Customer and Marketing Register
1. Data controller
Alupro Ltd (Business ID: 2055501-1)
FI-04360 Tuusula, Finland
2. Data subjects
- customers (contact persons)
- users of the website.
3. Purpose and grounds for processing personal data
|Data subjects||Purpose for processing||Grounds for processing|
|Customers (contact persons)||In order to make contacting possible and to maintain customer relationship for customer service purposes||Legitimate interest of the Controller|
|Prospects and users of the website||Contact and newsletter subscription requests made through the website||Legitimate interest of the Controller|
4. Data to be stored in the Register
The following data may be stored in the Register:
|Information||Customer||Prospect / user of the website||Purpose|
|Email address||✔️||✔️||Contacting / targeting marketing|
|Employer/company||✔️||✔️||Managing customer relationship / targeting marketing|
|Role/title||✔️||✔️||Managing customer relationship / targeting marketing|
|IP address||✔️||Targeting marketing|
5. Duration of processing
As a general rule, personal data is processed as long as the customer agreement for which we need the data is valid. Data is entered as it is received from data subjects themselves and updated as per updates sent by data subjects to the Controller.If you wish to stop receiving our email marketing messages, you may remove yourself from the mailing list by clicking the exit link included in each of the emails.
6. Your rights
You have the following rights, and if you would like to exercise any of these, please contact us at .
Right of access
You have the right of access to personal data which has been collected concerning you. If you notice any errors or inaccurate information concerning you, you may ask us to rectify or complete it.
Right to object
If you feel that we have processed your personal data unlawfully or that we do not have the right to process some of your personal data, you have the right, at any time, to object to the processing of your personal data.
Direct marketing restriction
You are entitled to prevent us from using your data for direct marketing purposes at any time. We will never sell or otherwise disclose your data to other parties in order for them to target direct marketing at you.
We may purchase online advertising from, for example, Facebook and Google. However, these companies do not receive your personal data, and this type of online advertising is not direct marketing but based on cookies. For further information, please see ‘Cookies’.
Right to erasure
If you feel that certain data concerning you is no longer necessary in relation to the purposes for which the information was collected or processed, you have the right to ask us to delete such information. We will review your request and, after which, either delete your data or provide you with legitimate grounds why the data cannot be erased. If you disagree with our decision, you have the right to lodge a complaint with the Data Protection Ombudsman (Data Protection Ombudsman contact details). In addition, you are entitled to request that we restrict the processing of the disputed data until the matter has been resolved.
Right to lodge a complaint
If you believe that our processing of your personal data infringes applicable data protection legislation, you have the right to lodge a complaint with the Data Protection Ombudsman (Data Protection Ombudsman contact details).
7. Regular sources of information
Information concerning prospects is received from the prospects themselves based on their consent given at the time of visiting our website or via other personal or digital interaction.
8. Information disclosures
As a general rule, information is not disclosed for marketing purposes outside Alupro Ltd.Information may selectively be disclosed for targeted third-party marketing campaigns according to the mandate received from the Controller. Data ownership does not transfer to the third party nor does the third party have the right to use the data for any further purposes.We have ensured that all our service providers comply with data protection legislation. As a rule, we use the following service providers:
- Red & Blue Oy
- Systems Garden Oy
- VM IT Oy
- Microsoft (Office 365).
9. Data transfers outside the EU
When possible, we have selected data centres that are both secure and located in Europe for storing your information.
Some of the above-mentioned service providers may back up data outside the EU/EEA to the United States. Data is backed up in order for your data to be protected also in situations where the main servers are down.
In case your data is transferred outside the EU, we have ensured that our service providers have joined the Privacy Shield Program (https://www.privacyshield.gov/list), which aims to ensure that European personal data is processed in the United States in a manner that ensures appropriate security of the personal data.
10. Principles on protecting Register information
Processing your personal data in a confidential and secure manner is important to us. We use the following security measures in order to protect your personal data.
- In order to log into the system, the user must enter the correct username and password combination. The system is also protected by firewalls and other technical means.
- Only certain predetermined employees of the Controller are entitled to access and use the Register information contained in the system.
- The use of the Register is protected by user-specific usernames, passwords and user rights.
- The Register is stored in a server located in a data centre with access control.
- The data contained in the Register is stored in a locked and guarded facility.
- Backup copies are regularly made of the data kept in the Register.