Timberwise Oy is committed to fulfilling the EU General Data Protection Regulation, which is applied starting 25 May 2018 in all EU member states.
With this data protection policy, we are informing natural persons about the processing of their personal data. The customer has to accept the terms and conditions of this data protection policy in order for us to be able to add the person to the Timberwise Oy customer and stakeholder register.
- Data controller
Timberwise Oy (Business ID: 1109113-9)
Juvantie 99, PO Box 222, FI-32201, Loimaa, Finland
Tel. +358 2 763 6420
- Person responsible for the register
Juvantie 99, PO Box 222, FI-32201, Loimaa, Finland
Tel. +358 50 516 9221
- Name of the register
Timberwise Oy customer and stakeholder register
- Legal basis and purpose of the processing of personal data
According to the EU General Data Protection Regulation, the legal basis for the processing of personal data is the person’s consent (documented, voluntary, individualised, conscious, and unequivocal) to a contract to which the customer is a party. The customer’s personal data may only be used to fulfil the conditions of the contract.
The data is not used for automatic decision-making or profiling, and the data is not disclosed to third parties.
- The personal data is used:
- For the maintenance of the customer relationship
- For the development of the operations, services, and products of Timberwise Oy
- For improving the customer experience
- For marketing and sales
- For communications
- For delivery of goods
- For purposes of analytics and statistics
- The personal data in the register is also used in Koodiviidakko Oy’s Postiviidakko newsletter editor. Koodiviidakko Oy operates as a processor of personal data in accordance with the EU General Data Protection Regulation.
- Data content of the register
Timberwise Oy’s customer and stakeholder register contains the following data related to natural persons:
- Phone number
- Address information
- Regular sources of data
The main source of data is users themselves. The contact persons for companies may also request the data controller to add other contact persons to the register for the company for the purposes of receiving communications related to Timberwise Oy. In these cases, a confirmation e-mail is sent to the added persons, through which they must accept this data protection policy and the addition of their data to the register. If acceptance does not happen within a month, the data of the person added to the register will be removed.
At a customer’s request, data about him or her can be removed from the Timberwise Oy system. The removal is permanent, and we cannot recover deleted personal data.
We retain personal data only for the necessary period of time, so that we can fulfil the purposes of use described in this policy. The legislation sets obligations for the longer-term retention of some of the data, such as for the following purposes:
- The Accounting Act specifies longer retention times for data regardless of whether the material contains personal data or not
- Making of sufficient backup copies from databases and systems in order to secure the data, to repair fault situations, and to ensure data security and continuity
- In order to realise other Timberwise Oy responsibilities and to demonstrate their appropriate realisation
- Cookies on the website
- Regular disclosure of data and transfer of data outside of the EU or EEA
Data may be disclosed in a way stipulated by the requirements of the competent authorities or other entities and based on the valid legislation. For example, auditors have access to the system containing personal data when performing an audit.
The data may be published for the parts that have been agreed on with the person. For example, the information of Timberwise Oy’s staff members is published on the company’s website: https://old.timberwise.fi/yhteystiedot/.
Data is not regularly transferred outside of the area of the European Union member states or the European Economic Area unless it is necessary for the above purposes of the processing of personal data or the realization of the technical processing of the data, in which case the requirements of the Personal Data Act shall be fulfilled in the transfer of the data.
Without limitation to the above, when carrying out commissions outside of the EU or EEA, data also may be transferred in the scope required by the commission outside of the area of the European Union member states or the European Economic Area.
- Principles of register protection
In the processing of the register, care is taken and the data processed with the aid of information systems is protected appropriately. When register data is stored on internet servers, the digital and physical data security of the equipment is appropriately attended to. Paper documents can be found in an appropriately locked archive which can only be accessed by specified individuals.
Customer data can be accessed only by persons in the service of the data controller and other specified persons who need the data for their work, as well as the employees of the provider of the technical platform, JMJping OY, who are responsible for the technical maintenance of the service.
Access to the premises of the data controller is limited with personal access rights, which are granted only at the request of the organization’s named contact person(s). Access rights to the premises are for the employee’s own area of operation in the organization’s premises and in the rights to use the master key. Master key rights are possessed by the security firm, the rescue department’s key, the representatives of the property’s owners, and the maintenance firms. No other entities have access to the organization’s premises.
Persons who process personal data have been trained to use the data safely and ethically. Our personnel only see, with their own usernames and passwords, the customer data that is necessary for the execution of their work tasks.
All access to personal data is monitored in accordance with good practices. The data is protected technically with a firewall. The connection between the user and the server is protected with an SSL certificate.
Maintenance of the Timberwise servers has been outsourced to JMJPing Oy. The servers are located in Finland and they are protected with a firewall as well as a virus prevention program. JMJPing Oy operates as a processor of personal data in accordance with the EU General Data Protection Regulation.
- Right of inspection and right to demand rectification of data
Every person in the register has the right to inspect his or her data saved in the register and to demand the rectification of possible erroneous data or the supplementation of incomplete data. If the person wants to inspect the data saved about him or her or demand its correction, a request should be sent by e-mail to the data controller at the address tietosuoja[a]timberwise.fi. If necessary, the data controller can request the presenter of the request to prove their identity, for example in a situation where the request arrives from an e-mail address that is different from the e-mail address recorded for the person in the Timberwise Oy register. The data controller shall reply to the customer in the time defined in the EU GDPR (usually within a month).
- Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data concerning him or her from the register (‘the right to be forgotten’). The data subject also has other rights in accordance with the EU GDPR such as the restriction of processing of personal data in certain situations. Requests should be sent by e-mail to the data controller at the address tietosuoja[a]timberwise.fi. If necessary, the data controller can request the presenter of the request to prove their identity, for example in a situation where the request arrives from an e-mail address that is different from the e-mail address recorded for the person in the Timberwise Oy register. The data controller shall reply to the customer in the time defined in the EU GDPR (usually within a month).
- Right to change the data protection policy
We reserve the right to change the data protection policy due to development of services or a change in legislation. Notable changes to the data protection policy will be communicated to registered customers in conjunction with the update.
- Contact details
In questions related to privacy, processing of data, and the data protection policy, please contact us by e-mail: tietosuoja[a]timberwise.fi