Privacy policy statement

Privacy policy and data register statement

This is the privacy policy of Tilamar Oy as required by the Personal Data Act (10 and 24 §) and the EU General Data Protection Regulation (GDPR). Composed on 9.10.2019.

In this privacy policy we describe what kind of personal information we can collect from you, when you order our services or contact Tilamar Oy through our website, as well as for what kind of purposes this information can be used. When using the website, you accept the usage of your personal information as described in this privacy policy.

We may change this privacy policy by publishing a new version of it on our website, so please check it regularly. After the publishing of an updated privacy policy, using the website and services related to it is seen as accepting the altered terms.

1. Data controller

Tilamar Oy
Takasenkatu 41
08150 Lohja

2. Contact person responsible for data register

Tiia Vierimaa, etunimi.sukunimi@tilamar.fi, +358 41 434 8945

3. Name of data register

Tilamar Oy / customer- and marketing register

4. Legal basis and the purpose of processing personal data

Personal data is used according to the Personal Data Act for purposes such as

• Customer relationship management
• Newsletters and press releases
• Customer surveys and collecting customer information
• The execution, sales, management, billing, marketing or development of products and services (“Service”) by Tilamar Oy or its partners.
• Tilamar Oy has the right to use or give information in the register for justified purposes (such as opinion polls or market surveys) according to the Personal Data Act and other applicable legislation.

5. Contents of the data register

• Classifying information given by persons (such as interests)
• IP-address or other identifiers
• Customer feedback
• Ordering, billing or delivery information
• Information collected with cookies
• Information collected through Social Media Channels
• Other information collected with the consent of the customer
• Information collected through our online service
• Company name and/or persons first or last name, address, email address, phone number, classifying information available publicly, and information on marketing permissions and blocks

6. Regular source of data

Data processed in the register is received from the customer through i.a. messages sent through online forms, email, phone, social media services, contracts, customer meetings and other situations where the customer gives information. The information is automatically transferred to the register, when a user gives information to Tilamar Oy when using www.tilamar.fi service.

7. How long we process your personal data

We don’t process information longer than necessary for its usage purpose or as is required by the agreement or legislation. The retention time of personal data can change based on the usage purpose or situation. The retention time of personal information may also be based on legislation such as the Accounting Act. We aspire to update your data when needed. Unnecessary information will be removed.

8. Regular disclosing of personal data

For direct marketing purposes as described in Personal Data Act 19§. For opinion polls, market surveys or similar studies.

9. Data disclosure

To provide you the Service in the best way possible, we may disclose information to companies in the same corporation or to our partners, who process your information only in the scope required by Service. Our partners will not use your information for other purposes or disclose data for third parties. Tilamar Oy can disclose data according to limits permitted by active legislation. Data can be disclosed outside of EU and ETA areas i.e. to enable maintenance and processing of data by our subcontractors. Our partners will not use your information for other purposes or disclose data for third parties. Tilamar Oy can disclose data according to limits permitted by active legislation. Data can be disclosed outside of EU and ETA areas i.e. to enable maintenance and processing of data by our subcontractors.

10. Protecting the data register

Processing data in the register is done with utmost care and data handled by information systems is protected appropriately. When data is stored on online servers, the physical and digital information security of the equipment is taken care of appropriately. The data controller ensures that stored information and usage rights of the servers and other critical information for security of personal data is handled confidentially and only by employees whose tasks require it.

11. Cookies

Cookies are small text files that are automatically stored on the computer or device of the user when visited different websites. Our website utilizes cookies so that we can provide our service with quality and as user-friendly as possible.

Our website utilizes Google Analytics software (“Software”) to collect statistics on the websites users to improve the quality of the online service. Software store data i.e. on which pages you visit, how long you stay on the website, what website you came from and what links you click.

If you do not want the online service to receive information through cookies, you can deny cookies (most browsers enable the disabling of cookies). Note that the online service might not work optimally without cookies.

12. Right to request access and right to request correction of data

Every person in the data register has the right to request their data stored in the register and to request correction of incorrect data or incomplete data. Request right is free of charge once per year. If a person wants to inspect the information stored on them or demand correction to them, the request must be sent to data controller in writing. The data controller can ask the requester to prove their identity. Data controller will respond in the time frame set by General Data Protection Regulation (mainly in a calendar month).

Data controller will unprompted or per request remove, correct or complete information that is incorrect, unnecessary, incomplete or outdated. Correction request must be made in writing.

13. Other rights related to the processing of personal data

Persons in the data register have a right to request the removal of their personal data from the register (“right to be forgotten”). Likewise persons have otherrights indicated by the EU General Data Protection Act such as the limitation of the usage of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller can ask the requester to prove their identity. Data controller will respond in the time frame set by General Data Protection Regulation (mainly in a calendar month).