Privacy Policy

Description of data file of electronic services

Updated 17.6.2020

 

Delipap Oy is committed to protecting its customers’ and other website visitors’ privacy. This privacy policy and description of the data file (hereinafter “description of the data file”) outlines how Delipap Oy processes personal data in accordance with sections 10 and 24 of the Personal Data Act (Henkilötietolaki 523/1999) and the EU’s General Data Protection Regulation (GDPR). The description of the data file applies to all of Delipap Oy’s websites that collect personal data or from which there is a link to the privacy policy or where the privacy policy is visible.

This description was drawn up on 15.05.2018. The most recent changes to this description were made on 1.6.2020. It is important to us that you know what personal data we collect and that you know your rights relating to your personal data. This description states the purposes for which we collect and process personal data and how we have ensured that you have sufficient possibilities to manage the use of your personal data.

 

1. CONTROLLER

Delipap Oy, Teollisuustie 19, FI-02880 Veikkola

 

2. PERSON RESPONSIBLE FOR DATA FILE

Data protection officer, Johanna Tiainen, johanna.tiainen@delipap.fi, 09 260 620

 

3. NAME OF DATA FILE

Delipap Oy’s register of electronic services users

 

4. PURPOSE OF AND LAWFUL BASIS FOR PROCESSING PERSONAL DATA

The primary basis for processing personal data is the customer relationship between Delipap Oy and the customer, the customer’s consent, other lawful basis in accordance with the GDPR, or a factual connection.

Personal data can be processed for the following purposes: Managing the customer relationship, managing customer feedback and other consumer contact, marketing purposes, other purposes relating to the management of online services, and managing and implementing communications and marketing relating to online services.

 

5. CONTENT OF THE DATA FILE

Only data that the user submits when using the website is saved on Delipap’s register. These basic personal data include e.g. personal contact information, such as name, address, telephone number and email address, as well as other information concerning the customer relationship and ordered services, such as direct marketing consent or bans, and other necessary contact information.

 

6. DURATION OF DATA STORAGE

The company stores personal data in a customer register until the customer relationship between the data subject and Delipap Oy can be deemed to have ended. The end date is specified as the data subject’s last service interaction or other contact, plus 10 years. Some data may need to be stored for longer due to legal reasons.

 

7. REGULAR SOURCES OF DATA

Data is primarily obtained from the following sources:

The data subject themselves and events relating to the data subject’s customership, service use, communications, and interactions. Delipap Oy only saves data on users that the user submits when using Delipap’s website. Data is obtained from e.g. messages sent via online forms, e-mails, telephone calls, social media services and other situations in which the customer discloses their data.

In addition to data submitted by the data subject themselves, events relating to the data subject’s customership, service use, communications, and interactions (Log data).

 

8. DISCLOSURE OF REGULAR DATA AND DATA TRANSFER OUTSIDE OF THE EU OR EEA

Delipap Oy does not regularly disclose data to third parties, nor is data disclosed outside of the EU or EEA.

Data can only be published when the user has agreed to publication.

Customer data is not disclosed outside of the EEA.

 

9. DESCRIPTION OF THE PRINCIPLES FOR DATA FILE PROTECTION

The data on Delipap Oy’s website user data file is saved on the controller’s system, which is protected in an appropriate manner to safeguard the equipment’s physical and digital security. Such methods include firewalls, the use of secure equipment facilities, controlled granting of access rights and monitoring their use, instruction of persons participating in data processing and the use of the required encryption technologies. Access to the system requires a username and password, and the data contained in the data file are located in locked and guarded facilities.

The data file is processed carefully and appropriately. The controller will ensure that the stored data, user rights to the servers, and other information that is critical to the security of personal data are processed confidentially and only by those employees whose job description involves personal data processing. Only authorized employees have access to the digital material using personal user accounts and passwords.

Data in paper format is stored in a locked facility to which only authorized employees have access.

 

10. RIGHT OF THE DATA SUBJECT TO OBJECT TO PERSONAL DATA PROCESSING AND DIRECT MARKETING (RIGHT TO OBJECT)

The data subject shall have the right to object, on grounds relating to their particular situation, at any time to data processing that Delipap Oy profiles to the data subject’s personal data when the basis for personal data processing is the customer relationship between Delipap Oyand the data subject.

The data subject can present their notification concerning their objection to the processing of their personal data in accordance with section 11 of this privacy policy. In their notification, the data subject must outline the particular situation which is the basis for their objection to processing.

Delipap Oy can decline to carry out the objection-related request in accordance with legal principles.

 

11. OTHER RIGHTS OF THE DATA SUBJECT RELATING TO THE PROCESSING OF PERSONAL DATA

 

11.1.Right of access by the data subject (Right of access)

The data subject has the right to access the data concerning them that is stored on Delipap Oy’s customer register. The request for access must be submitted in accordance with section 12 of this privacy policy.

The right of access can be denied on legal grounds. Exercising the right to access is largely free of charge.

 

11.2. The data subject’s right to request rectification or erasure of personal data, or restriction of processing

The data subject can request the rectification or erasure of inaccurate, incomplete, inadequate or obsolete data, or the restriction of processing. The request for rectification must be submitted in accordance with section 12 of this privacy policy.

The data subject also has the right to request the restriction of personal data processing by the controller in situations wherein, for example, the data subject is awaiting Delipap Oy’s response to a request for the rectification or erasure of personal data.

 

11.3. Right of the data subject to complain to a supervisory authority

The data subject has the right to complain to a supervisory authority if the controller does not comply with applicable data protection legislation in their operations.

 

11.4. Other rights

If personal data is processed on the basis of the data subject’s consent, the data subject has the right to withdraw their consent by notifying Delipap Oy in accordance with section 12 of this privacy policy.

 

12. CONTACT

In all matters relating to personal data processing and exercising the rights of the data subject, please contact Delipap Oy.

  •       E-mail:  johanna.tiainen@delipap.fi
  •       Postal address: Teollisuustie 19, FI-02880 Veikkola

Delipap Oy may, if necessary, request the data subject to supplement their request in writing, and it may be necessary to verify the data subject’s identity before further action can be taken.