Privacy Policy
This document describes the processing of personal data conducted by Granlund Oy (hereinafter Granlund).
The privacy policy applies to the use of the website www.granlund.fi any personal data provided in connection with the use of the website, and personal data which the data subject has granted to Granlund in another context, as well as personal data which Granlund has obtained from publicly available sources.
Any third-party websites accessible through links on this website operate in accordance with the privacy and cookie policies of the respective websites’ administrators. Users are recommended to read such policies before using third-party websites.
1. Data controller and contact
Granlund Oy (1704694-5), domiciled at the address Malminkaari 21, FI-00700 Helsinki, Finland.
The email address for contact regarding the privacy statement is dataprotection@granlund.fi.
2. Purposes of data processing
Personal data is collected and processed for the following purposes:
(1) Offering and implementing Granlund’s products and services, as well as responding to any requests made. We also use personal data for other communication with our customers and partners.
(2) For marketing purposes to send newsletters, commercial offers and/or information about Granlund’s products and services via email, SMS or traditional mail (if the user has provided their address).
Processing may refer to one or more of the following actions: data collection, storage, organisation, registration, examination, retention, processing, editing, selection, use or deletion.
3. Legal bases for processing personal data
The processing of personal data is based on the data subject having granted their consent for the processing of their personal data when they have registered, filled in a contact form, entering into a contract or in another context. Providing data is voluntary, but may be a requirement for the use of Granlund’s services.
Additionally, providing necessary data for a contact request (such as contact information, name and email address) is necessary if the customer wishes to receive a response to their message. Based on the requests made by the user, Granlund may also require additional data. Providing such additional data is voluntary, but if it is not provided, it may be difficult or impossible for Granlund to respond to the user’s requests.
If the user wishes to subscribe to a newsletter and/or receive commercial contacts, it is necessary for them to provide an email address.
The user can provide data on the website by filling in the user data requested on the contact form. Data for the purposes of a product purchase, service use or entering into a contract can also be provided during a phone call or by email.
If the user has also granted their consent for the processing of data for marketing purposes, the data in question may be processed for statistical studies, opinion polling and market research related to Granlund’s services.
In addition to the provisions above, Granlund may use publicly available sources to obtain personal data for the purposes of new customer acquisition. In such a case, the personal data groups are name, phone number and email address, and the legal basis is the data controller’s legitimate interest in accordance with Article 6(1)(f). Granlund considers it in its legitimate interest to use personal data available in public data sources in its own business operations and in the marketing of its products to ensure its competitiveness in its industry.
4. Recipients of personal data
The users related to the services of the above-mentioned website are automatically stored in the system maintained by Granlund. Data provided by phone, verbally or by email is stored in Granlund’s system by the employee performing the task in question.
To fulfil the above-mentioned purposes, the data is processed by Granlund’s administrative and commercial personnel as well as companies and their personnel providing data processing and other services to Granlund (such as companies and personnel providing electronic marketing or parties providing website maintenance and administration services). Granlund has entered into a data processing contract with external data processors in accordance with the European Union’s General Data Protection Regulation (GDPR). Granlund may also provide data to its partners if it is required for the provision of services used by a customer or for the implementation of a contract. Granlund may also provide personal data to parties such as authorities, financial institutions and insurance companies, all of which are bound by a statutory obligation of secrecy.
Received data and data to be processed will not be provided to third parties other than in the cases defined above, unless the data cannot be associated with an individual person, or the provision of data is based on legislation or the order of an authority. Additionally, data may be processed and transferred as part of corporate restructuring (such as business transfers, mergers or split-ups).
The personal data is stored as confidential data with passwords and the necessary technical measures on the servers of Granlund or its service provider. The personal data is processed confidentially and only by employees whose job description includes such processing and who have agreed to comply with secrecy provisions and Granlund’s operating procedures related to data protection.
5. Data transfer to third countries
The personal data is not transferred or processed outside the EEA region.
6. Data retention period
Granlund stores the data subject’s personal data for only the necessary amount of time. The retention period for the personal data of people registered for Granlund’s services is determined according to the purpose of the data. If providing data through the website leads to a contract relationship with Granlund and the use of its services, the applicable valid legislation (such as the Accounting Act) will apply to the storage of personal data.
7. The rights of the data subject
The data subject has the right to request access to personal data concerning them and to request corrections, removal or restricted processing for such data, or oppose the processing of personal data. The data subject also has the right to transfer the data to another system by sending an email message regarding such a request to the email address indicated below.
The data subject has the right to revoke consent they have provided for the processing of personal data, but such revocation does not affect the lawfulness of processing performed before the revocation of consent, or the lawful retention period of personal data. The data subject may also separately oppose the use of their data for direct marketing, which does not otherwise affect their use of Granlund’s services.
The data subject also has the right to file a complain regarding the processing with the supervisory authority, which in Finland is the Data Protection Ombudsman (Office of the Data Protection Ombudsman, Lintulahdenkuja 4, 00530 Helsinki or tietosuoja(at)om.fi).
The provision of personal data is not based on a statutory requirement. However, the provision of data requested in Granlund’s system/services is a requirement for being able to enter into a contract with Granlund and/or use Granlund’s services. The provided data may also be used for automated processing and decision-making, such as profiling. The data subject has the right to oppose the use of their personal data for automated decision-making at any time.
To exercise the rights described above, please contact dataprotection@granlund.fi.
8. Information security
Granlund processes any personal data you have provided with sufficient and up-to-date technical and organisational security measures. Granlund aims to minimise the risks of data destruction, loss, unauthorised processing, unauthorised access or processing deviating from the indicated purpose of use. However, users must be aware that there are always information security risks related to the use of matters such as the internet and email services, so perfect information security cannot be guaranteed.
9. Internet usage data and cookies
Internet usage data
The information systems and software used for the operation of the website collect certain types of personal data, the transmission of which is part of internet data transfer protocols. Such personal data for users visiting the website includes but is not limited to computers’ IP/domain addresses or the URI (Uniform Resource Identifier) addresses of requested resources. The information systems and software may also collect data on the server regarding the times of requests, request methods, response file sizes, numeric codes indicating the status of the server response (complete, error, etc.) and other parameters related to the user’s operating system and network.
Such data is not collected or used to identify users, but due to the nature of such data, it may be possible to identify users by processing or combining such data with data governed by third parties.
Granlund only uses such data for the anonymous statistical analysis of the website and to ensure the proper functionality of the website.
Such data may also be used to investigate information security crimes and other crimes related to the website. In all cases other than the investigation of crimes, data related to contact on the website is immediately removed after processing, or no later than within seven days.
Cookies
In some cases, Granlund collects personal data using various methods, including cookies. Cookies are collected on data sent to the browser (which may be your browser) by the website. This data can be stored on the computer (which may be your computer) with identifiers that can be used to identify the computer, but not the user.
We may utilise cookies for the development of our services and website, the analysis of the website use, as well as the targeting and optimisation of marketing. The aim is to enable the proper functioning of the website and improve its usability, as well as statistically analyse the use of the website.
You can grant consent or reject the use of cookies when you start using our website, or by accessing the settings of your browser. Most browsers allow cookies automatically. Please note that blocking cookies may limit the functionality of our website.