1. Data controller
Earthpac Oy | business ID: 1030180-0
Kustaa Vaasankatu 2-4
2. Contact person for register-related issues
040 413 2541
3. Register name and data subjects
Earthpac | Marketing Register
In the Register, we process the personal data of our potential clients and their representatives.
4. How do we use your personal data?
We use your data for the marketing and development of the services provided by Earthpac Oy. We collect, store and process personal data only for pre-defined purposes.
5. What personal information do we collect?
Data of the following kind can be stored about data subjects:
- Telephone number
- E-mail address
- Consent information
- Publicly available classification information
- IP address data or another identifier
- Data collected via cookies
- Website(s) visited
- The time spent on website
- How did you get to the website
- What links do you click
- Data collected from social media channels
Other data collected with the customer’s consent.
6. Which sources do we collect personal data from?
We collect personal data about you mainly from yourself, when you contact us or when you use our services at a later time. We can also collect contact information from public sources.
7. What is our basis for processing your data?
We ensure that we always have a legal basis for processing your personal data.
We process personal data stored in the marketing register either on the basis of our legitimate interest (e.g., direct marketing to our potential clients and developing our services) or on the basis of your consent.
8. Will your data be transferred or disclosed?
As a general rule, your personal data are processed by our staff members in the course of their work.
In some cases, your data may be disclosed confidentially to our business partners or subcontractors, who process personal data under a written mandate agreement. These include data centre and cloud services meant for data storage, the suppliers of the IT systems we use, and external services purchased to support sales and marketing.
Our subcontractors and business partners process personal data in an agreed manner, in accordance with our written instructions, and only to further the agreed, lawful purposes.
9. Will your data be transferred outside the EU or the EEA?
As a general rule, we do not transfer your personal data outside the EU or the EEA
The website analytics service we use (Google Analytics) might transfer analytical data outside the EU. However, Google is committed to the Privacy Shield framework, which guarantees an adequate level of data security as approved by the European Commission.
Likewise, the social media channels we use might transfer your data outside the EU and the EEA, but they are also committed to the Privacy Shield framework.
10. For how long will your personal data be stored?
We will only store your personal data for the time necessary to fulfil the purposes described in this statement. Unnecessary data are deleted regularly, at least once a year.
11. How are your data secured?
We respect the confidentiality of your personal data.
Personal data are protected from third parties by firewalls, anti-virus software, personal usernames and passwords. Only the persons authorised by us, whose work requires the processing of personal data, have access to personal data. We only disclose personal data confidentially and to a limited extent, based on the agreements with our contracting partners, such as our subcontractors. Our contractual partners must implement adequate data security and process personal data lawfully in all respects. The people who process personal data are bound by an obligation of confidentiality.
Our website uses a TLS-encrypted HTTPS connection, which means that all personal data are protected electronically. In your browser, you can see it from a lock on the left side of the address bar. If data are in a manual format, they are stored in locked premises not accessible to third parties, and destroyed securely.
According to law, we are allowed to store cookies on your device if this is essential for the operation of the website. We need your consent to use of any types of cookies.
13. What rights do you have?
13.2 The right to access data (the right of inspection)
You have the right to know which of your personal data are stored on the register. You can review your stored personal data as described in this statement.
13.3 The right to have the data corrected or removed (the right to be forgotten)
We will delete, correct or supplement data that are inaccurate, unnecessary, incomplete or outdated for processing, either on our own initiative or at the data subject’s request.
13.4 The right to restrict processing
The data subject has the right to demand that the active processing of their personal data is restricted, for example, when the data subject disputes the accuracy of their personal data and requests that their personal data are corrected or removed. In this case, such personal data may only be stored, not processed otherwise. Restrictions on processing are ensured by technical measures.
We will notify the data subject before lifting the processing restriction.
13.5 The right to object to the processing of personal data
You have the right to object to the processing of your personal data to the extent that there is no compelling reason for the processing that would supersede your rights or the processing is not necessary for fulfilling a legal requirement.
13.6 The right to transfer data from one system to another
To the extent that the data subject has provided data for the customer register, processed with the consent or mandate of the data subject, the data subject has the right to obtain such data in a mainly machine-readable format and the right to transfer this data to another data controller.
13.7 Withdrawal of consent
If personal data are processed based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying us. You can withdraw your consent as described in Section 14 of this statement.
13.8 The right to appeal to the supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the data controller has not complied with the applicable data protection regulation in its activities.
14. Where can I submit requests regarding my rights?
Any queries and requests related to the register can be submitted either in person on site by presenting an identity document, or by sending a message to the e-mail address firstname.lastname@example.org. We may then contact you by telephone, if necessary, to verify to identity.
We will send the requested data to your e-mail address as a password-protected document, and the password will be sent to your phone by text message.
We will respond to requests within one (1) month of submitting the request, unless there are special reasons for extending the response time. We may also refuse to comply with your request on the grounds provided by the applicable legislation.
The exercise of the rights is, in principle, free of charge.
15. Mandatory disclosure of information