Privacy Policy
Last updated 29.10.2024
Controller
Leanmec Oy (2800086-2)
Kairiskulmantie 12
20760 Piispanristi
Finland
Contact person for matters concerning the register
Mika Lehtiƶ
+358 50 545 8529
mika.lehtio@leanmec.fi
Legal basis for processing
Legitimate interest
Purpose of processing personal data
The purpose of the register is the company’s business, the opening of new customer relationships and related communication.
The processing is based on legitimate interest.
The data obtained will be used to establish and maintain customer relationships and for other business needs of the company.
Legitimate interest criterion
The controller needs to process personal data in order to carry out its business tasks. The processing of personal data in this context cannot necessarily be justified by a legal obligation or a contract with an individual.
The controller has assessed that the legitimate interest does not result in serious harm to the rights and freedoms of the individuals concerned (data subjects).
The categories of personal data concerned are
Name, entity represented by the data subject, telephone, email, expression of interest/other initiative by the data subject.
Recipients and categories of recipients
Leanmec Ltd. employees.
Data content of the register
The personal register contains the following information:
- First name and surname of the person
- First name and surname First name and surname
- E-mail address
- Mailing address
- Telephone number
- Details of previous subscriptions
- Information on customer negotiations
Regular sources of information
Information is obtained from emails received from the customer, business cards, telephone or physical encounters. Data may also be obtained from other stakeholders, e.g. through mass media, marketing, website contact form, etc.
Information will not be disclosed outside the company or to its partners, except in connection with credit application, collection or billing, and where required by law.
The personal data of the data subject will be deleted at the request of the user, unless the deletion is prevented by law, the manageability of the customer relationship, outstanding invoices or recovery operations.
Retention period of personal data
The data will be stored for a period of 2 years, after which the processed data will be destroyed in a secure manner.
Regular disclosures of data
The data in the register are only available to the company and its staff, except when using an external service provider, either to provide a value-added service or to support a credit decision.
The personal data of the data subject will be destroyed at the request of the user, unless the deletion of the data is prevented by law, the manageability of the customer relationship, outstanding invoices or recovery measures.
Transfer of data outside the EU or EEA
Personal data will not be transferred outside the European Union.
Principles for the protection of the register A: Manual data
Manually processed documents containing customer data (e.g. printed e-mails or their attachments, printed web forms or similar) are stored in locked and fire-proof storage facilities after initial processing. Only designated employees who have signed a confidentiality undertaking are authorised to process manually stored customer data.
Principles for the protection of the register B: Electronic data
Only designated employees of the company and of companies acting on its behalf are authorised to access, for example, workstations with software capable of maintaining data on potential customers. Each designated user has his/her own personal user name and password. Each user has signed a confidentiality undertaking. The system is protected by a firewall which protects external access to the system and the workstations with appropriate security software.
Your rights
You have the right to object at any time to our use of your personal data for direct marketing purposes by using the opt-out facility provided in marketing and newsletter communications or by informing the controller.
Automated processing and profiling
There is no automatic processing of data.
Right of access, i.e. the right of access to personal data.
The data subject has the right to check what information about him or her is held in the register. The request for inspection must be made from an identifiable e-mail address by contacting the company’s customer service or the contact person of the register in Finnish or English.
Data subjects have the right to object to the processing and disclosure of their data for the purposes of direct marketing, distance and direct selling, market research and public opinion polling by contacting the company’s customer service desk.
The right to transfer data from one system to another
You have the right to transfer any data we may hold to another system.
Right to request correction of data
Personal data in the register which is inaccurate, unnecessary, incomplete or out of date for the purposes of processing must be corrected, deleted or completed.
The request must specify what data are required to be corrected and on what basis. The rectification shall be carried out without delay.
The person from whom or to whom the inaccurate data were obtained or disclosed shall be informed of the correction. Where a request for correction is refused, the person responsible for the register shall issue a written certificate stating the reasons for the refusal. The person concerned may refer the refusal to the Data Protection Officer.
Right of restriction
The data subject has the right to request personal data concerning him or her and the right to request the rectification or erasure of personal data or restriction of processing. Such requests may be addressed to the contact person of the register.
If you are the contact person of a company or organisation, your data cannot be deleted during this period.
Right to object
You have the right to request personal data concerning you and you have the right to request the rectification or erasure of personal data or restriction of processing.
Right to lodge a complaint with a supervisory authority
If you believe that the processing of personal data concerning you has infringed the GDPR, you have the right to lodge a complaint with a supervisory authority. You can also lodge a complaint in the Member State where you have your habitual residence or place of work.
The contact details of the national supervisory authority are:
Office of the Data Protection Ombudsman
P.O. Box 800, Ratapihantie 9, 00521 Helsinki, Finland
tel 029 56 66700
tietosuoja@om.fi
www.tietosuoja.fi
Other rights related to the processing of personal data
Data subjects have the right to object to the disclosure and processing of their data for direct marketing and other marketing purposes, to request that their data be made anonymous where applicable, and to be completely forgotten.