Processing personal data
Heinola Sawmill Machinery Inc., business ID 0845086-6, P.O. Box 24, 18100 Heinola (“The Company” or “we”) takes every necessary action to ensure that personal data concerning our customers and contractual and collaboration partners is processed in a legal, appropriate and transparent manner.
The Company is committed to protecting its customers’ personal data, and it is important for the Company to ensure that personal data is processed in a secure manner. We comply with all applicable laws and regulations governing the protection of personal data, such as the Personal Data Act, the Information Society Code as well as the EU Data Protection Directive 95/46/EC, the Privacy and Electronic Communications Directive 2002/58/EC, the EU’s General Data Protection Regulation 2016/679 (GDPR), any changes and additions to such laws and regulations as well as superseding regulations. We use appropriate technical and organisational measures, which are in proportion to the amount and sensitivity of the personal data.
For more information about collecting, processing, and storing data obtained through cookies, please see “Cookies” below.
What personal data do we collect and from where?
When a customer or partner uses our services, they may provide us with information that can be deemed to be personal data according to the existing data protection laws.
The types of personal data we collect include the following:
- name and contact details, such as address, mobile phone number and email address
personal identity number
- delivery and billing details, payment information and other information provided in connection with a purchase or delivery of a product or service
- various demographic details
- information on the preferences and interests based on the use of the Company’s website
- user ID and password to our services
- other information pertaining to customer surveys, advertising/marketing and promotions
- other information that a user chooses to submit to us using our website
We can collect personal data from the following sources:
- Heinola Sawmill Machinery Inc. website when a user visits our website, orders a product, subscribes to our newsletter or takes part in one of our competitions
- third parties, which may be companies in the group or companies that the Company uses to add to its customer database
Why do we process personal information?
If a customer or a partner works with us as a buyer or supplier, they have entered into an agreement with the Company. As a result, we will process their personal data to handle the purchase or order as well as to deliver the product or service.
In addition to fulfilling orders for products and services, the Company may process personal data for other lawful purposes as described below.
- Implementation of an agreement: processing and managing purchases and deliveries, making payments and granting access rights to the Company’s website and the services provided there (i.e. our customer support).
- Consent: direct marketing (via post or email), customer surveys, customer support and newsletters.
- Compliance with a legal obligation: we retain billing information in accordance with the applicable accounting laws and regulations.
- Legitimate interest: in order to fulfil our commitments and to provide our products and our services and to improve them, we also need to collect personal data in some other cases, for example, by analysing our customers’ buying behaviour in order to be able to provide them with interesting information and offers as well as for statistical purposes.
If a service we offer requires a customer’s consent, we always ask for the customer’s explicit consent to process personal data for the purpose of such service. We ask for customers’ consent when, for example, they want to subscribe to the Company’s newsletter or create an account on one of the Company’s websites.
Retention of personal data
The Company takes every reasonable step to ensure that personal data is processed and stored securely. Customers’ personal data is never retained for longer than permitted by law or than is required for the above-mentioned purposes. We process personal data within the following timeframes.
- Customer or partner: if a person is the Company’s customer or partner, their personal data is stored until they end the customer relationship or collaboration but no longer than three years after the last order. This condition does not apply to situations where we need to retain personal data longer for any of the following reasons.
- Implementation of an agreement: personal data given to the Company (name, personal identity number, address, telephone number, email address, billing and delivery details) will be retained for as long as necessary so that the Company can implement an agreement made with the customer or partner. This includes, for example, the fulfilment of warranty obligations.
- Legal obligations: the Company saves all documentation which belongs to the accounts according to accountancy legislation.
- Consent: in situations where we process personal data on the basis of consent, we only retain personal data for as long as the consent is valid.
Direct marketing: we can retain a customer’s or a partner’s personal data for purposes of direct marketing for up to four years from the expiration of the contract or the end of the customer or other collaborative relationship unless the customer objects to the processing of their personal data for the purposes of direct marketing.
Transfer of personal data
- Partners who do not belong to the same group with the Company: our partners, i.e. companies approved by the Company which do not belong to the same group as the Company, can have access to personal data in order to provide customers with access to particular data or to send customers offers related to products or services.
- Integration with private and public registers: the Company can add additional information to customers’ or partners’ personal details by collecting information from private and public registers. In this way, customers’ or partners’ personal data can be supplemented and updated.
- Business operations: if the Company’s business operations or part of them are sold to or merged with another business unit or company, our customers’ or partners’ personal data can be disclosed to our advisers, potential buyers or their advisers, and can be transferred to the new owners.
- Legal obligations: customers’ and partners’ personal data may also be disclosed in order for the Company to fulfil its statutory obligations, and it can be transferred to police and other authorities if the law permit or demands this.
The types of transfers described above can only be performed to (a) companies located within the EU or the EEA (i.e. EU Member States, Iceland, Norway and Liechtenstein); or (b) to a company in a third country if the European Commission has determined that the country or an area in it, or one or more specific sectors can guarantee an adequate level of data protection, or (c) to a company in a third country if the data controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
Withdrawal of consent
If we process a customer’s personal data on the basis of consent, for the subscription of newsletters, for example, the customer can withdraw their consent at any time by contacting the Company. Consent can be withdrawn in part or in full. If a customer no longer wants to receive marketing materials or offers from us, they can withdraw their consent by contacting the Company, or, if the material is sent by email, by clicking the link in the email.
Rights of customers and partners
Customers and partners have the right to request information about what data concerning themselves we process and how we use said data by contacting us in writing (please see contact details below). If a customer or partner has a user account on one of our websites, they can change their personal details at any time through their account settings. They can also contact the Company (contact details can be found below). Customers and partners also have the right to request that inaccurate or incomplete data be rectified by contacting the Company. In order to protect our customer or partner and their personal data, we may ask them to identify themselves when offering support services.
On the basis of the current data protection laws, customers and partners also have the right to request that their personal data be erased or that the processing of their personal data be restricted. In some situations, customers and partners may also have the right to object to the processing of their personal data and request for all their personal data to be transferred electronically.
Customers and partners can file a complaint with data protection authorities (the Data Protection Ombudsman in Finland) if they think that the Company has processed their personal data unlawfully.
Cookies are usually classified on the basis of their origin and whether or not they are saved on the browser. Cookies can either come from a website visited (primary cookies) or from another organisation that provides services to the current website, such as analytics or statistics companies (third-party cookies). Cookies can also be divided into session cookies and persistent cookies. A session cookie is sent to the computer so that the website would work as expected during the visit. A cookie is not saved on the computer but it is deleted when the browser is closed. A session cookie is activated, for example, when the user returns to a section on a website that they visited before, and it also makes it easier to move around on a website. A persistent cookie is saved in the browser, and it allows the website to identify the computer’s IP address even if the computer is turned off or the user logs off between sessions. A cookie remains in place for six months before it is deleted.
The Company uses both session cookies and persistent cookies in its website. Both types of cookies are required, mainly for the provision of the services, for the improvement of the quality of our products and services, for the provision of additional functionalities and to make it easier to send interesting and customised advertising and marketing materials to our customers. The Company also uses third-party cookies by Google Analytics to determine how the information on the Company website can be adapted and developed in the best possible way.
Most browsers accept cookies by default. It is easy to prevent the Company website from saving cookies on your computer, and cookies can be blocked or removed by changing your browser settings. Please note that if you choose to block cookies, some website functionalities may cease to function safely and properly, and it is possible that some services cannot be delivered. Information on how to change cookie settings can be found on the browser’s help page or a browser add-on.
If the amendments concern the processing of personal data based on users’ consent, we give the users the opportunity to give their consent to the processing in accordance with the new terms.
Heinolan Sahakoneet Oy
Heinola Sawmill Machinery Inc.
P.O. Box 24
18100 Heinola, Finland
Tel. +358 3 8484 11