SKS Group

SKSGroup's Customer and Stakeholder Privacy Policy Statement

SKSGroup's customer and stakeholder privacy policy statement
(Privacy policy in accordance with section 10, 24 of the Personal Data Act, 523/99)
May 23rd 2018

1. Controller
SKS Mekaniikka Oy
VAT: 1107282-7
Martinkyläntie 50
FI-01720, Vantaa, Finland
tel. +358 (0)20 764 61
(later "SKSGroup")

2. Contact person in matters concerning the register:
SKS Mekaniikka Oy
Marketing and Communications Department
tel. +358 (0)20 764 61
sksgroup@sks.fi

3. Name of the register
SKSGroup's register of customers and stakeholders

4. The purpose for processing personal data

The purpose for processing personal data includes the management of the customer relationship, the targeting of advertising, direct marketing and online marketing, research activities and the business development. The principle for processing personal data is SKSGroup's legitimate interest based on customer relationship and/or other businesslike connection and/or possible approval given by the registered person. Subcontractors are utilized in the processing of personal data by using servers and services provided by them. We do not disclose personal data to third parties for marketing or other purposes without a permission of the registered person.

5. The register can contain the following customer information:
- First name and last name
- The person's job title (not of all individuals)
- E-mail address
- Mobile and/or other phone number
- Organisation and position
- Organisation's address details
- Permissions or forbiddances of direct marketing
- Information regarding marketing and sales promotion
- Information regarding the management of customer relationship and communication

6. Regular sources of information
The register is compiled of SKSGroup's CRM system, publicly available internet sources, information obtained from customers during commercial projects, and any other public sources. Personal data is also gathered from the customers when using services such as newsletter subscription and/or when taking part in campaigns, exhibitions and events. Personal data can also be gathered from companies providing services regarding personal data, such as Fonecta.

7. Regular disclosures of information
The controller will not disclose customers' personal data to outside parties, except when actions by Finnish authorities so require.

8. Transferring information outside EU or ETA
No personal data will be transferred outside of the European Union or the European Economic Area.

9. Retaining and removing data and the right for controlling personal data
Personal data is retained as long as it is necessary for the purpose of using such data, such as during a customer relationship. The necessity of retaining personal data is assessed regularly by taking the current legislation into account. The registered person has the right to control his/her personal data which has been saved into the register. The request for controlling the personal data needs to be sent to the register's contact person. Simultaneously, the registered person needs to verify his/her identity. The personal data may be deleted by the individual's demand or due to the ending of a customer relationship.

10. The forbiddance of direct marketing and the right to demand the correction of information
The registered person has the right to deny the processing of personal data for the purposes of direct marketing by contacting the contact person responsible for the register. The registered person also has the right to ask for a correction to any incomplete data or misinformation concerning his/her personal data. The controller is liable for correcting the data as soon as possible. The request for correcting the data needs to be sent to the contact person of the register.

11. Principles for protecting the register
All personal data is stored confidentially in the CRM system. The access rights to the system are given only to those employees who need this personal data for performing their work tasks. The system requires a login with a personal username. The information network of the controller and its information technology partners, if any, and the equipment where the register is located are protected with a firewall and by other necessary technical measures.