Privacy policy
1. Registrar
Rockroth Oy
In matters concerning the register, contact person:
Andreas Stenroth
andreas.stenroth(at)rockroth.com
+358 40 487 2590
2. Registered
Rockroth Oy's customers, potential customers who have requested a quote for our services, and Rockroth Oy's newsletter subscribers. Website Users.
3. Purpose of use of personal data
Customers' personal data is processed in order to handle orders and commissions, in connection with the marketing of products and services, development of services, customer surveys, contacts, invoicing, collection, reporting and other measures related to customer management.
4. Legal basis for personal data processing
The controller processes personal data on the basis of an agreement with the customer in order to implement the agreement or take measures prior to the agreement. The processing of personal data for managing the customer relationship and for marketing purposes is possible based on the legitimate interest of the data controller under the customer relationship.
5. Personal data to be stored in the register
Name
The company and its contact information
Address
Telephone number
Task/role
Information about purchased products/services
IP address
6. Regular sources of information
Customer information is regularly received from the customer himself.
7. Regular disclosures of information
Information is not disclosed outside of Rockroth Oy for marketing purposes.
8. Duration of processing
As a general rule, personal data is processed for two years from the sending of the last offer or invoice.
The registrant can unsubscribe from our marketing list via the link in each of our marketing e-mails.
Website visitor information is processed for two years
It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.
9. Data transfer outside the EU
Rockroth Oy uses Google Drive, Dropbox cloud services. In this case, it is possible that personal data will be processed outside the EU/EEA area.
Google LLC privacy statement, Dropbox Inc privacy statement, EU-U.S. Within the framework of the Privacy Shield program, so data transfer is legal in accordance with the EU General Data Protection Regulation and the level of data protection is ensured: EU-U.S. Privacy Shield Program
Google LLC encrypts the data, no matter where it is in its possession. Among other things, Dropbox uses two-step verification and file encryption, as well as an alert when a new device or application is connected to the user's account.
10. Automatic decision-making and profiling
We do not use the data for automatic decision-making or profiling.
11. Basics of register protection
Personal information is kept confidential. The electronic registers are protected by a firewall, usernames and passwords. Rockroth Oy uses SSL encryption (Secure Sockets Layer). SSL encryption (https) is designed to make the transmitted data unreadable by anyone other than us.
Personal information on paper is kept in a locked room with smoke alarms.
12. Cookies
What is a cookie?
The controller uses cookies ("cookie") on its website. A cookie is a small text file that the internet browser saves on the user's device.
Use of cookies on the website
The controller uses both session-specific, deleteable cookies and cookies stored in the user's browser on its website. Session-specific cookies remain in the user's browser memory only for as long as the browser is open. The purpose of stored cookies is to identify the user's browser for the user's next visit to the website. In addition, the controller uses cookies to track visitor traffic on its website and to make its service even more user-friendly, safer and smoother. The controller also uses the Google Analytics web analysis service, the Facebook Custom Audience Pixel service, the Hotjar screen behavior recording service and Tawk.to live chat to implement the data collection functions of the controller using cookies on its website. Cookies collected through Google Analytics and Facebook are stored on the servers of the respective service provider, which may be located outside the European Union. Hotjar and Tawk.to store data on servers in the EU region.
Preventing the use of cookies
The user can define in their browser settings whether the user wants to accept or deny the use of cookies. The user can also define the browser setting to notify the use of cookies on websites, in which case the user can accept the use of cookies on a case-by-case basis. If the user blocks the use of cookies, this may affect the functionality of the controller's website.
13. Rights of the data subject
The registrant has the following rights, requests for the use of which should be made to the address: andreas.stenroth(at)rockroth.com
Right of inspection
The registered person can check the personal data we have stored.
Right to rectification of data
The registered person can ask to correct incorrect or incomplete information about him.
Right to object
The registered person can object to the processing of personal data if he feels that the personal data has been processed unlawfully.
Ban on direct marketing
The registrant has the right to prohibit the use of data for direct marketing.
Right of deletion
The registered person has the right to request the deletion of data if data processing is not necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted.
Withdrawal of consent
If the processing of the data subject's personal data is based only on consent, and not on e.g. customership or membership, the data subject can withdraw the consent.
The registered person can appeal the decision to the Data Protection Commissioner
The registered person has the right to demand that we limit the processing of disputed data until the matter is resolved.
Right of appeal
The registered person has the right to file a complaint with the data protection commissioner if he feels that we violate the current data protection legislation when processing personal data.
Contact information of the data protection officer: www.tietosuoja.fi/fi/index/yhteystiedot.html