11. Visits to our website
- The processor of your data
Your data is processed by Wermundsen group of companies, which consists of:
- Wermundsen Oy
- Gistele Oy
- Kovartek Oy
- Solotop Oy
- Wexon Oy
- Wermundsen Oü
The data controller is the group’s parent company:
Turvekuja 6, 00700 Helsinki
Tel: +358 29 005 550
Tel: +358 29 005 5511
- Whose data do we process?
We process data of 1) customers, 2) potential customers, 3) representatives of our interest groups and 4) users of or services for purposes of maintaining our customer relationships and marketing our services to businesses.
- What data do we process?
We may process and store the following information::
- Contact information: telephone number, email address, address
- Job title / role
- Customer feedback and contact messages
- Information on areas of interest and profiling information
- Usage information, such as information on the use of the services – e.g., website browsing details, search information, and cookies
- Preferences related to permitting/forbidding direct marketing
- Any other information required for fulfilling the purpose of the register
- From where do we receive data?
We obtain personal data 1) from you or the company you represent, 2) in connection with using our services or concluding a contract, 3) from the Business Information System (YTJ) and Trade Register, 4) from companies that provide marketing information, 5) from telephone number and address information services, 6) and from credit information companies/registers.
- The purpose of and grounds for the processing of personal data
We process and store your personal data to enable us to enter, maintain, manage, and develop customer relationships; for customer communications; and to conduct analyses and compile statistics.
We also use personal data, in connection with selling, marketing, and reselling/representing services of our business group and other members of the group. The data may also be used for designing and further developing business operations and services of these companies.
The grounds for data processing are the data controller’s legitimate interests or an agreement pursuant to the General Data Protection Regulation (GDPR), (EU) 2016/679.
- How long will we store your data?
We will continue to process your data throughout the duration of the customer agreement for the management of which the data is required. After this, your data may be used for marketing and other above-mentioned purposes. We delete your data at your request or when it is no longer required for our purposes.
You have the right to withdraw permission for the use of your data for direct marketing at any time, via the cancellation option provided in connection with our direct marketing messages or by otherwise informing us to this effect.
- Your rights
You have the rights listed below. To exercise these rights, you must contact us by visiting one of our offices in person. Be prepared to verify your identity. The request must contain your name, personal identity code, street address, and telephone number, along with information on the data that you want to receive.
Inspection right and right to rectification
You have the right to view the personal data pertaining to you. If you notice erroneous data or that data is missing, you can request us to rectify or complete the information.
Right to object
You have the right to object to the processing of your data if you believe that the processing is unlawful or that we do not have the right to process some of your data.
You have the right to prohibit the use of your data for direct marketing. We never sell or otherwise disclose your data to a third party in order to enable it to target direct marketing without separate and specific permission from you.
Right to delete
If you believe that the processing of some of the data concerning you is not required for our tasks, you have the right to request us to delete the data in question. We handle your request and then either delete your data or notify you of our grounds for not doing so. If you disagree with our decision, you have the right to lodge a complaint with the data protection ombudsman. Additionally, you have the right to demand that we restrict the processing of the data in question while the complaint is being processed.
Right to lodge a complaint
You have a right to lodge a complaint with the data protection ombudsman if you think that we violate applicable data protection legislation in our data processing.
- Disclosure of personal data
As a rule, we do not disclose data to outside parties without your permission.
We may, however, supply your personal data to you; the company you represent; and service providers that we use for managing our customer relationships, communications, marketing, direct marketing, and research. In such cases, the ownership of the data is not transferred to the third party, and said party does not have the right to use your data for a purpose other than the assignment agreed upon with Wermundsen.
We always ensure that our service providers comply with legislation on data protection.
- Transfer of personal data outside the EU
We do not transfer your data outside the EU, and we also ensure that our service providers do not transfer your data outside the EEA without written consent from you. An exception is the US-based Google Analytics service. Except in this connection, personal data are not transferred to any other non EEA country.
- Data-register protection policy
We process your data in line with good processing practices in collaboration with our service providers.
We ensure that access rights to the service are granted to only the persons responsible for the service who require it for their duties.
By signing an agreement with the service provider, we ensure that:
- The service provider processes data by using operative, administrative, physical, and technical measures that are in line with good data protection practices.
- The service provider’s hardware on which the data file is located is protected by a firewall and other necessary technical means (including protection against malware and other attacks).
- The service provider keeps a record of its data-processing operations and limits access to data to those employees who have received the required authorization and training and who require the data for a specific purpose.
- A databank has been prepared for us and is kept separate from the service provider’s other customer-data databanks.
- Visits to our website
For analysis related to our website, we use the Google Analytics service, which utilises cookies to collect and save information on your visit, including the time of the visit, the pages visited, the time spent on each page, your IP address, and browser-provided details on the operating system used for the visit. Your personal data will not be linked to the browsing information.
You have the right to prohibit the use of your data for direct marketing via the cancellation option provided in connection with our marketing and newsletter messages or by otherwise informing us of this wish.