Privacy policy
- Data Controller
KVM Group Oy
3171931-7
Contact details:
Klaus Mäkelä
050 327 0701
[email protected]
- Registered
Wastuu.com customer register based on customer relationship and other relevant connection.
- Basis and Purpose of Register Maintenance
Personal data is processed based on the registered customer relationship
Personal data is processed based on consent
Processing of personal data and purpose of the register
Personal data is processed only for predefined purposes, which are as follows:
- Customer relationship management
- Informing stakeholders
- Direct marketing
- Analytics
- Personal Data Stored in the Register
The customer register contains the following information:
- first name
- last name
- email address
- phone number
- message/messages
- customer type
- registration time
- the customer’s possible acceptance or refusal to disclose and process their data for direct advertising, distance selling, and other direct marketing
- Analytical data (section 5.)
- Anonymized Data
In order to develop our online services, we can use third-party analytics tools. Such tools include Google Analytics and Facebook Pixel. The collection of data is automatic, and the data is anonymized at the collection stage. The collected data includes:
- IP address (and location country)
- User activity on the website
- Type of device used
- Browser type and language settings
- Use of Analytics
We regularly use anonymized analytics:
- For market and other research, analysis, and targeting
- To ensure usability and functionality and to investigate misuse
- For business planning and product development
- For the production, maintenance, protection, and development of services
- For personalizing services and targeting marketing
- Cookies and Other Tracking Technologies
The online service also includes third-party cookies, such as measurement and tracking services. Third parties can set cookies on your terminal device when using online services. Third parties can use anonymized data from cookies for targeted advertising in other online services. Our online services may also include social media plugins.
We use Google’s reCAPTCHA service to ensure that the sender of the forms is a natural person. The service includes sending the IP address and other information required by the reCAPTCHA service to Google. Google Inc.’s privacy policies apply to the check. More information about Google Inc.’s privacy policies can be found on the service’s website: https://policies.google.com/privacy?hl=fi&gl=fi
- Rights of the Registered
The registered has the following rights, the use of which must be requested in writing and signed by hand, or in person at KVM Group Oy, Satakunnankatu 11, 27510 Eura:
Right of inspection
The registered can check the personal data we have stored.
Right to correct data
The registered can request to correct incorrect or incomplete data concerning him.
Right to object
The registered can object to the processing of personal data if he feels that personal data has been processed unlawfully.
Direct marketing ban
The registered has the right to prohibit the use of data for direct marketing.
Right of deletion
The registered has the right to request the deletion of data if the processing of data is not necessary. We process the deletion request, after which we either delete the data or report a justified reason why the data cannot be deleted.
It should be noted that the data controller may have a statutory or other right not to delete the requested data. The data controller is obliged to keep the accounting material in accordance with the Accounting Act (Chapter 2, Section 10) for a specified period (10 years). Therefore, accounting-related material cannot be deleted before the deadline expires.
Revoking Consent
If the processing of personal data concerning the registered person is based solely on consent, and not, for example, on a customer relationship or membership, the registered person can revoke their consent.
The registered person can complain about the decision to the Data Protection Ombudsman
The registered person has the right to demand that we limit the processing of disputed information for the time being until the matter is resolved.
Right to complain
The registered person has the right to lodge a complaint with the Data Protection Ombudsman if they feel that we are violating applicable data protection legislation when processing personal data.
Contact information for the Data Protection Ombudsman:
www.tietosuoja.fi/fi/index/yhteystiedot.html
9. Regular sources of information
The contact and customer information in the register is obtained from the registered person when a customer relationship or relevant connection arises and during it from the notifications made by the registered person to the controller. The customer can also provide their information through an online form. In addition, personal data can be collected from social media related to the controller’s operations, where information about the registered person is available.
Anonymized information is collected using third-party analytics tools, such as Google Analytics and server data.
10. Regular data transfers
We have ensured that all our service providers comply with data protection legislation. We do not transfer personal data outside the EU area unless the company has joined the Privacy Shield system. We regularly use the following service providers:
| Company | Country | If outside the EU | Function | Updated |
| Zoner | Finland | Server operations | 19.9.2023 | |
| MailChimp | United States | Privacy Shield | Email services | 19.9.2023 |
| United States | Privacy Shield | Email, analytics, advertising | 19.9.2023 | |
| United States | Privacy Shield | Advertising | 19.9.2023 | |
| Aline creative technology studio oy | Finland | Software developing | 19.9.2023 |
11. Duration of processing
Personal data is mainly processed for as long as the customer relationship is valid Registered users can unsubscribe from our marketing list themselves through a link in every marketing email we send. Anonymized data is stored for 26 months
12. Personal data processors
Customer information is processed by persons who manage the customer relationship or stakeholder activities. The register is also accessible to employees who are responsible for maintaining server operations. We can also outsource the processing of personal data in part to a third party, in which case we guarantee by contractual arrangements that personal data is processed in accordance with applicable data protection legislation and otherwise properly.
13. Transfer of data outside the EU
Data is regularly transferred outside the EU or the European Economic Area. When data is transferred outside the EU and the EEA, we ensure an adequate level of protection for personal data, among other things, by agreeing on matters related to the confidentiality and processing of personal data in the manner required by law.
14. Principles of register protection
Only KVM Group Oy employees have access to the register.
Electronic material:
Only those employees who are entitled to process customer data due to their work are entitled to use and change the customer data in the system. They are bound by confidentiality. Each user has their own username and password for the system. The data is collected in databases that are protected appropriately according to industry standards. The databases and their backups are located in locked and guarded premises and only certain pre-named persons have access to the data. In addition to the situations described in these terms, information is reported or disclosed to outsiders only due to a statutory notification obligation, such as at the request of the customer or at the request of the authorities based on the law.
Manual material:
Stored in a locked space and only relevant individuals have access to it.