Privacy statement

On this page, you will find the register descriptions of the customer records, marketing and stakeholder register in accordance with the Privacy Policy.

 

General customer register, Comatec Group, Insinööritoimisto Comatec Oy and its subsidiaries

1a Controller

Name: Insinööritoimisto Comatec Oy (Business ID: 0946936-6)
Address: Kalevankatu 7 C, Tampere, Finland
Other contact details: Tel. +358 29 000 2000

2 Contact person in matters concerning the data register

Name: Maria Uurto, Communications Manager
Address: Kalevankatu 7 C, Tampere, Finland
Other contact details (e.g. telephone number during business hours, email address): Tel. +358 40-7426467, maria.uurto@comatec.fi

3 Name of data register

General customer register, Comatec Group, Insinööritoimisto Comatec Oy and its subsidiaries

4 Purpose of and basis for personal data processing

Group of data subjects

Contact persons in customer organisations

Purpose of use

Maintaining and developing customer relationships, marketing and providing information about services, as well as statistical purposes and analytics related to marketing

Basis for processing

Legitimate interest, agreement

5 Data content of register

The data register may contain information necessary for the identification of data subjects, as well as other information necessary for its purpose of use, such as the following:

6 Regular data sources

The processing of personal data is based on Comatec’s legitimate interest or an agreement. Information about the data subjects is collected from the data subjects themselves when contacting customer organisations, potential customer organisations or stakeholders by telephone, via the Internet, by email or in conjunction with marketing measures, such as events. In certain cases, we may also collect information from Posti’s address information system, telephone companies’ contact information registers and similar private and public registers.

7 Regular disclosure of data

Data is regularly disclosed only to third-party service providers for the implementation of customer and market surveys and similar reports concerning Insinööritoimisto Comatec Oy and its subsidiaries.
In addition, data may be disclosed to subcontractors of Insinööritoimisto Comatec Oy and its subsidiaries if so required for customer relationship management, by means of proxy by the customer or at the request of the customer for a specific purpose.
For the collection of overdue invoices, specific data may be disclosed to the company assigned to provide the service in question.

8 Transfer of data to non-EU or non-EEA countries

Data is not transferred or disclosed regularly to non-EU or non-EEA countries. However, if necessary, data may be transferred to non-EU or non-EEA countries in accordance with the data protection legislation and its scope of application.

9 Principles of data register protection

Printed material

Comatec does not collect printed material about customer organisations, potential customer organisations or other stakeholders.

Electronic material

Electronic material is stored on a server maintained in a locked facility that can only be accessed by designated people because of their duties. The personal data stored in the system can only be accessed by people who are authorised to process the data because of their work and who need the data in their work. These environments are protected by means of appropriate firewalls and technical protection measures, such as user IDs and passwords.

10 Right of access

Data subjects have a right of access to personal data stored about them in the register. The data contained in the register will only be submitted in writing to the postal address indicated in the customer’s contact information.

Data subjects are entitled to review the data stored about them. Review requests must be submitted in writing, signed by the data subject, to Insinööritoimisto Comatec Oy, Communications, Kalevantie 7 C, 33100 Tampere, Finland. “Request to review personal data” must be indicated on the envelope. The review request must contain the following information: name, name of the data register, full address information and telephone number.

11 Right of rectification

In accordance with the EU General Data Protection Regulation, data subjects have a right rectification, erasure or completion with regard to data stored in the register that is erroneous, unnecessary, incomplete, outdated or against the purpose of the register. To the extent that the data subject cannot rectify the data themselves, rectification requests must be submitted in accordance with section 10 of this privacy statement.

12 Other rights related to the processing of personal data

In accordance with the EU General Data Protection Regulation, data subjects have the right to request a restriction of the processing of their personal data and file a complaint with the supervisory authorities if the controller has failed to comply with the current General Data Protection Regulation in their operations.


General marketing and stakeholder register, Comatec Group, Insinööritoimisto Comatec Oy and its subsidiaries

1a Controller

Name: Insinööritoimisto Comatec Oy (Business ID: 0946936-6)
Address: Kalevankatu 7 C, Tampere, Finland
Other contact details: Tel. +358 29 000 2000

2 Contact person in matters concerning the data register

Name: Maria Uurto, Communications Manager
Address: Kalevankatu 7 C, Tampere, Finland
Other contact details (e.g. telephone number during business hours, email address): Tel. +358 40-7426467, maria.uurto@comatec.fi

3 Name of data register

General customer register, Comatec Group, Insinööritoimisto Comatec Oy and its subsidiaries

4 Purpose of and basis for personal data processing

Group of data subjects Purpose of use Basis for processing
Subscribers to the newsletter Preparing newsletters, as well as statistical purposes related to providing information about services, marketing and delivering newsletters. Public interest, agreement
Contacts in potential customer organisations Preparing newsletters and statistical purposes related to delivering newsletters, as well as marketing and providing information about services. Public interest, legitimate interest
Stakeholder groups Marketing and providing information about services or matters related to Comatec, as well as statistical purposes related to delivery. Public interest
Participants in events Communication concerning events organised by Comatec, as well as technical arrangements related to events. Data is also used to provide information about services and for marketing, as well as statistical purposes related to delivery. Public interest, agreement

5 Data content of the register

The data register may contain information necessary for the identification of data subjects, as well as other information necessary for its purpose of use, such as the following:

6 Regular data sources

The processing of personal data is based on Comatec’s legitimate interest, an agreement or the public interest. Information is collected from the data subjects themselves when contacting customer organisations, potential customer organisations or stakeholders by telephone, via the Internet, by email or in conjunction with marketing measures, such as events. In certain cases, we may also collect information from Posti’s address information system, telephone companies’ contact information registers and similar private and public registers.

7 Regular disclosure of data

Data is regularly disclosed only to third-party service providers for the implementation of customer and market surveys and similar reports concerning Insinööritoimisto Comatec Oy and its subsidiaries.

In addition, data may be disclosed to subcontractors of Insinööritoimisto Comatec Oy and its subsidiaries if so required for customer relationship management, by means of proxy by the customer or at the request of the customer for a specific purpose.

8 Transfer of data to non-EU or non-EEA countries

Data is not transferred or disclosed regularly to non-EU or non-EEA countries. However, if necessary, data may be transferred to non-EU or non-EEA countries in accordance with the data protection legislation and its scope of application.

9 Principles of data register protection

Printed material

Comatec does not collect printed material about customer organisations, potential customer organisations or other stakeholders.

Electronic material

Electronic material is stored on a server maintained in a locked facility that can only be accessed by designated people because of their duties. The personal data stored in the system can only be accessed by people who are authorised to process the data because of their work and who need the data in their work. These environments are protected by means of appropriate firewalls and technical protection measures, such as user IDs and passwords.

10 Right of access

Data subjects have a right of access to personal data stored about them in the register. The data contained in the register will only be submitted in writing to the postal address indicated in the customer’s contact information.

Data subjects are entitled to review the data stored about them. Review requests must be submitted in writing, signed by the data subject, to Insinööritoimisto Comatec Oy, Communications, Kalevantie 7 C, 33100 Tampere, Finland. “Request to review personal data” must be indicated on the envelope. The review request must contain the following information: name, name of the data register, full address information and telephone number.

11 Right of rectification

In accordance with the EU General Data Protection Regulation, data subjects have a right of rectification, erasure or completion with regard to data stored in the register that is erroneous, unnecessary, incomplete, outdated or against the purpose of the register. To the extent that the data subject cannot rectify the data themselves, rectification requests must be submitted in accordance with section 10 of this privacy statement.

12 Other rights related to the processing of personal data

In accordance with the EU General Data Protection Regulation, data subjects have the right to request a restriction of the processing of their personal data and file a complaint with the supervisory authorities if the controller has failed to comply with the current General Data Protection Regulation in its operations.