CUSTOMER AND POTENTIAL CUSTOMER REGISTER
Section 24 of the Personal Data Act (523/1999)
Section 7 of the Act on the Protection of Privacy in Electronic Communications
VILPE Oy (0558172-1)
Kauppatie 9, FIN-65610 Mustasaari, Finland
Sales and technical support tel. +358 20 123 3233
2. CONTACT PERSON IN DATA FILE -RELATED MATTERS
CEO Tuomas Saikkonen
Kauppatie 9, FIN-65610 Mustasaari, Finland
Tel. +358 20 123 3284
3. NAME OF THE DATA FILE
Register of customers and potential customers of VILPE Oy.
4. PURPOSE OF PROCESSING PERSONAL DATA
The personal data collected into the registry is used to control, manage and maintain customer relationships, produce and facilitate services and communications for the customer, invoicing, billing and dept collection as well as directing marketing and advertising and providing the data to a suitable VILPE Oy representative. In addition, the feedback and data gathered from customers is used in analysing market trends, product applications and research and development.
The basis for handling personal information is the legitimate interest of the register holder.
5. DATA CONTENT OF THE FILE
General identification details and basic information are entered in the corporate information system of VILPE Oy:
• Date and time of registration
• Person’s name
• Person’s phone number
• Person’s email address
• Person’s gender
• Department in organisation
• Responsibilities within the organisation
• Date of birth
• Open text, focused information for customer relationship management
• Log of communications
- Agreement to/ban of marketing
- Clicking and opening of e-mails
- Clicking on call-to-action
The following information of a visit on the vilpe.com-website might be stored to the register:
- Date and time of the website visit
- IP address
- Survey information
- Agreement to/ban of marketing
- Opening of e-mails and clicks
- Clicks to call-to-action -requests
- Information related to website use
- Information of activities related to website use (dates, quantities, traffic sources)
6. STORAGE TIME OF PERSONAL DATA
Personal data is stored for as long the customer relationship exists. After the customer relationship has been terminated the personal data is stored for maximum three (3) years from the date of termination. Personal information of potential customers is stored in the direct marketing register for as long as the subject of the information holds the position, to which the marketable product or service is relevant to, or until the subject of the information withdraws the consent for the use of data for direct marketing purposes. In this case the information of the withdrawal of consent will be stored. Personal information can be stored for longer periods of time, when the applicable law and regulations or the Company’s contractual obligations towards third parties require it.
7. COLLECTION OF PERSONAL DATA
On this site, we use services provided by Leadfeeder. Leadfeeder Tracker collects data to their Amazon Web Services infrastructure. All data is encrypted on transfer and at rest.
We collect the behavioral data of all website visitors. This includes; pages viewed, visitor source and time spent on the site. The visitor IP address is collected to detect the company name, personal contact information and geographic location. Leadfeeder is integrated with MailChimp, which in turn is integrated to our CRM-system Lime. For people in our CRM-system, Leadfeeder show website activities on a personal level. We add personal data (such as names and contact information) to Lime for people who are working in our business field.
Leadfeeder also enriches that company data with contact data for individuals from publicly available data sources. Our data partners for contact data include Hunter and Full Contact. To increase visitor privacy, IP anonymization is available for your tracker script. This can be set up in the Leadfeeder Tracker settings. This feature will erase the last part of the IP address, thereby making the IP anonymous.
Cookies: Leadfeeder tracker adds a visitor cookie. This cookie is called _lfa and has a two year expiry date from when it was first set. The cookie is set for the website domain only, Leadfeeder does not use 3rd party cookies.
8. TRANSFER OF DATA
The data can be transferred to register holder’s parent and daughter companies for the purposes described in this document’s article 4, for register holder’s direct marketing purposes or to the register holder’s personal data records. The transfers are always made in accordance with the current data protection and security regulations. Service providers from other companies do also handle and use personal data. These service providers are:
- Providers of IT-services
- Providers of logistic services
- Providers of paid services
- Providers of marketing services
9. TRANSFER OF DATA TO OUTSIDE THE EU OR EAA
The data will not be transferred outside the EU or EAA.
10. PRINCIPLES OF SECURING THE DATA FILE
A. Manual material
Kept in a place where access is restricted to designated persons.
B. Electronically recorded data
The data will be stored in an appropriate electrical system. The personnel of VILPE Oy and external persons acting on its behalf who participate in processing the data are bound by an obligation of confidentiality regarding all customer data. Access to the data file is protected by usernames, passwords and access rights.
11. CUSTOMER PROFILING
The register holder can use the data for customer profiling. Customer profiling is achieved with the help of identifiers, with which the data generated by the service, concerning the subject of the data, can be combined. The resulting profile can then be used for example for comparisons with other profiles created in a similar manner. The purpose of customer profiling is to examine the demand of products and services and customer behaviour.
12. DATA SUBJECT RIGHT TO OBJECT HANDLING OF DATA AND DIRECT MARKETING
The subject of data has the right to object customer profiling and other data handling activities, that the register holder is performing to the subject’s data, when the basis for the data handling activities is the customer relationship between the subject of the data and the register holder. The subject of the data can present their objection by the means specified in this document’s article 14. CONTACT. The subject of the data will need to specify the particular instance that their objection is based on. The register holder can abstain from carrying out the request regarding the objection on the basis of the current laws and regulations. The subject of the data can at any time accept or withdraw their consent of the use of their data for direct marketing and customer profiling purposes.
13. OTHER RIGHTS OF THE SUBJECT OF THE DATA
RIGHT TO INSPECTION
The subject of the data has the right to inspect what data concerning them has been stored to the register holder’s register. The request of inspection has to be made according to article 14. CONTACT. The register holder can abstain from the request to inspect the data on the basis of current laws and regulations. Data inspection request done once per year is primarily free of charge.
THE RIGHT TO DEMAND CORRECTION OF DATA, REMOVAL OF DATA OR RESTRICT ITS USE
The subjects of the data have the right to demand the correction of incorrect data, the right to prohibit the use of their data for direct marketing or similar purposes. The request for the aforementioned has to be made according to article 14. CONTACT. The subject of the data also has the right to restrict the handling of their data, for example, during the process of requesting the removal or correction of data concerning them.
THE RIGHT TO TRANSFER DATA FROM REGISTER
The subject of the information has the right to acquire any information that they have provided to the register, that are used with their consent or mandate, in primarily machine-readable format to themselves or to be transferred to another register holder.
THE RIGHT TO MAKE A COMPLAINT TO A SUPERVISORY AUTHORITY
The subject of the data has the right to make a complaint to a supervisory authority when the register holder has not acted in accordance to the applicable privacy and data security regulations.
When the personal data is being handled on the basis of the consent given by the subject of the data, the subject of the data has right to withdraw their consent by informing the register holder according to the article 14. CONTACT.
In all matters regarding the handling of personal data and in all cases of evoking their right the subject of the data will need to be in contact with the person specified in article 2. The register holder or the person specified in article 2. can when necessary, in writing, ask the subject of the data to clarify their request. Also, the subject of the data’s identity can be verified if necessary, before taking action on the request.