/ Privacy statements / Privacy statement – Websites

Privacy statement relating to the use of Finnpark Oy websites

This privacy statement pursuant to Articles 13 and 14 of the General Data Protection Regulation (679/2016/EU) describes how the Controller processes the personal data of users of its websites.

1. Contact details of the Controller

Finnpark Oy
P.O. Box 15, FI-33211 Tampere
Business ID: 0155063-7
Email: asiakaspalvelu@finnpark.fi

2. Purpose of processing personal data and legal bases

The Controller processes personal data to ensure the functionality of the websites, improve the user experience, and analyse and develop the use of the websites.

Personal data may also be processed for customer communications and targeted marketing if the data subject has given their consent.

The legal bases for processing personal data are:

  • the legitimate interest of the Controller, namely the functionality and development of the websites (Article 6(1)(f) GDPR)
  • the consent of the data subject, for example for analytics and marketing cookies (Article 6(1)(a) GDPR)
  • pre-contractual measures, for example contact requests (Article 6(1)(b) GDPR)

No automated decision-making is used in the processing of register data, and the data is not used for profiling of data subjects as referred to in applicable legislation.

3. Personal data processed

The following personal data may be processed in connection with the use of the websites:

  • information provided through possible forms, such as name, email address and message content
  • IP address and technical device identifiers
  • browser type and operating system
  • information on the use of the websites, such as page views, visit times and navigation
  • information collected through cookies and similar technologies

4. Regular sources of personal data

Personal data is primarily collected:

  • through forms completed by the data subject
  • from the data subject themselves in connection with the use of the websites
  • through cookies and similar technologies

5. Disclosure and transfer of personal data

Personal data may be transferred to partners of the Controller who process personal data on behalf of the Controller in accordance with the Controller’s instructions, such as service providers related to the technical implementation of the websites, analytics and marketing.

The processor does not have the right to process personal data for its own purposes.

Data may also be disclosed to authorities where required by legislation.

6. Transfer of data outside the EU or the EEA

Personal data processed by the Controller is stored on servers located within the European Union.

If personal data is transferred outside the European Union or the European Economic Area (EU/EEA), the Controller ensures that the transfer takes place in accordance with applicable data protection legislation, for example by using standard contractual clauses approved by the European Commission.

7. Cookies

The websites use cookies and other similar technologies. A cookie is a small text file stored on the user’s device.

Cookies are used to:

  • ensure the technical functionality of the websites
  • remember the user’s choices, such as cookie settings
  • collect information about the use of the websites for analytical purposes
  • enable targeted communications and marketing based on the data subject’s consent

The data subject can manage cookie settings through the cookie banner on the websites or through their browser settings. Restricting the use of cookies may affect the functionality of the websites.

8. Principles of register protection

The protection and processing of the data contained in the register comply with the provisions and principles of the General Data Protection Regulation and other applicable data protection legislation, as well as instructions issued by authorities and good data processing practices.

The Controller has implemented appropriate technical and administrative security measures to protect personal data. Electronic material contained in the register is protected by firewalls, passwords and other technical safeguards.

Access to the register is limited to persons whose duties require such access, and the Controller’s personnel and subcontractors are bound by confidentiality obligations.

9. Data retention period

Personal data is retained only for as long as necessary for the purpose of the processing or for as long as required by law. As a general rule, personal data is retained only for as long as necessary to fulfil the purposes of processing defined in this privacy statement. The regular retention period is no more than two (2) years. However, data may be retained for a longer period if required by law.

The retention periods of cookies vary depending on the type and purpose of the cookie. However, cookies are retained for a maximum of two (2) years.

10. Rights of the data subject

The data subject has the right to access their personal data and to request the rectification or erasure of the data or the restriction of processing in accordance with applicable legislation.

The data subject also has the right to object to the processing of their personal data and, where applicable, the right to data portability.

Where the processing of personal data is based on consent, the data subject may withdraw their consent at any time.

The data subject has the right to lodge a complaint with a supervisory authority. The Finnish national supervisory authority is the Office of the Data Protection Ombudsman, whose contact details are:

Office of the Data Protection Ombudsman
P.O. Box 800, Lintulahdenkuja 4, FI-00531 Helsinki
Tel. +358 29 566 6700
tietosuoja@om.fi
www.tietosuoja.fi

11. Changes to the privacy statement

The Controller continuously develops its operations and therefore reserves the right to amend this privacy statement.

Changes may also be based on changes in legislation. The Controller recommends reviewing the content of the privacy statement regularly.n.