KT-Shelter processes personal data as required by the EU Data Protection Regulation GDPR and other applicable data protection legislation.
Person responsible for data privacy
Basis for gathering data
Customer register: Customer contact information is gathered when a customer relationship is established or when a potential customer provides their contact information via a web form. Processing is based on agreement in the customer relationship and consent in potential customers.
Data collected in the register
Customer personal information: name, contact information, company, phone number, email address in addition information required for customer contracts.
Sources of information
The main source of information is received from the customer him/herself. The information may also be obtained and updated from the customers’ company website or other public sources.
Disclosure of information
Customer information is disclosed to third parties only for the use of outsourced services, for example, a marketing agency may send e-mails to persons in the customer register as a data processor of the company’s personal data.
Data transfer outside the EU or the EEA
Customer register data will not be disclosed to parties operating outside the EU or the EEA.
The information collected in the customer register and via the website is IT system-based and personal data is protected by normal IT arrangements. Only KT-Shelter’s employees and the employees of the supplier of the website operating in Finland have access to the customer register and the personal data contained therein. Access to the systems requires a username and password. All data processors are bound by professional secrecy.
Data retention time
Customer information is retained for as long as the customer relationship is valid. After the termination of the customer relationship, the data is retained for as long as the accounting records require the data to be retained.
Rights of the data subject
Verification of information: The data subject has the right to check the information about himself in the customer register.Correction and deletion of data: The data subject has the right to request that incorrect personal data concerning him or her be corrected, supplemented or deleted from the register if the data is incorrect, unnecessary, incomplete or out of date for the purpose of processing personal data. In accordance with the applicable data protection legislation, the data subject has the right to request the transfer of his or her data to another data controller. In the event that personal data suspected to be incorrect cannot be corrected or deleted or there is ambiguity in the request for deletion, the controller shall restrict access to the data.Opposition to direct marketing: The data subject has the right to refuse to receive direct marketing messages by following the instructions in such messages to remove them from the mailing list or by notifying e-mail to firstname.lastname@example.org.
Withdrawal of consent
If the processing of personal data is based on the data subject’s separate consent, the data subject has the right to withdraw his or her consent to the processing of his or her data. If you wish to exercise your rights above, you may contact us at any time using the contact information provided in this Privacy Statement.
Exercise of rights
Requests for the rights of data subjects are made electronically or otherwise in writing using the above contact details. A request for verification shall be answered within a reasonable time and, where possible, no later than one month from the submission of the request and the verification of identity. If the data subject’s request cannot be accepted, the data subject shall be notified of the refusal in writing. The data subject has the right to lodge a complaint with the data protection authority if the data subject considers that his or her personal data have been processed in breach of applicable law.
The content of the privacy statement may be updated with changes in operations and legislation.