The Personal Data Act (523/1999) Sections 10 and 24
1. Register controller and contact information
Antell Group / Katri Antell Oy
Poratie 5, 90140 Oulu
Business ID: 0187176-4
2. Name of the register
Marketing and customer register of Antell Group
3. Contact person
CCO Mari Kähkönen
Katri Antell Oy
Poratie 5, 90140 Oulu
+358 20 770 2076
4. Purposes of handling personal data
The purpose of the register is to maintain the marketing and customer register of Antell Group.
Register controller processes personal information according to the applicable data protection laws, including the EU’s General Data Protection Regulation (2016/679) and the Finnish Data Protection Act (1050/2018).
The data may be used by companies in Antell Group for marketing, customer communication, other management and development of customer relationships, analysis and statistics. The personal data is processed within the restrictions permitted and required by the Personal Data Act.
Purposes for handling personal information:
- maintaining customer relationships and carrying out customer services
- offering useful, targeted and personalised services to customers
- carrying out the rights and obligations of the customer and register controller
- processing the personal information of different stakeholder groups (suppliers, job applicants, partners)
- processing website user data to verify and develop website functionalities
- processing personal data connected to products and services of the register controller, such as developing, offering, operating and marketing products and services
- Additionally, personal data saved in the register may be used in accordance with the data protection legislation for stakeholder communications of the register controller, such as sending newsletters, electronic notifications and electronic direct marketing.
The legal basis for processing personal data are, depending on the purpose, requirements set by the law, agreement, consent and the register controller’s legitimate interests.
The register controller’s legitimate interests are the basis of processing personal data when there is a relevant relationship between the controller and data subject. This kind of relevant relationship is formed, for example, when the data subject contacts the register controller on their own initiative or when the register controller processes the personal information of the data subject, for example in conjunction with business or partnership activities with the data subject’s employer.
In addition, based on the register controller’s legitimate interests, the register controller may save the data of potential customer companies and their contact persons and representatives where the register controller can reasonably expect them to be interested in acquiring products or services that the register controller offers.
Digital marketing of the register controller can be sent to the data subjects who have given their consent to direct marketing. When the data subject is asked to give their consent to direct marketing, they are also made aware that cancelling this consent is straightforward and can be done at any time. In addition, in accordance with the applicable data protection legislation, direct marketing can be sent to such recipients that the register controller can reasonably assume have responsibilities or assignments essentially connected to the marketable goods and services.
Cancelling direct marketing subscription is possible by contacting the register controller or by clicking on the unsubscribe function available in every marketing message (named “Poistu postituslistalta” or “Unsubscribe”). This will remove the data subject’s details from the list of subscribers.
5. Data content of the register
The register may contain the following information about the user:
- The person’s first and last name
- Email address
- Telephone number
- Company name
- Title or occupation
- Information about the use of websites (such as form submission data)
- Information given in questionnaires and surveys
- Information from a registered employee or a representative of a stakeholder currently in a customer, business, partner or contractual relationship with the register controller
- Additional information directly from the data subject as part of a job application and recruitment process
- Other information gathered with the user’s consent
- Information on marketing bans
6. Regular sources of data
Personal information has primarily been collected from the following sources of information:
- Directly from the data subject for the purposes of maintaining the customer relationship (for example, via the contact form on the website)
- Directly from the data subject as part of a job application and recruitment process
- Directly from the data subject as part of another partnership
- From publicly/commonly available sources (such as the internet and trade register)
- From a registered employee or a representative of a stakeholder currently in a customer, business, partner or contractual relationship with the register controller
- During business operations, company information is checked from Suomen Asiakastieto Oy’s registers, which may also contain information about company representatives.
7. Regular disclosure of data
The data will not generally be disclosed outside the Antell Group / to third parties, excluding instances where authorities so require in accordance with the law, or in order to provide services to customers. For carrying out its services, the register controller uses trusted third-party service providers who may, in accordance with data protection law, process personal information on behalf of the register controller to carry out these services.
With Google Analytics, the register controller collects user data from the website in order to better analyse and improve the website and to offer targeted marketing to the site users.
8. Transfer of data outside the EU or the EEA
Potential transfers of personal data out of the European Union or European Economic Area will always be executed following the applicable data protection regulations.
9. Principles of securing the register
Manual data does not exist.
The information network and hardware that belongs to the register controller and hosts the personal data is protected by a firewall and other applicable technical measures.
10. Right of access
The data subject must request access in writing (email or letter) and address the request to the person responsible for the register.
Right to access personal data
The data subject has the right to obtain confirmation from the register controller on whether the data subject’s personal information is being processed. If personal information is processed, the data subject has the right to access this information.
Right to rectification, erasure or restriction of processing
The data subject has the right to ask the register controller to rectify information concerning them, erase any information concerning them or ask to limit the processing of the data based on law.
Right to object
The data subject has the right to object to the processing of their information based on their unique situation, when the register controller processes the data based on the register controller’s legitimate interests.
Right to complain to the supervisory authority
In Finland, the relevant supervisory authority is the Data Protection Ombudsman, whose contact details and instructions you can find at www.tietosuoja.fi.
11. Updating the Privacy Statement
Katri Antell Oy may update this statement without notice, if the use of personal data is not expanded. If the data usage / purposes are expanded ,Antell will inform its contacts using digital channels, such as newsletters, web page etc.
Antell may, at its discretion, change, update, cancel or remove the Service, any content or portions of the website without notice.