Privacy Policy

Data Controller
SP stainless Oy
Perämiehenkuja 2
70900 Toivala, Finland

Contact Person Responsible for the Register

Hannele Ranta, hannele.ranta@spstainless.fi

Name of the Register

User and Marketing Register of the Web Service

Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data under the EU General Data Protection Regulation is the individual’s consent (documented, voluntary, specific, informed, and unambiguous). The purpose of processing personal data is to maintain customer relationships, conduct marketing, and develop services. The data is not used for automated decision-making or profiling.

Content of the Register

The register may contain the following information: website addresses, IP address of the internet connection, social media service identifiers/profiles, organization and contact details, information about ordered services and changes to them, and other data related to the customer relationship and ordered services. User data is retained only as long as necessary to fulfill the purposes defined above, in accordance with applicable legislation. IP addresses of website visitors and cookies essential for the service’s functionality are processed based on legitimate interest, for example, to ensure data security and collect statistical data about site visitors, in cases where such data can be considered personal data. Consent is requested separately for third-party cookies when necessary.

Regular Sources of Information

The data stored in the register is obtained from the customer via messages sent through web forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information. Contact details of representatives of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies. The website uses Google Analytics, Dealfront, and other analytics tools to generate reports on the use of our website to improve our site and services. More information about Google Analytics is available at http://www.google.com/analytics. You can opt out of Google Analytics data collection by installing a browser add-on from https://tools.google.com/dlpage/gaoptout. More information about data collected by Dealfront is available at https://www.dealfront.com/privacy-notice.

Regular Disclosure of Data and Transfer Outside the EU or EEA

Data is not regularly disclosed to third parties. Data may be published to the extent agreed with the customer. As a rule, data is not transferred outside the EU or EEA. Data is not transferred to the United States without the explicit consent of the data subjects.

Principles of Register Protection

Care is taken in the processing of the register, and data processed via information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the hardware is appropriately ensured. The data controller ensures that stored data, server access rights, and other critical personal data are handled confidentially and only by employees whose job description includes such tasks.

Right of Access and Right to Request Correction

Every person in the register has the right to inspect their stored data and request correction of any incorrect or incomplete information. If a person wishes to inspect their stored data or request a correction, the request must be sent in writing to the data controller. The data controller may request the person to verify their identity if necessary. The data controller will respond within the time frame set by the EU GDPR (generally within one month).

Other Rights Related to the Processing of Personal Data

A person in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU GDPR, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may request the person to verify their identity if necessary. The data controller will respond within the time frame set by the EU GDPR (generally within one month).

Supervisory Authority
Office of the Data Protection Ombudsman
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: P.O. Box 800, 00520 Helsinki
Switchboard: +358 29 56 66735
Email: tietosuoja@om.fi

Prepared on: 28 February 2024
Last updated: 1 January 2025