Privacy Policy

Data privacy statement

1. Data Controller

ESiOR Ltd, VAT number: FI20675718
Tulliportinkatu 2 LT4, 70100, Kuopio

2. Register name

ESiOR Ltd’s marketing register

3. Contact person for register and data privacy issues

Data Protection Officer 
Tulliportinkatu 2 LT4
70100 Kuopio
tietosuojavastaava@esior.fi

4. Purposes and legal basis for processing of personal data

ESiOR Ltd fully complies with the requirements on data protection described in Regulation (EU) 2016/679, also known as the GDPR.

The purpose of processing personal data is to plan, design, implement, develop, and monitor sales, marketing, and communication with various stakeholders and to improve the user experience of the esior.fi webpages. Personal data can be analysed and processed to improve and target the marketing contents and to develop the business by creating different data subject profiles.

Personal data is processed for the purposes of the legitimate interests pursued by ESiOR or based on the data subject’s consent for one or more specific purposes (e.g., direct marketing, newsletter subscription, contact requests through forms, surveys).

5. Data Contents

We may collect, process, and store the following data:
a) Contact information: name, phone number, and e-mail address
b) Message subject and contents for contact forms
c) Information of given consents (e.g., newsletters, direct marketing, or other marketing communications)
d) Other information provided by the data subject (e.g., answers to survey questionnaires)
e) Data collected by cookies from visitors on our website. 

6. Data Sources

The register contains data collected from the data subject, various business information databases, company webpages, and cookies on ESiOR.fi webpages. The data subject may provide information through contact forms on our webpages, or by participating in different events, campaigns, studies, or surveys organised by ESiOR.

7. Data recipients and data transfers

Register data or right of access to the data will not be granted to third parties without the consent of the data subject unless required by applicable legislation.

Register data will be stored and processed using servers and software that are provided by ESiOR’s service providers. Should the servers be located outside the European Economic Area, the means of data transfers ensure adequate level of protection in accordance with the General Data Protection Regulations.

8. Data Retention Period

Personal data will be stored as long as necessary for carrying out the intended purposes of the processing. Personal data that is processed based on the data subject’s consent will be stored for the duration specified in the consent or until the subject withdraws the consent. Appropriate measures will be taken to delete redundant and outdated data from our systems safely and completely.

9. Data Protection

The electronic register is stored in a database that is protected byfirewalls, passwords, and other technical safety measures. Access rights to the register are only held by persons appointed by ESiOR, who have signed a non-disclosure agreement and whose job description necessitates the processing of such data. Every user has a personal username and password. Any non-electronic material will be stored in locked filing cabinets with restricted access.

10. Data subject rights

Data subjects have the following rights:
a) right of access – you have the right to access all personal data that we have on you,
b) right of rectification – you have the right to correct data that is incorrect or incomplete
c) right to be forgotten – you have the right to request erasure of any personal data that is stored on you,
d) right to restrict processing – you have the right to request that we limit the way we use your personal data,
e) right of portability – you have the right to request transfer of any personal data we have on you to another company,
f) right to object – you have the right to object certain types of processing, such as direct marketing and automated decision-making including profiling,
g) right to withdraw consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal),
h) right to lodge a complaint – you have the right to lodge a complaint with a supervisory authority if you consider that your rights under the general data protection regulation (GDPR) have been infringed. Contact information and guidance by the Finnish supervisory authority can be found at: www.tietosuoja.fi

Written requests to exercise data subject rights should be signed and sent by post or e-mail to the contact person for register and data privacy issues as detailed in section 3 above.

11. Approval

The data privacy statement has been approved on 23/8/2023.

 

Cookie Policy

We are using cookies on our website. By using our website you consent to the use of cookies in accordance with this Cookie Policy. If you do not consent to the use of cookies please disable them in your browser.