Register and Privacy Statement
This is the Kattokeskus group’s registration and data protection statement in accordance with the EU General Data Protection Regulation (GDPR). Latest change 31 January 2023.
Personal data refers to all data related to an identified or identifiable natural person (hereinafter “the registered person”). An identifiable person is considered to be a natural person who can be directly or indirectly identified, especially on the basis of identifying information, such as name, social security number, location information, online identification information.
The customer refers to the registered consumers and the contact persons of the companies and other entities (hereinafter “company”) with which the Controller has a customer relationship.
Potential customers are registered consumers and contact persons of companies with whom the Controller tries to create a customer relationship.
Stakeholders refer to consumers and contact persons of companies with whom the Controller has a cooperative relationship (for example, representatives of companies providing services to the Controller) or another connection (for example, media representatives as parties to information activities).
The controller processes personal data of registered users for the following purposes (for one or more simultaneously):
The legal basis for the processing of personal data is the following subsections of Article 6 of the EU Data Protection Regulation:
The data controller processes your data to implement the contract with you or the company you represent.
The Controller has legitimate interests related to the conduct of business, such as the right to promote the sale of its products and services through marketing and sales methods, and the Controller can, based on the legitimate interest, engage in direct marketing and sales using your contact information.
Due to internal administrative reasons, the controller has legitimate interests in accordance with the data protection regulation to transfer personal data within the group from one limited company to another.
In addition, the controller can process your personal data when required to do so by legislation, such as, for example, based on the retention obligation of the Accounting Act.
The personal data collected by the controller may include, among other things, the following types of data and changes made to them:
IP addresses of website visitors and cookies necessary for the functions of the service are processed on the basis of a legitimate interest, e.g. to take care of information security and for the collection of statistical data of website visitors in those cases when they can be considered as personal data. If necessary, consent is requested separately for third-party cookies.
The information to be saved in the register is obtained from the customer, e.g. From messages sent via web forms, by e-mail, by phone, via social media services, contracts, customer meetings and other situations where the customer gives out their information. In addition, the Controller receives personal data from its group companies and partners, such as various financing, installation and maintenance service providers and other operators in the construction industry.
The controller can also receive personal information about possible potential customers from the staff and other customers for the purpose of contacting them.
In addition to the above, the Controller can use generally available sources to obtain personal data when acquiring new customers. In this case, the groups of personal data are name, telephone number and e-mail address, and the legal basis is the legitimate interest of the controller (Article 6 point f). The controller considers that it has a legitimate interest in using personal data available from public data sources in its own business and product marketing in order to secure its competitiveness in its industry.
The controller will not give, sell or otherwise disclose your personal data to external third parties, unless otherwise stated below.
The Controller may share your personal data with third parties who perform services or deliver goods to the Controller. These services can be, for example, customer service, installation and maintenance service, software services, research activities, marketing and producing events. The controller may share your personal information to collect payments for products and services, and may, for example, transfer or sell unpaid invoices to third parties offering debt collection services
The Controller shares your personal data with partners with whom the Controller jointly manages and implements projects.
The controller may share your personal data with carefully considered third parties for joint or independent direct marketing purposes. Information can be shared for those purposes only when the third party’s planned purpose of use does not conflict with the purposes of use defined in this Data Controller’s privacy statement.
The controller may share your personal data in connection with a business acquisition or other business arrangement or when the service is transferred to another service provider. The controller may share your personal data on a court or similar order.
When providing services, the controller may use resources and servers located in different parts of the world. The controller may therefore transfer your personal data outside the country of use of the services and possibly also to countries outside the EU.
The processing time for the personal data of different groups of people is determined by the following criteria:
Care is taken when processing the register and the information processed with the help of information systems is properly protected. When registry data is stored on Internet servers, the physical and digital data security of their hardware is taken care of accordingly. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it is.
The registered person has the following rights according to data protection legislation. However, the application of rights in each individual situation depends on the purpose and situation of use of personal data.
The registered person has the right to access the personal data and receive a copy of the personal data.
You can send a request regarding the registered person’s rights by letter or e-mail using the contact information mentioned in this privacy statement.
Identity is checked before the request is processed. The request will be answered within the time stipulated in the EU data protection regulation (generally within a month). If the request cannot be agreed to, the refusal will be notified separately.