File description

File description in accordance with Section 10 of the Personal Data Act (523/99)

1.   Controller

Rapal Oy, Hevosenkenkä 3, 02600 Espoo, Finland,

2.   Contact person for matters relating to the personal data file

Marko Tenkanen,

3.   Name of the file

File established by Rapal Oy and its subsidiary for customer relationship and other related contacts

4.   Purpose of file

Personal data will be processed in respect of customer relationships and the related contacts for the purposes of relationship management, order delivery and invoicing, the verification of customer transactions, the exercising of rights and obligations by the parties concerned, the development and analysis of the controller’s activities, customer communications, profiling, service provision and personalization, marketing and advertising (including targeting), the prevention and investigation of abuses, and business planning and development. In addition, data can be processed on the basis of and in accordance with the consent of the data subject.

Personal data included in the file may be used subject to approval or prohibition, as permitted by the applicable legislation, for the controller's direct advertising, distance selling, other direct marketing, opinion polling and market research, or for other comparable personalized mailing.

5.   Data included in the file

The file comprises of information relating to developing and maintaining customer and potential customer relationships. The following categories of data can be processed in the file:

  • first and last names of the user and/or subscriber
  • the addresses, e-mail addresses and telephone numbers of the user and/or subscriber, and the related information such as country of residence and language
  • the name and contact information of the user's and/or subscriber's organization
  • the start and end times of the contact in question

In addition and as notified by the user and/or subscriber, the following categories of data in the file can be processed:

  • the status, title or occupation and duties of the user and/or subscriber
  • electronic identifiers, such as the address and web page of the user’s and/or subscriber’s social media profile
  • data of interest disclosed by the user and/or subscriber, and other data submitted via customer service or added to the file by the data subject him or herself
  • permissions and prohibitions announced by the user and/or subscriber
  • subjects of interest
  • event and user analysis data
  • location information
  • other data collected and derived from the use of the services, such as behavioral information based on data gathered via cookies
  • data – such as the terminal, IP address and operating system – relating to the device used by the person.

6.   Regular sources of data

Personal data will be collected from the data subject him/herself, or from a party that has made a group order on behalf of the data subject, by telephone, mail, e-mail or in a corresponding manner and, via cookies and other similar technologies, from the controller's systems during registration with and use of the services. Personal data may also be gathered from sources such as social media related to the activities of the controller and from which data on the data subject is available

7.   Disclosure and processing of data outside the EU or EEA

Within the permitted and statutory limits of the legislation in force, Rapal Oy may disclose data to parties such as the public authorities. Personal data will not be disclosed to third parties. Furthermore, no personal data will be transferred outside the EU or EEA, unless this is specifically agreed with the customer. The controller may, within the permitted and statutory limits of the legislation in force, disclose data for marketing purposes to parties such as partners selected by the controller, unless the data subject has prohibited such disclosure.

8.   Principle governing file protection

The controller must ensure that

  • Only persons designated by Rapal Oy, who have the right to process personal data based on their work, have access to personal data.
  • Such persons have access to the system via a personal username and password.
  • Data is collected in databases that are protected (using firewalls) by passwords and other technical means.

9.   Right to inspect, prohibit and correct data

The data subject has the right to inspect what data regarding him or her has been collected in the data file. Inspection requests must be sent in writing and signed by the person responsible for data file-related matters. Responses to inspection requests must be made no later than 2 weeks after a request has been submitted. The data subject has the right to prohibit the use of his or her data in direct advertising, distance selling or other direct marketing, and in opinion polling and market research, and to demand the correction of any erroneous data by contacting the person responsible for data file-related matters or notifying the controller’s support services of the matter.