Casemet Oy Privacy Statement

Casemet Oy Privacy Statement

This is the privacy statement of Casemet Oy (Data Protection Act (1050/2018) and the EU General Data Protection Regulation (2016/679)). Last updated on July 2, 2024.

Data controller

Casemet Oy (FI 27376083)
Insinöörinkatu 1, 50100 Mikkeli

Contact person for register matters

Casemet Oy, Tiia Miettinen, tel. +358 40 135 0111

Name of the register

Customer Register

Purpose of processing personal data

Personal data is processed for the management and analysis of customer relationships and other relevant connections, service provision, business development and planning, as well as marketing, remote sales, opinion and market research, and customer communication, which may also be conducted electronically and in a targeted manner.

Personal data processed

The following data may be processed:

• First and last name
• Contact details (postal address, phone number, email address)
• The start and end dates and method of customer relationship or other relevant connection
• Direct marketing permissions and prohibitions
• Business ID (for companies) or personal identification number
• Information on the use of electronic services and content (e.g., newsletter subscriptions)
• Marketing and sales promotion-related data, such as marketing actions targeted at the individual and their participation in these actions

For those who have purchased a product and/or service, the customer register may also contain the following data in addition to the above:

• Customer number
• Business ID or personal identification number
• Billing and collection details
• Contact persons (name, phone number, email)
• Information related to the management and classification of the customer relationship or other relevant connection (e.g., product and service purchase and cancellation details, delivery information, feedback, complaints, and records of customer service interactions, such as calls, emails, and support messages)

Regular sources of information

The personal data is collected directly from them, from various services they use, and through different marketing actions such as promotional lotteries, contests, and events. Personal data may also be collected and updated from the registers of business partners and from authorities and companies providing personal data services.

Retention period for personal data

Personal data is retained only as long as it is necessary for the purposes set out in this statement or for the retention periods set out in our legislation.

Regular disclosures of data

Data may be disclosed in accordance with the applicable laws upon request from competent authorities or other entities. Data may also be disclosed in connection with corporate transactions to buyers if Casemet Oy sells or otherwise restructures its business. Data may be transferred to Casemet Oy’s selected business partners who process data on behalf of the data controller based on a cooperation agreement. In such cases, the data processor is not permitted to process the transferred data for its own purposes in its own registers.

Transfers of data outside the EU or EEA

Data will not be transferred outside the European Union or the European Economic Area unless it is necessary for the purposes of processing personal data or for the technical implementation of data processing. In such cases, data transfers comply with the requirements of the General Data Protection Regulation.

Principles of how the data register is secured

Personal data is protected against unauthorized access and unlawful processing (e.g., destruction, alteration, or disclosure). Each processor may only process personal data necessary for their work tasks. Documents are stored in a locked space protected from unauthorized access. Documents are printed only when necessary, and paper printouts are destroyed after use.

Electronically processed data in the register is protected by firewalls, passwords, and other commonly accepted technical security measures in the industry. Only specifically authorized employees of the data controller and its contracted service providers have access to the register data, granted through access rights by the data controller.

Rights of the data subject

The data subject has the right to inspect what personal data about them has been stored in the register. Upon request, necessary corrections and additions will be made to the personal data, or incorrect, unnecessary, incomplete, or outdated data will be deleted for the purposes of data processing. Inspection and updating of data can be done by contacting Casemet Oy’s responsible person for register matters.

Other rights related to the processing of personal data

Casemet Oy reserves the right to modify this privacy statement by posting updates on its website. Changes may also be based on legislative amendments. We encourage regular review of this statement.

This privacy statement was last updated on July 2, 2024.