Privacy policy

Cookies

We use cookies to track site usage and trends to enhance your user experience.

Read more here >

 

Privacy policy for Epec Oy’s and its subsidiaries’ customer, partner and marketing register

Updated 19.12.2022

1. Controller

Epec Oy
Business ID: FI15690673
Tiedekatu 6
60320 Seinäjoki
Telephone +358 20 7608111
www.epec.fi

 

2. Contact person for register matters

Manager, ICT Operations & Security
Mika Heiskanen
privacy@epec.fi

3. Name of register

Epec’s customer, partner and marketing register.

4. What data do we process and what is the purpose and the legal basis of processing of personal data?

PERSONAL DATAPURPOSE OF PROCESSINGLEGAL BASIS
Basic information such as customer/partner name, customer number, username and/or other identifier, password , preferred language

Contact details, such as e-mail address, telephone number, address information

Information related to the company’s contact persons or other data subjects (like individuals participating in our trainings) such as name, role of the contact person and title and/or prefix of name, preferred language
Delivering and improving our products and services Legitimate interest
Fulfilling our contractual and other promises and obligationsPerformance of a contract
Billing
Sending of a newsletter and other electronic direct marketing Legitimate interest (companies)
BookkeepingLegal obligation
Possible direct marketing opt-outsServing customers interest of not receiving direct marketing
Legitimate interest in being able to fulfil our legal obligation to ensure opt-out from direct marketing in accordance with the law
Information provided by the data subject in connection with the events we host, registration data, special diets, invoicing dataOrganizing eventsLegitimate interest in being able to host events and invoice when applicable
Consent regarding health data (e.g. allergies)
Information of the customer/partner relationship and the contract such as information of past and current contracts and orders, correspondence with the data subject and other communication, payment information,. debt recovery and other information which the data subject has voluntarily provided to our systemsCompliance with our contractual and other promises and obligationsPerformance of a contract
Billing
Managing the customer relationship and collecting feedback, deviation and satisfaction data and other similar measuring of customer experience Legitimate interest in managing and developing the customer relationship
BookkeepingLegal obligation
Data of the connection and terminal device used such as the IP address, device ID or other device identifier and cookiesTargeting advertising in our and others´ online services
Consent
Analyzing and profiling behavior such as what pages has the user browsed and for how long,

5. From where do we receive data?

We receive information primarily from the data subject him/herself or from the company he/she represents by telephone, online, in events or in other similar ways.

In addition, for the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources, such as contact information service providers and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.

6. To whom do we disclose data and do we transfer data outside of EU or EEA?

We do not, in principle, disclose data from the register to external parties, unless it is necessary for providing our services and to comply with our contractual or legal obligations. For legitimate reasons, we may disclose some personal data to our affiliated companies, logistics partners/hauliers, legal or economical advisors or similar partners or authorities, which act as independent controllers.

We use subcontractors that process personal data on our behalf. We have outsourced the IT-management to an external service provider, to whose administrated and secured server the data is stored.

When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses .

7. How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system.

The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies are in locked premises and can be accessed only by certain pre-designated persons.

We store the data as long as it is necessary for the purpose of processing the data. Personal data in the customer, partner and marketing register is erased after the claim period related to the aforesaid specific relationship has elapsed. This period is typically ten (10) years.

We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

8. What are your rights as a data subject?

You have a right to inspect the personal data stored in the register concerning yourself and the right to require rectification or erasure of the data. Insofar the processing is based on consent, you also have a right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have a right to object or to request restriction of the processing and to lodge a complaint with a supervisory authority.

On grounds relating to your particular situation, you also have the right to object other processing activities, when the legal basis of processing is legitimate interest. In connection to your request, you shall identify the specific situation based on which you object to the processing. We can refuse the request of ogjection only on legal grounds.

9. Who can you be in contact with?

All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section 2.

10. Changes in the Privacy Policy

Should we make amendments to this privacy protection statement, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review these privacy protection principles from time to time to ensure you are aware of any amendments made.