

The filing system includes the following information on potential customers and former customers with which the customer relationship has ended:

  • Name, address, phone number and email address
  • Profession
  • Age, gender, language
  • Refusals and consent related to marketing
  • Possibly one piece of information related to marketing activities targeted at the person.

6      Information sources

As a rule, the information in the filing system is collected from the data subjects themselves based on information obtained via phone, online or in connection with a contact request, other filled-in forms, service use or event participation.

In addition, personal data can be collected and updated from the population register and other similar public and private registers.

7       Disclosure and transfer of data and transfers to countries outside the EU or European Economic Area

As a rule, SRV does not disclose to external parties any data included in the filing system. However, data can occasionally be disclosed in accordance with law to cooperation partners selected by SRV for direct marketing purposes, if the data subject has not refused to consent to such processing and disclosure.

SRV uses external service providers (subcontractors) to carry out the tasks defined in this privacy statement. Such subcontractors include, for example, providers of ICT, marketing and communication services. In this case, personal data can be transferred to subcontractors to the extent that is necessary in order to provide services. These subcontractors process personal data on behalf of the controller in accordance with the controller’s instructions. In order to ensure that data is protected, SRV concludes data processing agreements with its subcontractors who process personal data.

As a rule, personal data is not transferred to locations outside the EU or EEA. If, as an exception, personal data is transferred to a location outside the EU or EEA, SRV ensures that the level of data protection is adequate by using, for example, the standard clauses approved by the EU Commission.

8      Principles for securing the filing system and the period for retaining data

Only employees who are authorised to process data due to their work tasks have access to the system that contains personal data. Each user has a unique user ID and password for the system. Data is collected into databases that are protected with firewalls, passwords and other technical means. Databases and the related backups are located in locked premises and data can be accessed only by pre-defined persons.

Personal data is retained for as long as necessary for the purpose for which the personal data is used. In principle, data is stored permanently within the limits permitted by law. SRV regularly assesses the necessity to retain data, in addition to which it takes reasonable measures to ensure that the filing system does not include personal data that is incompatible with the purpose of the processing or that is outdated or incorrect.

9      Rights of data subjects

Data subjects have the right to prohibit the controller from processing the data subject’s personal data for purposes related to direct marketing, market research and opinion polls and any profiling related to these. Such a refusal of consent can be provided at any time to the contact person of the filing system or, for example, by unsubscribing to messages in the manner described in marketing messages.

Data subjects have the right to check their own information stored in the filing system, and they have the right to demand that data is corrected or erased. Such requests must be submitted in person or in writing to the address provided in section 2.

In accordance with the General Data Protection Regulation, data subjects have the right to object to the processing of their data, request that the processing of their data be restricted, withdraw any consent they have given and lodge a complaint to the supervisory authority concerning the processing of personal data.