Kylmin Oy (Business ID: 0983306-8)
Hereinafter referred to as the Company in this statement
Person responsible for data protection and/or contact person and requests
Name of the Register
Kylmin Oy customer and marketing register
Collected Personal Data
We collect personal data necessary for the management of customer relationships, such as the customer's name and contact information, as well as user information for the service. We collect personal data from the data subject themselves and from other publicly available registers maintained by authorities and other external sources, such as the trade register or similar public business registers. In addition, we collect information provided by individuals who fill out contact forms and use them for the purposes mentioned above related to the management of customer relationships.
Purpose of Processing Personal Data and Legal Basis
We process personal data within the limits permitted by applicable law for the purposes of testing the online service, managing customer relationships, and informing and advising about services. We may use the data subject's information for the collection and analysis of user statistics. The collected data may also be used for marketing communication. The processing of personal data for marketing communication is based on the data subject's consent through the contact form. Direct marketing will be discontinued upon the customer's request. The processing of personal data may be necessary for the legitimate interests of the Company and the data subject in maintaining customer relationships, marketing, service, and customer analysis, as well as service testing. Marketing purposes may involve profiling. In such cases, the data subject has the right to object to the processing of personal data.
Processors of Personal Data
Access to personal data is only granted to individuals responsible for the management of customer relationships and marketing.
Personal data is not disclosed to third parties or transferred outside the European Union or the European Economic Area, unless necessary for the technical implementation of the service. In such cases, data protection laws and other necessary security measures are followed.
We protect personal data with appropriate technical and organizational methods. Data is collected into databases that are protected by firewalls, passwords, and other technical security measures. Databases and their backups are located in locked and guarded premises, and access to the data is limited to certain pre-designated individuals.
Retention Period and Deletion of Personal Data
Personal data is retained for as long as it is needed for the purpose for which it was collected and processed, or for the fulfillment of a contract, or as long as required by law and regulations. After this, personal data is appropriately destroyed.
Data Subject's Rights
The data subject has the following rights:
- The data subject has the right to access their personal data within the limits of trade secrets and internal assessments. A request for access must be sent in writing and signed to the contact person mentioned above, and the individual must identify themselves in a reliable manner.
- The data subject may request the correction of data if it is incomplete or inaccurate.
- The data subject may request the deletion of data when there is no legal basis or the data subject's consent for processing.
- The data subject has the right to restrict the processing of personal data if the accuracy or lawfulness of the data so requires, or based on the right to object, the data subject requests the restriction of processing for data retention purposes only.
- The data subject has the right to object to the processing of data for direct marketing purposes based on the legitimate interests of the Company.
- The data subject may request the transfer of data to another data controller if it is safe and technically feasible.
- The data subject should send requests related to their rights in writing or by email using the contact details provided in section 1.
The Company will respond to requests within 1 month of receiving the request unless there are specific reasons to extend the response time.