Combined Privacy policy and information document (Update 22.5.2018)
1. Controller
Tulikivi Oyj Kuhnustantie 10 FI-83900 JUUKA Tel. +358403 063 100 (switchboard) Email tulikivi@tulikivi.fi www.tulikivi.com
2. Contact in matters concerning the data file
Tulikivi Oyj Tietosuojatiimi Joensuuntie 1226 B 83900 Juuka Tel: +358403 063 100 (switchboard) Email: tulikivi@tulikivi.fi
2a. Data protection officer
Tulikivi Oyj Kuhnustantie 10 FI-83900 JUUKA Tel. +358403 063 100 (switchboard) Email tietosuojavastaava@tulikivi.fi
3. Name of personal data file
Tulikivi customer register
4. Purpose and grounds for processing personal data
Processing of personal data requires a customer relationship, the customer’s consent, an order made by a customer to Tulikivi or the implementation of rights and obligations based on an agreement between Tulikivi and a customer or on legislation. The controller’s legitimate interest also constitutes grounds for processing.
The purposes of the Tulikivi customer register include: • Customer identification and user management. Identification, authentication and authorisation of customers in Tulikivi services. Data security of services and administration of user rights and access. • Customer service and operative management, administration and development of customer relations. Management of customer data and customer and contact history. Organisation of support and advice services for customers and the management and quality assurance of service measures. • Conducting Tulikivi’s operations, providing services and making payments and their analysis, reporting, development and personalisation. Verifying and managing service and payment transactions. Assurance of operating quality and safety. • Analysis, forecasting, segmenting and development of customerships. Research and statistical analysis. Targeting customer and marketing communications, developing product and service offering and development and reporting of business operations. • Provision and marketing of services and implementing and monitoring customer and marketing communications. Processing and analysis of and statistical compilation on customer feedback and the results of customer questionnaires and surveys. Management of communications and campaign history.
Direct marketing consents and prohibitions
Customers may update direct marketing consents and prohibitions on the website or in the online store or by e-mail. Customers can consent to receiving direct marketing by • E-mail • Mobile phone
5. Data content of personal data file
The Tulikivi customer register contains the following data: Basic information on customer • Name • Contact information o Address information o Telephone number o E-mail address • Language • For corporate customers, the register also contains information on their organisation
Identifying information Information identifying the customer: • Customer number • Username for online services • Encrypted/decentralised customer number for online services
Customer identification associated with the use of online services: • The identifier assigned to the terminal device used by the customer every time the customer logs in to a service
Data associated with customer relationship • Customer’s purchases and contact history • Direct marketing consents and prohibitions • Personal information submitted by the customer • Customer classification information and other data derived from analytics • Data form external sources • Campaign data and associated monitoring data • Result and classification data of the responsible customer relationship model • Data associated with prevention of misuse • Online store purchase data
Tulikivi Corporation will only store data that is necessary for operations and the purpose of the data and for the processing of which there are legal grounds. Data that are no longer fit for their purpose, obsolete data and data for which grounds for processing no longer exist will be anonymised or securely destroyed.
6. Regular data sources
Data associated with a customer is collected from the customers when making agreements, in the my information section of the online store, when using products and services, in conjunction with customer service and when a customer takes part in product or service development, surveys or questionnaires.
Customer-related data is generated in Tulikivi’s information systems on the customer’s consent when the customer uses Tulikivi’s online services.
Customer data is updated and its accuracy and currency are verified from the Population Information System and in the case of organisations from other external sources.
Data associated with customers may be acquired and updated also from other external sources when allowed by law for purposes of which the customer has been notified.
Use of cookies
Cookies are small text files that browsers store on the customer’s terminal device. Cookies contain a unique identifier which can be used to identify users.
Tulikivi uses cookies in its online services to provide services and make them easier to use. Users cannot be identified solely with cookies. Cookies and the data collected with them are also used to analyse the usability and use of online services and to improve their safety, monitor their use and improve the service itself.
Cookies and the data they provide may also be used to produce targeted communications, advertising and content in online service (for instance, when you have visited our website, we may advertise products that you have viewed and associated other products on our partners’ websites), improve the website and measure and optimise marketing activities.
Users can consent to the use of cookies or block them in the settings of their browser.
7. Regular declarations of personal data
Customers’ personal data is not generally disclosed to others outside the Tulikivi Corporation’s organisation or its subsidiaries.
Tulikivi Corporation may disclose personal data to its partners for marketing, marketing research, surveys and database purposes. Ownership of the data is not transferred to third parties and they do not have the right to use them beyond the services ordered by Tulikivi.
Tulikivi Corporation may also use services offered by third parties such as e-mail service providers, credit information providers, data analysis services and corporate data services. We have verified that all of our service providers comply with data protection legislation.
Personal data may be disclosed to third parties when required by a valid act or decree or an order issued by the authorities or to supervise compliance with the general terms and conditions of service agreements and to ensure the security of services.
Tulikivi may also disclose non-personal data (such as the addresses of webpages directing to its services and the addresses used to exit a service and data on device platform types, use of service commodities and clicks) to interested third parties to help them better understand how certain content is used, services, campaigns and/or the usability and attractiveness of services.
However, Tulikivi may disclose data to the authorities when required by law to investigate and prevent misuse, for example.
With the customer’s consent, data may also be transferred to temporary registers such as event, raffle and research registers. Data in these registers is only processed for the purposes of each register as separately notified.
Tulikivi Corporation may disclose personal data in conjunction with corporate acquisitions, outsourcing or an asset deal in which Tulikivi Corporation or its business or a part thereof is sold to the recipient of the data.
Within the Tulikivi Group, customers’ personal data may be disclosed outside the European Union or the European Economic Area as allowed by law when, for example, the customer has given consent to the disclosure, sufficient level of data protection can be guaranteed by agreement or if the data is disclosed to a country where the level of data security is sufficient according to the European Commission.
8. Transfer of personal data to countries outside the EU/EEA
In general, data is not transferred to countries outside the European Union or the European Economic Area
In general, we have chosen secure data centres that are located in Europe for the storage of data.
9. Data file security principles
We consider secure processing of personal data to be an important matter. We use technical data security solutions that are common in the industry and control use with user management tools.
We have trained our personnel to process and monitor personal data in accordance with legislation.
Electronically processed data is protected with firewalls, passwords and other technical means generally approved in the data security industry. Manually stored data is kept in premises to which unauthorised persons do not have access.
Only the designated employees of the controller and the companies acting on behalf of the controller and on the basis of its order are authorised by the controller to access register data.
10. Rights of the data subject
Data subjects have the following rights and signed requests to exercise them should be made to tulikivi@tulikivi.fi or in writing by mail to: Tulikivi Corporation, Tietosuojatiimi, Joensuuntie 1226 B, FI-83900 Juuka, Finland
Inspection requests should state that the request concerns personal data in Tulikivi Corporation’s customer register.
Data subjects have the right to inspect their customer data in person 30 days after the inspection request has arrived at Tulikivi Corporation. Before data is disclosed, data subjects must always prove their identity using a photo-ID approved by the authorities..
A. Information The controller is obliged to provide data subjects with information on the processing of personal data.
B. Right of inspection Data subjects have the right to inspect the personal data we have stored free of charge once each year. Should you detect errors or shortcomings in your data, you can ask us to rectify or complement the data.
C. Right of rectification The data subject is entitled to demand rectification of inaccurate personal data.
D. Right of erasure If the data subject feels that it is not necessary for us to process their data for our purposes, the data subject has the right to ask us to erase the data in question. We will process the request and then either erase the data or provide the data subject with a justified reason why the data cannot be erased. If the data subject disagrees with our decision, they have the right to lodge a complaint with the Data Protection Ombudsman. The data subject is also entitled to demand that we restrict the processing of disputed data until the matter has been resolved.
The data of customers in a customer relationship will be retained at least for the period of time required by the Accounting Act. Data is retained by the Tulikivi Corporation for a longer period to simplify the maintenance of the customer relationship and the service of products.
E. Right to object Data subjects have the right to object to the processing of their personal data at any time if, in their opinion, we have processed their data unlawfully or if we are not entitled to process some of the personal data.
F. Direct marketing prohibition Data subjects have the right to prohibit us at any time from using their data for direct marketing.
G. Right to lodge a complaint Data subjects have the right to lodge a complaint with the Data Protection Ombudsman if in their opinion we violate current data protection legislation when we process their data.
Austria
Belgium
Canada
Estonian
Finland
France
Germany
Global
Italy
Netherlands
Sweden
Switzerland
United States