Register and Privacy Policy
MARKETING REGISTER
This is 3D Formtech’s register and privacy policy in accordance with the EU General Data Protection Regulation (GDPR).
1. Data controller
3D Formtech Oy
Business ID: 2609118-2
Ahjokatu 14, 40320 Jyväskylä
2. Person responsible for the register
Toni Järvitalo, Managing Director
email: sales@3dformtech.fi
telephone: +358 40 836 2446
In all matters relating to the processing of personal data and in situations where the data subject wishes to exercise their rights, he or she is invited to contact the contact person mentioned above.
3. Name of the register
3D Formtech Oy’s marketing register
4. Legal basis and purpose of the processing of personal data
The data controller processes personal data for promoting sales, marketing communications and marketing announcements, including for the purposes of target marketing and electronic target marketing, opinion and market research, and the organization of marketing competitions and contests. The data controller also processes personal data for marketing planning and development purposes. The data subject shall have the right to object to marketing directed at him or her. Personal data shall be processed on the following legal bases:
(a) The data subject has given their consent to the processing of their personal data for the purposes of this privacy policy;
(b) The processing is necessary for the purposes of the legitimate interest pursued by the data controller; a legitimate interest of the controller may exist, for example, when there is a relevant an appropriate relationship between the data subject and the data controller, because the data subject or the data subject’s organization is a customer of the data controller, and when the processing is carried out for purposes which the data subject would reasonably expect at the time of collecting the personal data and in the context of the appropriate relationship.
The purposes of processing personal data include:
– Marketing. The data controller may contact the data subject to inform him or her of the benefits of the relationship or cooperation and to offer related services or products. The data controller may also process the data of the data subject for marketing surveys and customer surveys. The processing of the data of the data subject is based on the legitimate interest of the data controller to provide information as part of a service and to market other services of the data controller to the data subject. The data subject shall have the right to object at any time to the processing of their personal data for direct marketing purposes.
– Compliance with the law. The data controller may process the data of the data subject in order to comply with legal obligations and requests for information from public authorities based on law.
5. Regular sources of information
As a rule, the processed personal data are obtained from the data subject himself/herself. The information stored in the register is obtained from the customer through, for example, messages sent via web forms, answering a customer satisfaction survey, email, telephone, social media services, contracts, customer meetings and other situations where the customer discloses information.
6. Data content of the register
The data controller shall collect from the data subject personal data that are necessary for the purposes for which the register is used.
The register contains personal data of the following data subjects:
(a) Customers of the data controller with whom the data controller has an existing customer relationship
(b) Potential customers of the data controller who have expressed an interest in the data controller’s services on their own initiative
The register contains the following personal data:
(c) Basic information about the persons:
– name,
– address and domicile
– email address,
– telephone number and
– the identities/profiles of the data subject on social media services
(d) Consents and prohibitions based on electronic marketing
(e) The types of products and services of interest to the customer and other additional information provided by the customer in a free-form format
7. Regular disclosures and transfers of data outside the EU/EEA
The data shall not be transferred outside the EU/EEA.
8. Recipients of personal data and regular transfers of data
The data controller uses contractors, i.e. data processors, to carry out processing tasks on its behalf, to whom personal data shall be transferred for processing in accordance with the contract of agency and its data protection conditions. Such data processors shall include providers of ICT, surveys and communication and marketing services.
9. Principles for the protection of the register
The data controller shall process personal data in a manner designed to ensure appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction or damage. The data controller shall use appropriate technical and organizational safeguards to ensure this objective, including the use of firewalls, encryption techniques and secure equipment rooms, appropriate access control, careful management of user IDs for information systems and training of staff involved in the processing of personal data. All employees who process personal data shall be bound by the Employment Contracts Act (55/2001) and the supplementary confidentiality agreements on matters relating to the processing of the data subjects’ personal data.
10. Rights of the data subject
Right of access to personal data
The data subject shall have the right to obtain confirmation as to whether personal data concerning him or her are being processed and, if so, to obtain a copy of their personal data.
Right to rectification
The data subject shall have the right to request that inaccurate or incorrect personal data concerning him or her be corrected. The data subject shall also have the right to have incomplete personal data completed by providing the necessary additional information.
Right to erasure
The data subject shall have the right to request the erasure of personal data concerning him or her if
a. the personal data are no longer needed for the purposes for which they were collected;
b. the data subject withdraws the consent on which the processing of personal data was based, and there is no other lawful basis for the processing; or
c. the personal data have been unlawfully processed.
Right to restriction of processing
The data subject shall have the right to restrict the processing of personal data concerning him or her if
a. the data subject contests the accuracy of their personal data;
c. the processing is unlawful, and the data subject objects to the erasure of their personal data, and requests the restriction of their use instead; or
c. the data controller no longer needs the personal data for the purposes for which they were originally processed, but the data subject needs them for the establishment, exercise or defense of legal claims.
Right to object
The data subject shall have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning him or her. The data controller shall no longer process the personal data of the data subject, unless the data controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling where it relates to such direct marketing.
Right to withdraw consent
The data subject shall have the right to withdraw their consent to processing at any time, without prejudice to the lawfulness of the processing carried out on the basis of that consent.
The right to transfer data from one system to another
The data subject shall have the right to receive personal data concerning him or her and provided by him or her in a structured, commonly used and machine-readable format, and the right to transmit such data to another data controller.
Right to lodge a complaint with a supervisory authority
The national supervisory authority for personal data matters is the Office of the Data Protection Ombudsman, a part of the Ministry of Justice. The data subject shall have the right to refer your case to the supervisory authority if he or she considers that the processing of personal data concerning him or her infringes the relevant legislation. The data controller may, if necessary, ask the referrer to prove their identity. The data controller shall respond to the customer within the time limit set by the EU General Data Protection Regulation (usually within one month). Requests concerning the exercise of the rights of the data subject shall be sent to sales@3dformtech.fi.
11. Changes to the privacy policy
The data controller is constantly developing its operations and may need to change and update its privacy policy as necessary. Changes may also be based on changes in data protection legislation. If the changes involve new purposes for the processing of personal data or otherwise change significantly, the data controller shall give prior notice and, if necessary, request consent.
12. Data retention period
The data controller shall only keep the data for as long as necessary for the purposes for which the register is used and for the purposes of the legislation applicable to the data controller. Marketing consents for basic customer data are retained for 2 years. The need to keep the data subject’s information for sales and marketing purposes and the accuracy of this information shall be verified annually. Unnecessary and outdated data shall be deleted when the accuracy of the data is checked and at other times as needed.
CUSTOMER REGISTER
This is 3D Formtech’s register and privacy policy in accordance with the EU General Data Protection Regulation (GDPR).
Prepared 28 September 2021. Latest change 28 September 2021.
1. Data controller
3D Formtech Oy
Business ID: 2609118-2
Ahjokatu 14, 40320 Jyväskylä
2. Person responsible for the register
Toni Järvitalo, Managing Director
email: sales@3dformtech.fi
telephone: +358 40 836 2446
In all matters relating to the processing of personal data and in situations where the data subject wishes to exercise their rights, he or she is invited to contact the contact person mentioned above.
3. Name of the register
3D Formtech Oy’s customer register
4. Legal basis and purpose of the processing of personal data
The legal basis for the processing of personal data is:
• Consent of the data subject to the processing of personal data
• Contractual relationship between the data subject and the data controller
• Implementation of the data controller’s legal obligations
• Legitimate interest of the data controller
The purposes of processing personal data include:
– The collection of information from a company or individual who has a customer or business relationship with the data controller, i.e. the data subject, which is necessary for the management of the customer or business relationship.
– The information collected in the register shall be used to maintain the customer or partner relationship and for delivery and invoicing of purchased products or services.
– Marketing. The data controller may contact the data subject to inform him or her of the benefits of the relationship or cooperation and to offer related services or products. The data controller may also process the data of the data subject for marketing surveys and customer surveys. The processing of the data of the data subject is based on the legitimate interest of the data controller to provide information as part of a service and to market other services of the data controller to the data subject. The data subject shall have the right to object at any time to the processing of their personal data for direct marketing purposes.
– Service development, data security, and internal reporting. The controller shall also process the data of the data subject in order to ensure the security of the services and the website, to improve the quality of the service and the website, and to develop the service. The data controller may also compile internal reports based on personal data for management use and operations management. In these cases, the processing of personal data shall be based on the legitimate interest of the data controller to ensure the proper security of the services and the website, and to obtain sufficient and appropriate information for the development of services and the management of activities.
– The IP addresses of website visitors and the cookies necessary for the operation of the service shall be processed for legitimate interests, such as data security and the collection of statistical data on website visitors where they can be considered as personal data. Third party cookies shall be subject to separate consent when necessary.
– Compliance with the law. The data controller may process the data of the data subject in order to comply with legal obligations and requests for information from public authorities based on law.
5. Regular sources of information
As a rule, the processed personal data are obtained from the data subject himself/herself. The information stored in the register is obtained from the customer through, for example, messages sent via web forms, answering a customer satisfaction survey, email, telephone, social media services, contracts, customer meetings and other situations where the customer discloses information. Information on contact persons of businesses and other organizations may also be collected from public sources such as websites, directory services and other businesses.
6. Data content of the register
The data controller shall only collect personal data from the data subject that are relevant and necessary for the purposes of use described in this privacy policy.
The following information about data subjects shall be processed:
• Name
• Date of birth or business ID
• Address and domicile
• Billing information
• Email addresses and telephone numbers
• Addresses of websites
• IP address of the network connection
• The identities/profiles of the data subject on social media services
• Information on ordered services and any changes to them, and other related information
• 3D models provided by the data subject
7. Regular disclosures and transfers of data outside the EU/EEA
Data shall not be routinely transferred outside the EU/EEA.
8. Principles for the protection of the register
The data controller shall process personal data in a manner designed to ensure appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction or damage. The data controller shall use appropriate technical and organizational safeguards to ensure this objective, including the use of firewalls, encryption techniques and secure equipment rooms, appropriate access control, careful management of user IDs for information systems and training of staff involved in the processing of personal data. All employees who process personal data shall be bound by the Employment Contracts Act (55/2001) and the supplementary confidentiality agreements on matters relating to the processing of the data subjects’ personal data.
9. Rights of the data subject
Right of access to personal data
The data subject shall have the right to obtain confirmation as to whether personal data concerning him or her are being processed and, if so, to obtain a copy of their personal data.
Right to rectification
The data subject shall have the right to request that inaccurate or incorrect personal data concerning him or her be corrected. The data subject shall also have the right to have incomplete personal data completed by providing the necessary additional information.
Right to erasure
The data subject shall have the right to request the erasure of personal data concerning him or her if
a. the personal data are no longer needed for the purposes for which they were collected;
b. the data subject withdraws the consent on which the processing of personal data was based, and there is no other lawful basis for the processing; or
c. the personal data have been unlawfully processed.
Right to restriction of processing
The data subject shall have the right to restrict the processing of personal data concerning him or her if
a. the data subject contests the accuracy of their personal data;
c. the processing is unlawful, and the data subject objects to the erasure of their personal data, and requests the restriction of their use instead; or
c. the data controller no longer needs the personal data for the purposes for which they were originally processed, but the data subject needs them for the establishment, exercise or defense of legal claims.
Right to object
The data subject shall have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning him or her.
The data controller shall no longer process the personal data of the data subject, unless the data controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling where it relates to such direct marketing.
Right to withdraw consent
The data subject shall have the right to withdraw their consent to processing at any time, without prejudice to the lawfulness of the processing carried out on the basis of that consent.
The right to transfer data from one system to another
The data subject shall have the right to receive personal data concerning him or her and provided by him or her in a structured, commonly used and machine-readable format, and the right to transmit such data to another data controller.
Right to lodge a complaint with a supervisory authority
The national supervisory authority for personal data matters is the Office of the Data Protection Ombudsman, a part of the Ministry of Justice. The data subject shall have the right to refer your case to the supervisory authority if he or she considers that the processing of personal data concerning him or her infringes the relevant legislation. The data controller may, if necessary, ask the referrer to prove their identity. The data controller shall respond to the customer within the time limit set by the EU General Data Protection Regulation (usually within one month). Requests concerning the exercise of the rights of the data subject shall be sent to sales@3dformtech.fi.
10. Changes to the privacy policy
The data controller is constantly developing its operations and may need to change and update its privacy policy as necessary. Changes may also be based on changes in data protection legislation. If the changes involve new purposes for the processing of personal data, or otherwise change significantly, the data controller shall give prior notice and, if necessary, request consent.
11. Data retention period
The data controller shall only keep the data for as long as necessary for the purposes for which the register is used and for the purposes of the legislation applicable to the data controller.
The need to keep the data subject’s information for sales and marketing purposes and the accuracy of this information shall be verified annually. Unnecessary and outdated data shall be deleted when the accuracy of the data is checked and at other times as needed.