Oy Roberts Ab’s Privacy Notice for the Customer Register

Updated 1.4.2020

Controller

Name of the company (business ID)

Oy Roberts Ab

Inkilänkatu 3

20300 Turku 

(hereafter ”we”)

Contact person for register matters 

Siv Böhling

siv.bohling@roberts.fi

Name of register

CUSTOMER REGISTER

What is the purpose and the legal basis of processing personal data?

The basis of processing personal data is our legitimate interest based on customer relationship.

The purposes of processing personal data are:

  • the delivery and development of our products and services,
  • fulfilling our contractual and other promises and obligations,
  • taking care of the customer relationship,

What data do we process? 

We process the following personal data of our customers or other data subjects in connection with the customer register: 

  • basic information of the data subject* such as name, customer number, surname, address, phone number, mobile phone number, e-mail address, order history and tracking details 
  • information of company and company’s contact persons* such as business ID, names and contact details of the contact persons and
  • information regarding the customer relationship and the contract such as past and current contracts and orders, 

Providing personal data marked with an asterisk is a requirement for our customer relationship. Without the necessary information we are not able to provide the product and/or service.

From where do we receive data?

We receive information primarily from the following sources: yourself, population register, authorities, credit information companies, contact information service providers and other similar reliable sources.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.

To whom do we disclose data, and do we transfer data outside the EU or the EEA?

We don’t disclose data from the register to external parties. We may disclose personal information with your consent to external partieswe cooperate witht for he handling of claims.

We use subcontractors that process personal data on our behalf. We have outsourced the IT-management to an external service provider, on whose administrated and secured server the personal data is stored.

Personal data is not transferred outside the EU/EEA.

How do we protect the data and how long do we store them?

The Controller’s database and files are protected by standard technical measures. Access to the register requires a personal username and password granted to only those of our employees, who on behalf of their work are entitled to process customer data. 

We store the data only for as long as is necessary by the purpose of the data processing. 

We estimate the need for data storage regularly, taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

 What are your rights as a data subject?

You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.

On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

Who can you be in contact with?

All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section two (2).