CUSTOMER REGISTRY – PRIVACY NOTICE
Day of formulation
Televisiotie 2, 15860 Hollola, FINLAND
Tel. +358 20 718 1310
Contact person related to the registry
Tel. +358 20 718 1310
Name of the registry
Purpose for handling personal data
The purpose of the registry is maintaining the customer registry, customer orders management, archiving and handling, and management of customer relationships.
Data can be used for company’s business development, statistical purposes and for providing more personal content in company’s internet services. Personal data is handled within the limits stipulated in the privacy laws.
Data in the registry can be used in the company’s own registries for e.g. more focused marketing without disclosing the data to a third party. The company may use partners for maintaining customer and service relationships and parts of the registry data may be transferred to the partner’s servers due to technical reasons. Data is handled only for maintaining customer relationships through technical interfaces.
Company has the right to publish data included in the registry in electronic or written lists unless customer specifically disallows this. Lists in this case mean e.g. address labels for direct marketing or similar. The customer has the right to disallow the publishing of the data by informing to customer support, by email (firstname.lastname@example.org) or to the registry contact person.
Data content of the registry
Registry is managed by Heatmasters Oy and includes data from its fully owned companies which are located in the same address and which are using the same servers. Companies include: Heatmasters Oy, Heatmasters Lämpökäsittely Finland Oy, and Heatmasters Technology Oy.
Customer registry may include the following data:
- first and last name
- email address
- mailing address
- phone number
- information about former orders, quotations, etc.
Regular data source
Data is collected from customer’s ordering process in company’s units, webshops or through representatives as well as notifications related to the customer system during the customer relationship.
Data is collected from customer’s registration process as well as notifications made by the customer during the relationship. Updates to name and contact data is also received from authoroties and companies offering contact data updating services. Data may also be received from subcontractors who are involved in using or providing the services.
Data about customer’s activities in the digital environment may be received from partner’s websites, information systems, or other digital sources which require registration by electronic invitation (link), through cookies, or using login data given to the customer.
Data in the customer registry is used only by the company except when using an external service provider to create added value services or credit check.
Data will not be disclosed outside the company or to its partners’ use, except in case of credit application, collection or invoicing, and when legally bound to do so. Personal data will not be transferred outside of the EU, unless it is necessary for securing the technical solution.
Data of a registered person will be deleted if requested by a user unless prevented by legislation, open invoices, or collecting activities.
Regular disclosing of personal data
Transferring data outside EU or EEA
Personal data will not be transferred outside of the EU, unless it is necessary for securing the technical solution.
Registry protection principles A: Manual material
Contact data collected in customer events and other manually handled documents including customer data are kept after initial handling in locked and fire safe space. Only selected personnel with a non-disclosure agreement signed are authorized to handle manually stored customer data.
Registry protection principles B: Digital material
Only selected personnel of the company and its partners are authorized to use the customer registry and update its data. Every user has her/his own personal user name and password, and every person has signed a confidentiality agreement. System is protected by a firewall that is protecting from outside access.
Registered person has the right to inspect what data there is in the registry about her/him. Inspection request must be done in written format by contacting customer service or registry contact person either in Finnish or English. Inspection request must be signed personnally.
Registred person has the right to disallow the handling and disclosing of the data to direct marketing and sales as well as market or other surveys by contacting the company’s customer service.
Right to demand the rectification
The personal data in the registry which is incorrect, useless, or outdated from the handling purpose point of view must be corrected, removed or updated.
Rectification request must be done in writing with personal signature to company’s customer service or registry contact person.
In the request it must be specified which data is demanded to be rectified and on which grounds. Rectification will be done without delay.
Information about the rectification is given to the party from whom the data has been received or to whom the data has been disclosed.
If the request for rectification is denied the registry contact person will give a written explanation of why the request was denied.
The denial can be given to the local data protection ombudsman to solve the case.
Other rights related to personal data handling
Registered person can disallow disclosing or handling of her/his data for direct marketing and other marketing purposes, request the data to be anonymized in applicable parts and right to be completely ignored.
Heatmasters GDPR Compliance