Privacy Policy
This is Eforit Oy’s register and privacy statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on June 26, 2024. Last updated on July 1, 2024.
1. DATA CONTROLLER
Eforit Oy, Vaahteratie 10, 04150 Martinkylä
2. CONTACT PERSON RESPONSIBLE FOR THE REGISTER
Sari Virta
3. NAME OF THE REGISTER
Customer and stakeholder register of the company
4. LEGAL BASIS AND PURPOSE OF PERSONAL DATA PROCESSING
The legal basis for processing personal data under the EU General Data Protection Regulation is:
– the individual’s consent (documented, voluntary, specific, informed, and unequivocal)
– a contract in which the data subject is a party
– the legitimate interest of the data controller (customer relationship prior to the contract).
The purpose of processing personal data is to maintain communication with customers and to manage delivery and invoicing information required for coating services.
Data will not be used for automated decision-making or profiling.
5. CONTENT OF THE REGISTER
The data stored in the register includes: the person’s name, company/organization, contact details (phone number, email address, company address), website addresses, information about ordered services and their changes, invoicing details, and other information related to the customer relationship and ordered services.
The website does not use cookies to store visitor information, such as IP addresses, and does not profile visitors through cookies. Information from the website’s inquiry form is stored, and submitting the form requires the visitor’s consent. Only the information entered on the form will be stored in our register.
All data stored in the register will be kept for as long as deemed necessary.
6. REGULAR SOURCES OF INFORMATION
Data stored in the register is obtained from customers through messages sent via web forms, email, phone calls, contracts, customer meetings, and other situations where customers provide their information.
Contact details of representatives from companies and other organizations may also be collected from public sources, such as websites, directory services, and other companies.
7. REGULAR DISCLOSURES OF DATA AND TRANSFERS OF DATA OUTSIDE THE EU OR EEA
Data will not be disclosed to other parties.
8.PRINCIPLES OF DATA PROTECTION
Data processing is conducted with care, and the information processed through information systems is appropriately secured. When register data is stored on internet servers, their physical and digital security is adequately ensured. The data controller ensures that stored data and access rights to servers are handled confidentially and only by employees whose job responsibilities include this.
9. RIGHT TO ACCESS AND RIGHT TO REQUEST CORRECTION OF DATA
Each individual in the register has the right to verify their information stored in the register and to request correction of any inaccurate data or completion of incomplete data. If an individual wishes to verify their stored information or request a correction, the request must be submitted in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond to the customer within the time specified in the EU Data Protection Regulation (generally within one month).
10.OTHER RIGHTS RELATED TO PERSONAL DATA PROCESSING
Individuals in the register have the right to request deletion of their personal data from the register (“right to be forgotten”). Similarly, data subjects have other rights under the EU General Data Protection Regulation , such as the restriction of processing personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond to the customer within the time specified in the EU Data Protection Regulation (generally within one month).
