Privacy policy - Riitek Oy

Privacy policy of the customer register

1 Controller
Riitek Oy
Palomäentie 42 & Taitotie 18
58500 Punkaharju
Business ID 2121195-8

2 Data Protection Officer
Topi Palsa
topi.palsa@riitek.fi

4 Name of the register
The name of the register is the customer register

5 Purpose and legal basis for processing personal data
Personal data are collected for a specified, explicit and legitimate purpose, in order to fulfil contractual obligations in a customer relationship. Personal data is collected in accordance with this Privacy Policy and will not be used, modified or transferred in any way other than as set out in this Privacy Policy.

6 Contents of the register
The register contains information provided to the controller by the controller’s customers.

7 Cookies
The controller’s website uses a third-party website analytics and marketing system (Google Analytics). This system collects information about visitors by means of cookies, which is not used to identify individual users, but to develop the website and services. Google Analytics transmits and stores the data on its own server.

8 Regular data sources
The register collects data from the data subject and from sources of customers and stakeholders. In addition, the register collects information from public sources, such as contact details of organisations on websites or address registers.

9 Regular data disclosures
Necessary customer data may be disclosed to public authorities for lawful purposes. The controller does not disclose data to third parties or automatically to other partners. In individual cases, the controller will disclose customer data to a designated party if the party concerned requests the controller to do so or if a legally binding authority requires the controller to disclose individually identifiable information from a database held by the controller.

10 Transfer of data to a third country or international organisation
Riitek Oy may disclose customer data within the limits permitted and required by applicable law.

11 Right of inspection
The data subject has the right to inspect the data concerning him or her that have been recorded in the register. In addition, the data subject has the right of access to the data relating to him or her and to the data contained in the records, provided that he or she makes a sufficiently precise and specific request for access. The request for inspection must be made in writing, signed and addressed to the contact person of the controller, together with a copy of the photo identification document.

12 Right to request rectification and erasure
The controller must correct inaccurate information in the personal data register pointed out by the data subject. The controller also has an obligation, through his or her own activities, to check the accuracy and timeliness of the data in the register. The data subject may also request the controller to delete data concerning him or her from the register. The Data Protection Officer will be in charge of the processing of the measure.

13 Other rights relating to the processing of personal data
The data subject has the right to request the restriction of the processing of personal data. The data subject also has the right to receive the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used and machine-readable format and the right to transmit such data to another controller. In addition, the data subject has the right to object to processing, automated decision-making and profiling.

14 Deletion of data and retention period
The controller will delete the customer’s data from the register when there is no longer a business or legal justification for processing the data or if the data subject himself/herself requests the controller to delete the data concerning him/her on the basis of the law.

Personal data will be deleted when there is no longer a reason to process or store the data. However, data will not be deleted if the law provides otherwise, or if a competent authority has initiated proceedings requiring the controller to retain the data, or if another party has applied to Finnish law for a data protection order.

15 Approval of the Privacy Policy
This Privacy Policy has been approved on an ongoing basis and reviewed on 13.9.2022.