A register description in accordance with Section 10 of the Personal Data Act (523/99)
Powerlift Oy (Business ID 2913012-4)
The party maintaining the register
Asiakaspalvelu / Powerlift Finland Oy
Powerlift Oy customer register
The purpose and legal grounds of handling personal data
The purpose of handling personal data is to take care of and maintain the customer relationship between company and the corporate customer, contact with the customer and marketing. The information in the register is used for the company’s own direct marketing, unless the customer has refused direct marketing.
The purchase and transaction information handled in the register and location data can also be used for profiling, as well as targeting marketing activities and customer communications that are of interest to the registered party. Personal data is also handled for sending a newsletter, events and in relation to participation in other marketing activities.
Handling is carried out in order to ensure the fulfilment of the entitled rights of the register controller, as far as the person making contact and the customer is concerned.
If the registered party does not provide the requested information insofar as the information is to do with completing the contact form, the register controller cannot take receipt of the contact form of the registered party or commit to a contract between the register controller and the registered party, as relates to the contact form.
The retention period of personal data
Personal data shall be kept for as long as is necessary to make the action possible that is related to the contact form completed by the registered party. The retention period depends on the requirement for the retention period of gathered data, for example invoicing information has to be kept for six years according to the Accounting Act. We will only keep the information of the contact form with the customer’s consent.
A description of the group of registered parties and information content
The register contains personal data relating to the company’s corporate clients.
The information in the form entered personally by the registered party may contain some of the following details: the email address, telephone number and address.
Regulatory information sources
The information stated by the person making contact, the database of the customer information system and invoicing.
Regulatory passing on of information
As a principle, personal data shall not be passed on outside the organisation except in the case that personal data required for managing accounting is provided to the accounting firm used by Powerlift Oy.
However, personal data can be passed on based on the grounds of an agreement between the customer and Powerlift Oy, a customer relationship between the customer and Powerlift Oy or prevailing legislation, including to the authorities.
Data shall not be transferred outside the EU or EEA.
The principles of the protection of the register
The data is kept technologically protected. Physical access to the data is prevented through access control and other security measures. Access to data requires the appropriate rights and a multiple-stage identification process. Unauthorised access is also prevented through, amongst other things, firewalls and technological protection. The register data can only be accessed by the register controller and separately designated technical persons. Only designated persons have the right to handle and maintain the data of the register. Users are bound by professional confidentiality. The register data is backed up securely and can be recovered when needed.
The rights of the registered party
A person in the register has the following rights, that include:
• The registered party has the right to see the information stored in the register that relates to them and obtain copies of it. The inspection request must be made in writing and addressed to the party responsible for register issues (see the section ’The party maintaining the register’).
• The party maintaining the register shall correct, delete or complete information in the register which is erroneous for the purposes of handling, unnecessary, deficient or outdated, either on their own initiative or upon a request from the registered party. The registered party must contact the person of the register controller responsible for register matters in writing for correction of the information (see the section ’The party maintaining the register’).
• Insofar as the handling of personal data is based on the consent of the registered party, the right to negate the consent at any time without affecting the legality of the handling carried out before its cancellation.
• To make a complaint with regard to the handling of data to the monitoring authority.