This is a statement on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).
Data controller
Reprovet Oy
Business ID: 2822063-8
Address: Peuraniitty 5 A 17, 02750 Espoo
Email: [email protected]
Contact regarding data protection matters
In all questions related to the processing of personal data and in situations involving the exercise of one’s own rights, the data subject must contact the data controller in writing by sending an email to customer service at [email protected].
Basis and purpose of processing personal data
The legal basis for processing personal data is the consent given by the data subject, the contractual relationship between the data subject and the data controller, the fulfilment of the data controller’s statutory obligations, and the data controller’s legitimate interest based on the customer relationship between the data subject and the data controller. The purposes of processing personal data include marketing and the maintenance of customer relationships and partnerships.
Personal data processed
The data controller collects only such personal data about data subjects that are relevant and necessary for the purposes described in this privacy notice. The following data are processed about data subjects:
- first and last name
- contact details (postal address, email address, phone numbers)
- direct marketing choices and consents
- communications targeted at you and related activity
- call recordings and customer-service-related email and online conversations
- cookies and other technical identifiers
- security-related and other technical log data
Disclosure of personal data
Personal data are not disclosed to outside parties unless required by law. Data may therefore, exceptionally, be disclosed for example to authorities at the requirement of law.
Transfers of personal data to third countries
As a rule, personal data are not transferred outside the EU and the European Economic Area. If, for a special reason, this is nevertheless done, the transfer is carried out in accordance with an adequacy decision on data protection issued by the European Commission.
Protection of personal data
The data controller processes personal data in a manner that seeks to ensure the appropriate security of the personal data, including protection against unauthorised processing and against accidental loss, destruction or damage. The data controller uses appropriate technical and organisational safeguards, including the use of firewalls, encryption technologies and secure equipment facilities, appropriate access control, and instruction of personnel. All employees who process personal data have a duty of confidentiality.
Data retention period
We process your personal data for as long as we have a valid basis described in this privacy notice for processing the data, and for a reasonable time thereafter. The data controller may be obliged to process some personal data for longer than stated above in order to comply with legislation or official requirements.
Rights of the data subject
The data subject has the right to access the personal data, the right to rectification and erasure of the data, the right to restriction of processing, the right to object, the right to withdraw consent, the right to data portability from one system to another, and the right to lodge a complaint with the supervisory authority. The national supervisory authority for personal data matters is the Office of the Data Protection Ombudsman.
Changes to the privacy practices
The data controller continuously develops its operations and may, as a result, need to change and update its privacy practices as necessary. Changes may also be based on changes in data protection legislation.