Privacy policy, Customer register

Description of the file

Personal Data Act (523/1999) section 10

Date of drafting: 24.5.2018
Updated: 15.08.2019

Rockrobot Oy Customer Register

 

 

 

Controller

Rockrobot Oy

org nr/VAT ID: FI25831337

Visitor address: Skaffarinkatu 7, 32800 KOKEMÄKI, FINLAND

Postal address: Vesimyllynkatu 2, 33310 TAMPERE, FINLAND

 

Rockrobot Oy

org nr/VAT ID: FI25831337

Visitor address: Skaffarinkatu 7, 32800 KOKEMÄKI, FINLAND

Postal address: Vesimyllynkatu 2, 33310 TAMPERE, FINLAND

The person in charge and contact person: 

Petri Lehtinen

Tel. +358 40 588 2755

info@stonepower.fi

The purpose for processing the personal data

The purpose for processing the personal data / the purpose for the use of this register is to develop and maintain potential and present customer relationships. It is also essential for every equipment manufacturer to be able to find quickly the products that require checking or service due to bug, spare part defect or failure or any other similar reason. Every device must have a contact person. This is based on the following prerequisites in the personal data act 523/1999 8§

Content of the register

This customer register may include one of the following data or all of them: the name of a person, the name of a company that he/she represents, phone numbers, addresses (visitor, postal, construction site/work area, delivery, e-mail, social media addresses), title, contact type (present/potential customer etc), description of customer related tasks and equipment.

Regular sources of information

Regular sources of information are company related contacts with a present or a potential customer (meetings, phone, e-mail, social media, Outlook, Messenger and other similar messaging applications, contacts using web contact sheet).

Regular destinations of disclosed data

We don’t deliver customer register data to other organizations or individuals. Exceptions are new contacts from Norway, Sweden or Denmark, which are routed to the nearest reseller. See “Third party privacy policies” in Stonepower privacy policy to find out which third party applications share personal data.

Data is transferred outside the European Union and the Europen Economic Area, because most of the equipment and applications are manufactured and controlled outside the European Union. For example mobiles, that are used to contact customers, have applications, which use servers outside the Europe and which may read address book, pictures and other information in the phone. During updates there may happen data transfer due to backups.

The principles how the data file/register is secured

A. Manual register
Manual register is held in a locked storage cabinet. Only the authorized people in the company can access the cabinet.

B. Data register
Communication devices, that are used to contact the customer, read or process the personal data, have a password or a PIN enquiry or another means of restricting unauthorized users to access the data. They are connected only to known networks, that have a firewall enabled. The communication devices have a security software installed. The customer register server is located in Finland in premises that fulfill the requirements set by Finnish Communications Regulatory Authority according to 48A/2003 concerning “Important premises”. It defines the demand for physical protection of communication network against fire, water and burglary. The network is also protected by a firewall. CRM, web and email server is also located in Finland. The server is protected by a firewall and the server lies in Level 2 segmented network. Only the authorized people can access these servers.

Most of the devices and the installed applications are manufactured and controlled outside the European Union (for example using updates) or other applications.

The right of subject access

This right of subject access means that you can make a request under the Data Protection Act to any organisation processing your personal data. Concerning this customer register you can do that by sending a written request to register’s contact person (see 2. in this file) including your full name, address and contact telephone number; any information used by the organisation to identify you (account numbers, unique ID’s etc), details of the specific information you require and any relevant dates, for example emails in a specified time frame.

The right to demand correction of failures in your personal data

You have the right to demand the correction of incorrect or inaccurate data related to you in this register. Concerning this customer register you can do that by sending a written correction request to register’s contact person (see 2. in this file) including your full name, address and contact telephone number; any information used by the organisation to identify you (account numbers, unique ID’s etc), details of the specific information you require to be changed, a correction and any relevant dates.

The right to deny the use of your personal data to any purpose that is not mandatory due to Finnish legislation

You can deny partly or entirely the use of your personal data for example for marketing.