PRIVACY POLICY

Data protection policy for the Timberwise customer and stakeholder register

Your privacy is important to us, as is your knowledge of how we process your personal data. Below we describe the processing of your personal data by Timberwise Oy (1109113-9) as the data controller.

This data protection policy applies to persons who share their personal data with us either directly or indirectly, through our employees, our cooperation partners, our websites, by e-mail, by mail or through our other services.

Last updated 23 May 2018

 

Content

 

General

  1. Data controller
  2. Person responsible for the register
  3. Name of the register
  4. Legal basis and purpose of the processing of personal data
  5. Data content of the register
  6. Regular sources of data
  7. Regular disclosure of data and transfer of data outside of the EU or EEA
  8. Principles of register protection
  9. Right of inspection and right to demand rectification of data
  10. Other rights related to the processing of personal data
  11. Right to change the data protection policy
  12. Contact details

 

General

Timberwise Oy is committed to fulfilling the EU General Data Protection Regulation, which is applied starting 25 May 2018 in all EU member states.

With this data protection policy, we are informing natural persons about the processing of their personal data. The customer has to accept the terms and conditions of this data protection policy in order for us to be able to add the person to the Timberwise Oy customer and stakeholder register.

 

  1. Data controller

Timberwise Oy (Business ID: 1109113-9)

Juvantie 99, PO Box 222, FI-32201, Loimaa, Finland

Tel. +358 2 763 6420

 

  1. Person responsible for the register

Laura Lankinen

Brand manager

Juvantie 99, PO Box 222, FI-32201, Loimaa, Finland

Tel. +358 50 516 9221

 

  1. Name of the register

Timberwise Oy customer and stakeholder register

 

  1. Legal basis and purpose of the processing of personal data

According to the EU General Data Protection Regulation, the legal basis for the processing of personal data is the person’s consent (documented, voluntary, individualised, conscious, and unequivocal) to a contract to which the customer is a party. The customer’s personal data may only be used to fulfil the conditions of the contract.

The data is not used for automatic decision-making or profiling, and the data is not disclosed to third parties.

 

  • The personal data is used:
  • For the maintenance of the customer relationship
  • For the development of the operations, services, and products of Timberwise Oy
  • For improving the customer experience
  • For marketing and sales
  • For communications
  • For delivery of goods
  • For purposes of analytics and statistics
  • The personal data in the register is also used in Koodiviidakko Oy’s Postiviidakko newsletter editor. Koodiviidakko Oy operates as a processor of personal data in accordance with the EU General Data Protection Regulation.

 

  1. Data content of the register

Timberwise Oy’s customer and stakeholder register contains the following data related to natural persons:

 

  • Name
  • E-mail
  • Phone number
  • Address information
  • Company

 

  1. Regular sources of data

The main source of data is users themselves. The contact persons for companies may also request the data controller to add other contact persons to the register for the company for the purposes of receiving communications related to Timberwise Oy. In these cases, a confirmation e-mail is sent to the added persons, through which they must accept this data protection policy and the addition of their data to the register. If acceptance does not happen within a month, the data of the person added to the register will be removed.

At a customer’s request, data about him or her can be removed from the Timberwise Oy system. The removal is permanent, and we cannot recover deleted personal data.

We retain personal data only for the necessary period of time, so that we can fulfil the purposes of use described in this policy. The legislation sets obligations for the longer-term retention of some of the data, such as for the following purposes:

  • The Accounting Act specifies longer retention times for data regardless of whether the material contains personal data or not
  • Making of sufficient backup copies from databases and systems in order to secure the data, to repair fault situations, and to ensure data security and continuity
  • In order to realise other Timberwise Oy responsibilities and to demonstrate their appropriate realisation

 

  1. Cookies on the website

The Timberwise Oy website uses cookies in order to facilitate development of the site to better serve customers. Cookies are small text files that the web browser saves on the user’s terminal equipment. Cookies give information about how users use the website. The information can be utilised in the development of services, products, and websites, in the analysis of the website’s use, and in order to target and optimise marketing.

The user of the website can give consent to or disable the use of cookies via the settings in the web browser. Most web browsers allow cookies automatically. Please note that disabling cookies may limit the functionality of our website.

 

  1. Regular disclosure of data and transfer of data outside of the EU or EEA

Data may be disclosed in a way stipulated by the requirements of the competent authorities or other entities and based on the valid legislation. For example, auditors have access to the system containing personal data when performing an audit.

The data may be published for the parts that have been agreed on with the person. For example, the information of Timberwise Oy’s staff members is published on the company’s website: https://timberwise.fi/yhteystiedot/.

Data is not regularly transferred outside of the area of the European Union member states or the European Economic Area unless it is necessary for the above purposes of the processing of personal data or the realisation of the technical processing of the data, in which case the requirements of the Personal Data Act shall be fulfilled in the transfer of the data.

Without limitation to the above, when carrying out commissions outside of the EU or EEA, data also may be transferred in the scope required by the commission outside of the area of the European Union member states or the European Economic Area.

 

  1. Principles of register protection

In the processing of the register, care is taken and the data processed with the aid of information systems is protected appropriately. When register data is stored on internet servers, the digital and physical data security of the equipment is appropriately attended to. Paper documents can be found in an appropriately locked archive which can only be accessed by specified individuals.

Customer data can be accessed only by persons in the service of the data controller and other specified persons who need the data for their work, as well as the employees of the provider of the technical platform, JMJping OY, who are responsible for the technical maintenance of the service.

Access to the premises of the data controller is limited with personal access rights, which are granted only at the request of the organisation’s named contact person(s). Access rights to the premises are for the employee’s own area of operation in the organisation’s premises and in the rights to use the master key. Master key rights are possessed by the security firm, the rescue department’s key, the representatives of the property’s owners, and the maintenance firms. No other entities have access to the organisation’s premises.

Persons who process personal data have been trained to use the data safely and ethically. Our personnel only see, with their own usernames and passwords, the customer data that is necessary for the execution of their work tasks.

All access to personal data is monitored in accordance with good practices. The data is protected technically with a firewall. The connection between the user and the server is protected with an SSL certificate.

Maintenance of the Timberwise servers has been outsourced to JMJping Oy. The servers are located in Finland and they are protected with a firewall as well as a virus prevention program. JMJPing Oy operates as a processor of personal data in accordance with the EU General Data Protection Regulation.

 

  1. Right of inspection and right to demand rectification of data

Every person in the register has the right to inspect his or her data saved in the register and to demand the rectification of possible erroneous data or the supplementation of incomplete data. If the person wants to inspect the data saved about him or her or demand its correction, a request should be sent by e-mail to the data controller at the address tietosuoja[a]timberwise.fi. If necessary, the data controller can request the presenter of the request to prove their identity, for example in a situation where the request arrives from an e-mail address that is different from the e-mail address recorded for the person in the Timberwise Oy register. The data controller shall reply to the customer in the time defined in the EU GDPR (usually within a month).

 

  1. Other rights related to the processing of personal data

A person in the register has the right to request the removal of personal data concerning him or her from the register (‘the right to be forgotten’). The data subject also has other rights in accordance with the EU GDPR such as the restriction of processing of personal data in certain situations. Requests should be sent by e-mail to the data controller at the address tietosuoja[a]timberwise.fi. If necessary, the data controller can request the presenter of the request to prove their identity, for example in a situation where the request arrives from an e-mail address that is different from the e-mail address recorded for the person in the Timberwise Oy register. The data controller shall reply to the customer in the time defined in the EU GDPR (usually within a month).

 

  1. Right to change the data protection policy

We reserve the right to change the data protection policy due to development of services or a change in legislation. Notable changes to the data protection policy will be communicated to registered customers in conjunction with the update.

 

  1. Contact details

In questions related to privacy, processing of data, and the data protection policy, please contact us by e-mail: tietosuoja[a]timberwise.fi