Privacy Statement: Customer & Marketing Database

1. Data Controller
Logset Oy Hännisentie 2, 66530 Koivulahti Y-tunnus: 1980145-7

2. Representative of the Data Controller
Jussi Metsäpelto
Logset Oy
Hännisentie 2, 66530 Koivulahti
jussi.metsapelto(at)logset.fi

3. Data Protection Officer
Jussi Metsäpelto
Logset Oy
Hännisentie 2, 66530 Koivulahti
jussi.metsapelto(at)logset.fi

4. Database name
Logset Oy’s Customer & Marketing Database

5. Purpose of personal data handling
The handling of personal data is based on the legitimate interest of the company in relation to the customer relationship or another relevant relationship. Personal information is used by Logset Oy – Personal data is intended for use in the context of the administration, customer services provision, maintenance, and development activities pertaining to Logset Oy’s existing and potential clients. – Communication and marketing targeting – Service production, provision, and development. – Dissemination of information on services and events & activities for marketing purposes – Administration of education/training and courses – Business planning and development – Market research and customer feedback & the collation and reporting of customer satisfaction data

6. Basis for data collection and processing
Customer data is collected and processed with the customer’s consent, or to enforce a contract with the customer.  

7. Data held in the database 
The following types of database entries are handled: – Names – Address details – Phone number – E-mail – Organization – Position in organization – Line of business In addition, the register may contain other transcriptions related to the data subject and his/her potential customer relationship and other information required to manage the customer relationship, such as information on direct marketing authorization/ prohibition, past or future attendance, food-allergies delivery and invoicing. In addition, the registry may contain information collected through cookies about the data subject’s visits and activities on the administrator’s website.

8. Data storage time
We store personal data for as long as the client account is active or for as long as is required by law. The personal data of persons who have given their approval to receive marketing materials is maintained in the marketing database until the registrant declines any further marketing contact. In that case, however, the basic information of that person and the information on the marketing ban shall be retained. We regularly consider whether the storage of data is necessary in compliance with the applicable legislation. In addition, we take reasonable measures to ensure that data entered into the database for the purpose of handling does not contain any incompatible, outdated or inaccurate personal information. We correct or remove incorrect entries at the earliest possible opportunity.

9. Regular data sources
We primarily acquire data directly from the registrant him/herself or with the help of cookies implemented on the administrator’s website(s). Data is also collected using the Google Analytics tool. In addition to the methods and intended purposes described in this statement, personal data may also be collected and updated from publicly available sources, from authorized agencies such as local or national authorities, and/or from third-party stakeholders in line with the statutes and limitations of any and all applicable legislation. The updating of this data can be performed manually or by using automated systems.

10. Regular transfers of data and transfers of data outside the EU or the European Economic Area
Personal data can be handed over and transferred to the data controller’s service producers for the purpose of data handling. Data processors may not handle the aforementioned personal data in such ways or for purposes other than those expressly approved by the administrator. Logset Oy may also outsource data collection and handling to third-party organizations, which may be based in countries outside the European Union and/or the European Economic Area; for example, in the Unites States of America. Such companies may handle personal data in order to provide e.g. IT services. In such cases, EU-U.S. will ensure adequate security and handling of the registry. – Privacy Shield – or by contract using model clauses approved by the European Commission. 11. Use of cookies We use cookies on our website. A cookie is a small text file that is sent to a user’s computer and stored there, which allows the webmaster to identify visitors who visit the site frequently, to make it easier for visitors to log in to the site and to compile aggregated information about the visitors. With this feedback, we are able to continually improve the content of our pages. If the user visiting our website does not want us to receive the above information through cookies, most browser programs allow you to disable the cookie function. This is usually done through browser settings. However, it is good to keep in mind that cookies may be necessary for the proper functioning of some of the pages and services we maintain.

12. Registry security Access to all data recorded in and handled by the information systems is restricted and may only be accessed and used by approved personnel. Access to and use of this data requires the user to sign-in to the information system using his/her unique username and password. The information systems are protected and secured using appropriate antivirus software and firewalls.

13. The registrant’s rights
The registrant has the right to object to the use of his/her data for electronic or other direct marketing purposes by using the unsubscribe or order cancelation link contained in the newsletter or other electronic message or by contacting the representative of the data controller stated in section 2 in writing. The data subject has the right to check what information about him or her has been stored in the register and, if necessary, to require the data controller to correct or supplement the information about himself or herself in the register. Registered information is him/herself responsible for the accuracy of the data he/she provides. The registrant must inform the data controller of any changes to the data held in the database. The data controller may also use his/her own initiative to correct mistakes in the data entries if they discover any error or errors. As a registrant, you have a legal right to oppose or request that access to your data be limited or otherwise restricted and you are entitled to make a complaint about the handling of your personal data to the supervisory authority and request the removal of your personal data from a database or the transfer of this data to another system should you so wish. All requests made by the registrant must be sent in writing to the representative of the data controller stated in section 2. 14. Changes to the privacy policy Should we make any changes to this statement, we will indicate these changes in an updated version of this statement. Should these changes be significant, we may also choose to disclose them in other ways such as via an email or a bulletin on our website. We highly recommend that you visit our website regularly to keep abreast of any possible changes to this statement.

Updated: 7.6.2022