This Privacy Statement of Gasgrid Finland’s Customer and Marketing Register describes the data processing activities followed by Gasgrid Finland Oy. In addition, the Privacy Statement informs Data Subjects of their rights.
Gasgrid Finland Oy is committed to maintain the confidentiality and privacy of personal data held by its customers and stakeholders and to complying with national data protection legislation and the EU General Data Protection Regulation as amended.
Gasgrid Finland Oy process personal data for many purposes. This Privacy Statement describes Gasgrid Finland Oy’s privacy practices, processing purposes and provides information to Data Subjects about their rights. Gasgrid Finland Oy processes personal data confidentially and only collects data to the extent necessary for purposes described in this Privacy Statement.
Name of the register and information on the Data Controller
Gasgrid Finland Oy acts as the Data Controller. The name of the register is Gasgrid Finland Oy’s Customer and Marketing register. Gasgrid Finland Oy is responsible for the processing of personal data. You may be our registered customer, potential customer, their contact person, affiliate representative or other stakeholder (“Data Subject”) with whom it is important or necessary for us to communicate.
Gasgrid Finland Oy
Business ID: 3007894-1
Address: Keilaranta 19 D, 02150 Espoo
Contents of this Privacy Statement
Our Privacy Statement contains the following information:
- What types of personal data we process
- Personal data processing purposes and legal basis
- How do we collect personal data
- How long do we retain personal data
- To who do we disclosure personal data – recipient groups
- Disclosure of personal data to recipients in third countries
- How do we secure data protection
- Your rights
- Amendments to the Privacy Statement
- Contact details
What personal data types we process
We process the following personal data categories
- First names and last names
- Contact details (phone number, address and e-mail address)
- Employment information (your employer, profession, title, scope of your work, degrees, your representation rights at your organization)
- Social security number and date of birth
- Allergies and diet information (for event organization)
- Customer survey answers
- Credit information
- Technical information: Cookies, IP-addresses, and device information (technical information won’t be directly associated to you or your name).
- Information provided to us for contact requests such as your associated message.
- Footage (if you visit our premises or you have given your consent to publish video or still images for marketing and communication purposes).
- Information concerning your work experience, education and other corresponding information you have provided to us in a recruitment process or when we are procuring goods or services).
Processing Purpose and Lawfullness
We process your personal data only when considered lawful under applicable regulation. Our processing purposes are mainly based on the following lawful processing criteria:
- Performance of a contract.
If you represent an organization to whom we are in a contractual relationship with we can collect your:
- Contact details
- Employment information
We can process the data to:
- Contact you to perform and fulfill a contract and to maintain the associated relationship.
- Improve the customer relationship, customer communications and executing customer surveys.
- To comply with our statutory obligation, we may be obliged by law to process your personal data. For example, your personal information may be stored longer than is necessary to implement the contract, e.g. if applicable accounting law so require.
Based on our legitimate interest, we can process your data in the following events:
- Issuing newsletters via e-mail if the marketing is closely connected to good or service we have already provided to you under a contract so that we have received your contact details e.g. through the newsletter ordering form.
- Strictly for the purpose of direct marketing of our services.
- You have the right to object direct marketing and opt-out of which we inform you when we exercise such marketing.
- To protect our assets, operation and property when you visit our premises, we have adequate camera surveillance in place recording video footage.
- During public or private procurement processes, prior to enforcing a contract, if your organization has been requested to supply information on your employment and educational background to verify your level of competence.
Based on your consent
- If you give your voluntary consent for us to process your data, we will inform you when asking your consent including information about the specific purpose for data processing.
- We will request your consent, inter alia, in the following situations:
- For event organization (including stakeholder events, trainings, rescue personnel operations and trainings). To organize the events, we might ask you to provide your name, contact details, employment details, and dietary information.
- When answering our marketing and customer surveys.
- When we collect your information to contact you.
- You can withdraw your consent at any time by contacting us or following the instructions provided when you gave your consent for the specific processing activity.
How do we collect personal data
- We mainly collect personal data directly from you.
- If you are a contact person necessary for the performance of a contract, we might receive your data directly from the organization you are representing.
- We may also collect data from third parties, such as:
- Suomen Asiakastieto Oy
- Registry Office
- Trade Register
- Fonecta Oy.
How long do we store personal data
We have set time limitations for processing of personal data. After the expiry of such, we will destroy the data. Limitations in this respect are not fixed. Instead, they are based on the existence of a lawful processing purpose (inter alia, for the validity of a contract or the remainder of a legal obligation), which we review in regular set intervals. For example, data received in a marketing draw is deleted after the draw has ended. Camera footage at our premises is deleted at regular intervals. We might have to maintain data for longer periods of time in case disputes, accidents or other liability events to protect our rights.
To whom we transfer your data to – recipient groups
We may transfer your personal data to our business partners (including, inter alia, IT- and cloud service companies and event organizers). When transferring data to third party processors, we will ensure data protection compliance with applicable regulation by executing a data protection agreement with the processor and giving adequate instructions. When required, we will ask your consent to transfer data. We might be also required under a legal obligation to transfer data to authorities or officials such as police, customs or tax authorities.
Transfer of Personal Data to Third Countries
First and foremost, your data won’t be transferred to locations or to third party processors in third countries outside of EU or the European Economic Area. In some limited events, we may transfer your data to our selected processing partners or their sub-contractors storing data in such third countries. In these situations, we fully follow and comply with the requirements of the EU General Data Protection Regulation of transfer of data to third countries:
- The European Commission has decided that a third country has adequate level of protection of personal data. No specific permit or authorization is required for such transfer to third countries.
- We otherwise secure fully adequate level of protection of personal data by utilizing the model standard contractual clauses provided by the European Commission for the transfer of personal data to third countries.
- We execute a data protection agreement with the third party processor and provide them with adequate instructions.
How Do We Secure Data Protection
Your data protection is of utmost importance to us. We have taken and have in use adequate technical and organizational measures to secure protection of data and to fully avoid data breaches. We have in place high industry standard security programs and have limited access to the data to our employees who are in their scope of work required to process the data (access control).
Servers of our systems are located in a dedicated, locked and well-protected and monitored data centers. Personal data is, inter alia, protected from the public internet with a firewall, and access to any personal data requires verification by a user ID and password.
Your Rights As a data subject
As a data subject, you have the following rights:
- Access to your personal information
- You can access and review what data we process of you. After we have validated your identity, we will provide the data we process of you and other information of your rights as required under applicable regulation.
- Rectification of missing or inaccurate personal information
- You can have your data rectified if it contains errors or the data is incomplete. We kindly ask you to notify us if you notice that your data is erranous or incomplete.
- Removal of personal information (“right to be forgotten”)
- You can request us to erase and delete your data with the condition that no lawful processing principle exists and the processing is not otherwise required under mandatory law or to resolve an ongoing dispute.
- Restriction of processing personal information
- If ambiguity regarding the validity of our lawful processing principles or the authenticity of your data exists, you can request us to restrict the processing of your data until the ambiguity is resolved.
- Transfer of personal information from one system to another
- You can request us to transfer your data to other controllers if it is technically possible and safe.
- Objection of our legitimate interest
- You can lodge a complaint to national regulatory authorities.
We have the right to amend this Privacy Statement if our purposes for processing data or if the existing circumstances change. We will not, however, change the processing purpose of your data without you knowing it or without your consent when consent is our lawful purpose. We are always committed to comply with existing and in force regulation to fulfil your rights even though changes might be made to this Privacy Statement.
You can contact us at: firstname.lastname@example.org or by phone: +358 50 327 2168.
This privacy statement was last updated on 1.1.2020. Gasgrid Finland Oy may update this privacy statement and endeavor to act in a reasonable manner to inform the data subject in a timely manner of possible variables and users. Gasgrid Finland Oy will develop the data subject to review the information in the privacy statement upon receipt of information about the informed changes.