To do our best to serve you, we need to collect and process some of your data.
We value your privacy, and we are committed to protecting it in accordance with this privacy statement, existing legislation, and good business practice.
In line with the requirements of the EU’s General Data Protection Regulation, this privacy statement contains information on which personal data we collect, how we process it, and what rights and influence you have in relation to your data.
1. General
Tormets Oy (business ID 2472232-3) will process your personal data in accordance with this privacy statement and applicable law, so we ask you to read it carefully.
By using our services or websites or by contacting us, you agree to the processing of your personal data in accordance with this privacy statement. If you do not accept these terms, we are unlikely to be able to serve you in the best possible way.
2. For what purpose are my personal data collected and processed?
We collect, store, and process your personal data only for pre-defined purposes:
- customer relationship management and customer communication
- customer service and replying to contact requests
- delivering and developing our services
- monitoring and analysing the use of our services and products
- segmenting customers to provide personalized content regarding products and services
- ensuring the safety of our services and products and detecting abuses
- customer, opinion, and market research
- developing our business activities
- targeting of marketing and advertising
- direct marketing
We do not carry out profiling based on the personal characteristics of data subjects or related processing leading to automated decision-making.
3. Which personal data pertaining to me are collected, and from which sources?
We primarily collect your personal data from you when contacting you and when you use our websites and services. We also collect data manually, for example by phone in the context of customer services or sales.
In addition to the data provided by you, we collect data on our websites and services, including cookies to analyse and develop the use of our websites and services, and to target marketing and advertising.
In addition, we collect data from public sources, such as the trade and company registers, as well as from other providers of business decision-makers. The data we collect from these sources include company information, as well as contact details of business decision-makers such as name, email address and telephone number.
4. On what grounds are personal data processed?
We process personal data on a number of grounds required by law. The legal basis for the processing depends on our relationship with you. The table below shows the legal basis for the processing of our personal data and examples of processing operations.
5. Who processes my data and are they disclosed to third parties?
Your data will be processed by our company’s staff in the performance of their duties. However, in our work, we use third party data systems to store and process data. In doing so, we will ensure, via methods such as contracts, that your data are treated confidentially and lawfully.
We will provide data to our partners in the marketing, advertising, IT, payment, transport, and accounting sectors to enable provision of services. This is the case, for example, when you order payment or logistics services, or other services provided by third parties that are ordered via our website or service. Any such communication of data to third parties in connection with the provision of the service shall be specifically mentioned when ordering the service.
We may also disclose data otherwise in performance of contractual obligations or as required by law or a competent authority. We may also disclose your data if we are party to an acquisition or asset deal.
6. Are my data disclosed outside the EU?
We favour service providers with servers located in the EU. However, we also use reputable and reliable external service providers whose servers are located outside the EU, with limited transfers of data outside the EU/EEA.
Transfers outside the EU/EEA take place under the EU–US Privacy Shield, using the European Commission’s standard contractual clauses or another legal transfer mechanism. In doing so, we will ensure, via methods such as contracts, that the confidentiality of your data is preserved and that they are otherwise lawfully processed.
7. How long are my personal data stored?
We will only keep your personal data for as long as it is necessary for its purpose or as required by contract or by law.
We work to update the data and remove unnecessary data on a regular basis.
Please note that, for example, the Accounting Act obliges accounting records to be kept for at least six (6) years from the end of the accounting period.
8. How are my data stored and protected?
Your data are stored on our service providers’ servers, which are protected according to common industry practices. We will ensure that the processing complies with the requirements of applicable law and safeguards against accidental or unlawful destruction, deletion, alteration, unauthorized disclosure, or unauthorized access to personal data.
The personal data we collect and process will be kept confidential and limited to persons who need data in their work. We also undertake not to disclose personal data to anyone other than employees or other persons (including any subcontractors) who need to know the data in question for the agreed purpose and who, under their service or other contracts or by law, are obliged by law to keep the data confidential. Access to your personal data is protected by individual identifiers, passwords, and access rights.
9. Is providing data mandatory, and are there consequences for non-disclosure?
If you do not provide or allow your personal data to be processed in accordance with this privacy statement, we are unlikely to be able to serve you and fulfil the purpose of our activity. If you do not wish us to process your data in accordance with this privacy statement, we would be grateful if you do not provide us with any data.
10. Does the website use cookies, and what are they?
We use cookies on our websites to provide the best possible user experience to users of our websites and services.
Cookies are short text files that a web server stores on the user’s terminal device. Cookies provide us with data on how our websites and services are used. We use these data to develop our services and websites, analyse their use, and target and optimize marketing and advertising.
You can allow or refuse the use of cookies in your browser settings. Most browsers allow cookies automatically. Please note that blocking cookies may limit the functionality of our website and services.
11. What rights and influence do I have?
| DATA SUBJECT’S RIGHT | WHAT DOES IT MEAN? |
|---|---|
| Withdrawal of consent | If we process your data with your consent, you can withdraw your consent at any time by notifying us. You can also deny the use of your data for direct marketing at any time by clicking on the ‘Unsubscribe’ link in each email we sent for marketing purposes. |
| Access to data | You have the right to obtain confirmation from us as to whether we are processing your personal data and to know which personal data we are processing concerning you. In addition, you have the right to receive additional information on the grounds for the processing of your personal data. |
| Right to error correction | You have the right to request the correction of inaccurate, outdated or otherwise incomplete data concerning you. |
| Right to data erasure | You have the right to request the erasure of your data, for example if the data are no longer necessary for the purpose for which they were collected or if you withdraw your consent on the basis of which we processed your data. |
| Right to prohibit direct marketing | You can refuse the processing of your personal data for direct marketing purposes at any time by clicking on the ‘Remove from the mailing list’ link at the end of our email or by notifying our customer services. If, as our client, you forbid us to use your data for direct marketing, we will only send you the messages needed to manage our relationship with you. |
| Right to object to processing | If we process your personal data on grounds of public interest or legitimate interests, you have the right to object to the processing of your personal data to the extent that there is no substantial reason for processing that overrides your rights or is not necessary for the performance of a legal claim. Please note that in this situation we are unlikely to be able to serve you any longer. |
| Right to restriction of processing | In certain circumstances, you have the right to require that we restrict the processing of your personal data. For example, if you consider the data to be incorrect, we can limit processing during the verification of the accuracy of the data, or if you consider that the processing is unlawful, and you do not want your data to be erased. |
| Right to data portability | If we have processed your data on the basis of your consent or for the performance of the contract, you have the right to receive the data you have provided to us electronically in a machine-readable, commonly used format, so that the data can be transferred to another provider, if technically possible. |
| Right to object to automated processing and profiling | We do not carry out profiling based on the personal characteristics of data subjects or processing leading to automated decision-making. |
12. How can I exercise my rights?
You can exercise your rights described above by contacting us, for example by emailing [email protected]. You can find more details at the end of this document. Please confirm your identity if your contact concerns the processing of your personal data.
If you consider that the processing of your personal data is unlawful, you can also lodge a complaint with the competent supervisory authority. You can find the Data Protection Ombudsman’s contact details on their website.
13. Can this privacy statement be updated?
We will update the content of the privacy statement as we evolve and/or legislation is amended, so we invite you to visit this page from time to time. You can find the date of the privacy statement’s latest update date at the beginning of this document. We aim to inform data subjects of any significant changes to the privacy statement when the terms and conditions are updated.
14. Miten voin ottaa yhteyttä tietosuoja-asioissa?
You can most easily contact us by emailing [email protected]. Messages sent to this email address will be treated confidentially by our data protection team.
Tormets Oy
Verkkotehtaankatu 29
95420 Tornio
FINLAND
To do our best to serve you, we need to collect and process some of your data.
We value your privacy, and we are committed to protecting it in accordance with this privacy statement, existing legislation, and good business practice.
In line with the requirements of the EU’s General Data Protection Regulation, this privacy statement contains information on which personal data we collect, how we process it, and what rights and influence you have in relation to your data.
