Privacy notice and description of data file
This document is Bronto Skylift Oy Ab’s privacy notice and description of data file pursuant to the Finnish Personal Data Act (Sections 10 and 24) and the EU’s General Data Protection Regulation (GDPR). Created 23.5.2018. Latest amendment 23.5.2018.
1. Controller
Bronto Skylift Oy Ab, Teerivuorenkatu 28, 33300 Tampere
2. Contact person responsible for the data file
Johanna Kulmala, privacy@brontoskylift.com, +358 20 7927 331
3. Name of data file
Marketing register
4. Legal basis and purpose of the processing of personal data
Pursuant to the EU’s General Data Protection Regulation, the legal basis for the processing of personal data is the controller’s legitimate interest.
The purpose of the processing of personal data is to carry our marketing communication with existing and potential customers and partners by sending e.g. newsletters, invitations and making surveys.
The data will not be used in individual level for automated decision-making or profiling.
5. Contents of the data file
The data file is used for processing data of existing and potential customers and partners.
The data saved in the data file includes the person’s name, position, company/organisation, contact information (telephone number, email address, address), website addresses and IP address.
The data is stored until we receive the information that the person is no longer in the related company, has changed to another position or otherwise the purpose on communication is no longer relevant. The person is always entitled to refuse to receive marketing communication from Bronto Skylift, but we will reserve right to store the data to efficiently prevent any further marketing communication. The person is entitled to request his/her data to be totally removed from the register. This is to be done in writing to privacy@brontoskylift.com.
6. Regular data sources
The data stored in the data file are received from the customer by means of messages sent via web forms, email, telephone, social media services, contracts, customer meetings and other situations during which the customer hands over their information.
7. Regular disclosures and transfers of data outside of the EU and EEA
The data is not regularly disclosed to other parties. Data may be disclosed to the extent agreed with the customer.
Data may be transferred within the concern also outside of the EU or EEA by the controller.
8. Principles for the protection of the data file
The data file is processed with care and information systems are employed in order to protect the processed data appropriately. When data is stored on servers connected to the Internet, their physical and digital data security is appropriately ensured. The controller ensures that the stored data, the server access credentials and other information that is critical in terms of the security of personal data is processed confidentially and only by those employees whose job description requires it.
9. Right of inspection and right to request rectification
Every person in the data file has the right to inspect their data in the file and to request that any inaccurate data be rectified or incomplete data be completed. If a person wishes to inspect the data stored regarding them or request a rectification, the request must be submitted in writing to the controller (privacy@brontoskylift.com). If necessary, the controller may require the requesting person to verify their identity. The controller will reply to the customer within the time specified in the GDPR (as a rule, within one month).
10. Other rights related to the processing of personal data
A person included in the data file has the right to request the erasure of their personal data from the data file (the “right to be forgotten”). Similarly, the data subjects have the other rights provided by the EU GDPR, such as the right to restriction of processing of personal data under specific conditions. Any requests must be submitted in writing to the controller (privacy@brontoskylift.com). If necessary, the controller may require the requesting person to verify their identity. The controller will reply to the customer within the time specified in the GDPR (as a rule, within one month).