Updated 30 March 2018
The careful and appropriate processing of your personal data is of primary importance to the Koskisen Group (Koskisen Oy, Koskitukki Oy, Kosava-Kiinteistöt Oy, Koskisen Sp.Zo.o.). We comply with data protection legislation and good data management and processing practices when processing your personal data, and we make sure that your privacy is not compromised.
Processing your personal data allows us to serve you better. We collect and utilise personal data to produce products and services and to develop and offer new services. This allows us to better respond to your needs.
We may periodically change our data protection practices as we develop our services or as legislation changes. You can find the latest version of our data protection practices on this page.
In this Privacy Statement, we describe in greater detail, for instance:
We recommend reading our Privacy Statement. By using our services, the user agrees to the terms of this Privacy Statement.
When processing our customers’ personal data, we always comply with the basic principles of the General Data Protection Regulation (GDPR):
We collect your personal data to enable us to offer you high-quality and personalised products and services, as well as better customer service. We want to continuously improve quality and develop our operations. Your personal data may be used to develop our products, services, customer service, sales and marketing. Your personal data may be used to offer products and services, to respond to your requests and enquiries, to activate sales and purchase agreements, to process orders and to complete other similar activities.
We also use your personal data for our customer communications. We may, for example, send you bulletins and notifications of a change concerning our products and services. We may use your personal data for product and service marketing and for market research with your permission or when otherwise allowed. We may furthermore use your personal data to target our products and services to you, for example, by recommending or displaying targeted content in our service.
With your consent and to the extent permitted by law, we may also combine the data collected in connection with a certain product and/or service of ours with the data collected in connection with our other products and/or services.
We process data on the following grounds based on data protection legislation:
We collect from you only personal data that is necessary for a pre-determined purpose. The purpose defines what kind of data is collected about you and in which situations. As we collect personal data, we tell you what data is required in order to use the service and what data you can consent to give.
Data given by the user or personally identifying information: We collect data given by users, for instance, in order to deliver and invoice an order or service, to manage and develop a customer account, and for marketing and opinion surveys. Without contact or invoicing data, we cannot deliver a product or service that a customer has ordered. We may also collect other user data in order to tailor our content and marketing to better correspond to the customer’s preferences. The following are examples of data given by the user or information that is otherwise personally identifying:
Data observed through use of the services: We automatically collect data through cookies and similar technology which helps us to understand the number of users our services have, the content and ads that are popular, and how much time users spend looking at content and ads. This data helps us develop our services and our business, tailor content according to users’ probable areas of interest, target advertising and marketing communications and prevent and detect abuse. This data includes, e.g.
Data derived from use of the services: With the use of analytics, we can determine based on the data observed through the services and/or the data given by the user him-/herself, e.g. the possible areas of interest to the user, and segment the user into a specific group of users. We use the data for statistics and analyses, to develop services and business and to tailor content, advertising and marketing messages.
If we use data for purposes other than what is mentioned above, we make sure that the processing is compatible with the purpose for which the data was originally collected.
We collect your personal data primarily directly from you, either orally or in writing. Your personal data is collected, e.g., when you become our customer, in connection with the sale and use of products and services, in connection with marketing campaigns or surveys and when you otherwise do business with us. You give us data, e.g. when you request services, participate in surveys or campaigns or answer questions in connection with the services we offer. The data may also be observed or derived from the use of the services. The data may be collected by us or our partners through an assignment.
In addition, we obtain data from registers maintained by authorities, from credit information and customer default registers and other reliable public or private registers, e.g. the Business Information System.
We use session cookies and persistent cookies. Session cookies are temporary, i.e. they exist only when you visit the website and are automatically erased when you close your browser. Persistent cookies remain for a certain period of time and are saved in the computer even after the session ends, unless you delete them yourself before then.
Cookies do not harm your device or your files.
You can adjust your cookies, e.g., through your browser settings. More information about cookies is contained in the data protection or instruction documentation of each browser.
We process your personal data in compliance with the General Data Protection Regulation (GDPR), in a manner that respects your rights and freedoms. We ensure compliance with data protection principles in all stages of personal data processing.
Your data is processed only by employees of the Koskisen Group or its partners who have the right to process personal data. We ensure the data protection awareness and knowledge of personnel through continuous training and up-to-date guidelines.
Your personal data may be processed in several IT systems that are administered by either Koskisen Group or its partners.
We have valid GDPR-compliant contracts in place with our partners. Under these contracts, we have received sufficient guarantees from the personal data processors that the personal data processing performed by them fulfils the requirements of the GDPR.
In connection with personal data processing, we have produced appropriate technical and organisational measures for the implementation of data protection principles. Such measures include the use of firewalls, encryption technology, secure use of IT areas, appropriate access control, restricted granting of user rights and monitoring of their use, providing instructions to personnel participating in personal data processing and careful selection of subcontractors.
In principle, we do not disclose your personal data.
Koskisen Group may purchase certain personal data processing services from partners. We have chosen as our partners only personal data processors that abide by good personal data processing practices, using appropriate technical and organisational measures, and which fulfill the requirements of the GDPR and are capable of ensuring the exercising of your rights.
A written contract is concluded with all partners, specifying the object, purpose and duration of the personal data processing, as well as the agreed personal data to be processed.
In addition, personal data is disclosed in a manner based on legislation in force at a given time, according to the statutory requirements of the competent authorities or other parties.
In principle, we only process your personal data within the EU or EEA.
If, in certain exceptional cases, we transfer the personal data outside the EU or EEA, we ensure a sufficient level of personal data protection by, among other things, agreeing on matters related to the confidentiality and processing of personal data in the manner prescribed by legislation, for example, using the standard contractual clauses approved by the European Commission, and otherwise so that the processing of personal data takes place in accordance with this Privacy Statement.
The storage periods for personal data are based on legislation and on Koskisen Group’s data protection principles. We retain your data only for as long as is necessary for the purposes stated in this Privacy Statement in accordance with the legislation in effect at the time.
We will store your data for at least as long as the customer relationship lasts. After the customer relationship ends, the storage period depends on the data and its purpose. We may be obligated to store some of the customer’s personal data in order to comply with accounting or other compelling legislation also after the customer relationship ends or other grounds for processing personal data end.
We endeavour to keep the personal data that is in our possession correct and up to date by erasing unnecessary data and by updating obsolete data.
You have the right to access data that concern you, the right to demand that inaccurate or incomplete data are rectified, and the right to have register data that are unnecessary or obsolete in terms of the processing purpose erased.
You also have the right to object to your data being used in direct marketing and market research and in opinion surveys by contacting the controller or by changing the settings in the web service. You can also block advertising that is targeted to you based on your web browsing behaviour. After such blocking, you will be shown the same amount of ads as before, but the advertising will not be targeted based on your areas of interest.
Under the GDPR, you have the right to receive a copy of the personal data that concerns you. There is no legally prescribed form for presenting this request. If necessary, we may ask you for additional data in order to confirm your identity.
If you present a request concerning a right electronically, we will deliver the data in a commonly used electronic format. In principle, there is no charge for fulfilling requests, but under certain conditions, we may charge administrative costs arising from performing the requested procedure or we may decline to perform the requested procedure.
Under the GDPR, the time limit for replying to a request made by you is one month. This time limit may, if necessary, be extended by no more than two months, taking into account the complexity and number of requests.
With certain exceptions, the GDPR guarantees you the right to have your data rectified and the right to the erasure of your personal data, i.e. “the right to be forgotten”.
You also have the right to cancel your consent on which the processing is based. In this case, you can present us with a request to erase the data that concerns you from our systems. If there are no other legal grounds for processing the personal data, we will erase it.
If a partner of ours is in possession of your data that is to be rectified or erased, we will request that the partner follow the same procedure.
Under the GDPR, you have the right to data portability from one system to another. In practice, you have the right to obtain data that concerns you in a commonly used transmission format and deliver it to another controller. The law requires that the processing be based on consent or an agreement, and that the processing be automated.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data that concerns you. This right does not concern public-sector registers, which are kept by law.
You have the right not to be subject to a decision which is based solely on automated processing, such as profiling, and which produces legal effects concerning you or similarly significantly affects you.
We are required to communicate a personal data breach directly to the data subjects whose data the breach concerns. The right takes effect if the breach is likely to cause a high risk to the rights and freedoms of the individual, for example, in the form of identity theft, fraudulent transactions or other criminal activity.
Present any enquiries and requests you have concerning personal data processing first to the controller at the address: email@example.com