Skip to content
Kilatia

Privacy Policy

Hereinafter referred to as the Company

Data protection officer and/or contact person

Maria Ala-Luopa

040 768 2132

maria.ala-luopa@kilatia.fi

Name of the register

Customer and marketing register

This privacy policy applies to the processing of personal data related to our website, marketing, customer relationship management, and the products and services we offer.

Personal data collected and data sources

We collect personal data necessary for managing the customer relationship.

Data categoryExamples of data content
Identification and contact informationName and contact details of the customer and/or representative.
Data concerning products, services, orders, and customer communicationOrder information, delivery times, and data related to contracts, invoicing, customer communication, and complaints.
Data related to marketing (including direct marketing), events, and consents and prohibitions given by the data subjectContact information for marketing purposes, and data collected in connection with events. Consents and prohibitions regarding direct marketing.
Data concerning the use of websites and other electronic servicesIP address, electronic communication identifiers, browsing and search data, browser and operating system information, and registration data.

We collect personal data from the data subjects themselves, as well as from publicly available registers maintained by authorities and other external sources, such as the trade register or similar public business registers. We also collect data from contact form submissions and use it for the customer relationship management purposes described above.

Purpose and legal basis for processing personal data

Personal data is processed within the limits permitted by applicable legislation for the following purposes:

  • delivery of products and services and entering into customer agreements (contractual relationship or preparation thereof)
  • customer relationship management (legitimate interest)
  • informing about and providing guidance on services (legitimate interest)
  • testing of online services (legitimate interest)
  • development of products and services (legitimate interest)
  • collection and analysis of user statistics (consent, legitimate interest)
  • improving user experience on our website and other services (consent, legitimate interest)
  • invoicing, credit decisions, and debt collection (legitimate interest)
  • marketing communications (legitimate interest)
  • direct marketing, including electronic direct marketing and telemarketing, as well as planning and measuring the effectiveness of advertising and marketing, and combining and updating personal data for direct marketing purposes (legitimate interest, consent)
  • management of stakeholder relations and subcontracting and cooperation with service providers (legitimate interest, contractual relationship or preparation thereof)
  • internal reporting and other administrative measures (compliance with legal obligation)
  • handling warranty and liability matters, processing complaints, and managing court and authority proceedings (legitimate interest)
  • prevention and investigation of misuse, and ensuring information security, personal safety, and property security (legitimate interest)
  • fulfilling other statutory obligations (e.g., accounting and tax-related measures) and reporting obligations

When the processing of personal data is based on the consent given by a person, the person may withdraw their consent at any time by notifying the contact person mentioned above.

The processing of personal data may be necessary for the realization of the legitimate interests of the customer relationship between the Company and the data subject. The Company has a legitimate interest to process personal data for marketing, service, and customer analyses and service testing. Processing for marketing purposes may also involve profiling. In such cases, the data subject has the right to object to the processing of personal data. When personal data is processed based on a legitimate interest, we have assessed the benefits of the processing and the potential harm to the data subject, and we conclude that the rights and interests of the data subjects do not override the legitimate interest. We will provide further information on the processing of personal data based on legitimate interest upon request.

Data processors

Access to personal data is limited to persons responsible for customer relationship management and marketing.

Recipients of personal data

Various service providers and other third parties, such as providers of technical solutions or server space, or accounting and financial management service providers, may also be used in the processing of personal data. We ensure that the agreements required by data protection legislation are in place with the parties we use for processing personal data.

Personal data may be disclosed to third parties in situations required by legislation or authorities, or for investigating misuse and ensuring security. In addition, personal data may need to be disclosed in connection with court proceedings or similar legal proceedings.

If the Company is involved in a merger, business acquisition, or other corporate arrangement, personal data may be disclosed to the parties of the arrangement or parties assisting in the arrangement.

We will provide further information on the recipients of personal data upon request.

Transfer of personal data outside the European Economic Area

Personal data is not transferred outside the European Union or the European Economic Area unless it is necessary for the technical implementation of the service. In possible situations of data disclosure and transfer, the level of data protection required by data protection legislation and other necessary safeguards are observed.

We will provide further information on the transfers of personal data and the safeguard mechanisms used upon request.

Cookies

We use cookies and other similar technologies on our website. A cookie is a small text file that the browser stores on the user's device. Cookies contain an anonymous, unique identifier that allows us to identify and count the different browsers visiting our site. The purpose of using cookies and other similar technologies is to analyze and further develop our services to better serve users and to target advertising. Users can manage their consent through the cookie tool on our website.

Protection of personal data

We protect personal data with appropriate technical and organizational measures. Data is collected into databases that are protected by firewalls, passwords, and other technical security measures. The databases and their backups are located in locked and guarded premises, and only certain pre-designated persons have access to the data.

Retention period and disposal of personal data

Personal data is retained for as long as it is needed for the purpose for which it was collected and processed, or for the performance of a contract, or for as long as required by law and regulations. After this, personal data is properly destroyed.

Rights of the data subject

The data subject has the following rights:

  1. Right of access to personal data. The data subject has the right to obtain confirmation of whether their personal data is being processed and other information on the processing of personal data in accordance with data protection legislation. The data subject has the right to obtain a copy of their personal data.
  2. The data subject may request the rectification of data if the data is incomplete or inaccurate.
  3. The data subject may request the deletion of data when there is no reason under data protection legislation for processing that is independent of the data subject's consent.
  4. The data subject has the right to restrict the processing of personal data if the accuracy or legality of the data so requires, or if the data subject requests the restriction of the processing of personal data to only the storage of data in accordance with the right of objection. The data subject has the right to object to the processing of data for direct marketing purposes on the basis of the Company's legitimate interest.
  5. The data subject may request the transfer of data to another controller. The right to data portability applies in principle to personal data that the data subject has provided to the controller in a structured and machine-readable format, the processing of which is based on the data subject's consent or a contract, and/or is carried out automatically.
  6. Right to withdraw consent. If the processing of personal data is based on the consent given by the data subject, the data subject has the right to withdraw their consent to the processing of their personal data. The withdrawal of consent does not affect the processing carried out prior to the withdrawal.
  7. The data subject should send requests concerning their rights in writing or by email using the following contact details:

Kilatia Suomi Oy Data access / other personal data request

The identity of the person making the request may be verified before the request is processed. The Company responds to requests within 1 month of the request being made, unless there are special reasons to extend the response time.

The data subject has the right to lodge a complaint with the competent data protection authority if the data subject considers that their personal data has been processed in violation of data protection legislation.

Contact details of the Finnish data protection authority