Data protection statement
Fastroi Ltd is committed to protecting the privacy of its service users in accordance with the applicable personal data protection laws and other applicable legislation.
In this data protection statement, we explain what personal data Fastroi Ltd may collect when you subscribe to the services of the company or contact Fastroi Ltd through its website, and for what purposes and on what grounds Fastroi Ltd may use your personal data in the company’s business. By using the service, you agree to the processing of your data in accordance with this data protection statement. If you do not agree to these terms, you will not be allowed to use our services.
In this data protection statement, we explain
- what kind of data we collect about our customers and the users of our online services,
- for what purposes we use the data,
- how long we retain the data,
- how cookies are used in the service,
- how the customers and users can influence the processing of their data,
- where personal data is transferred or to whom it is disclosed,
- how the personal data is protected, and
- who you can contact.
We recommend that you read through this statement.
Controller and contact details
Fastroi Oy (Business ID 1851560-0)
80110 Joensuu, Finland
Tel: +358 (0)10 327 8000
Person responsible for personal data files and contact person
Fastroi Oy (Business ID 1851560-0)
80110 Joensuu, Finland
Tel: +358 (0)10 327 8000
Data Protection Officer
80110 Joensuu, Finland
Tel. +358 10 327 8000
Customers (contact persons)
Users of websites (incl. chat)
1. Purpose and basis of personal data processing
|Data subjects||Purpose of processing||Basis of processing|
|Customers (contact persons)||Enabling customer service contacts and maintaining customer relationships. Improving customer satisfaction (customer satisfaction surveys). Organising customer activities (webinars, training and customer events).||Controller’s legitimate interest based on a customer relationship, and fulfilling the contract.|
|Potential customers and website users||Contact requests made through the website and newsletter subscriptions.||Controller’s legitimate interest based on the customer relationship or other relevant connection, and data subject’s consent.|
2. What kind of data is collected and for what purpose?
We only collect personal data that is necessary for pre-defined purposes. The purpose of use determines what kind of information is collected in any given situation. When collecting data, we will specify which information you must provide in order to be able to use the services and which information you can choose to give.
The data that we process can be classified as user-provided or personally identifiable data, data collected from the use of services, derived data, or data obtained from external sources.
1) Data provided by the user or personally identifiable data: We collect user-provided data, for example, for delivering an order or service, invoicing and customer relationship management, as well as for marketing and opinion polls. Without contact details or invoicing data, we cannot deliver the product or service ordered by the customer. We may also collect other data provided by the customer in order to tailor content and marketing to better match the customer’s preferences.
Data provided by the customer includes:
- contact details, such as name of organisation, name of user, address, telephone number, e-mail address,
- demographic information, such as occupation or title,
- customer relationship information, such as invoicing and payment data, product information, order data, customer feedback, inquiries and cancellation data,
- profile information provided by the customer,
permits and consents,
- opt-out data,
- information received through questionnaires and surveys, and
- other data collected with the customer’s consent.
2) Data collected from the use of services: By using cookies and other similar technologies, we automatically collect data that helps us understand how many users our services have, what kind of content or ads are popular and for how long the content or ads are viewed. On the basis of this data, we can develop our services and business, customise content according to users’ interests, target advertising and marketing communications, and prevent and investigate misconduct. This data includes:
- usage and browsing data for service features,
- the page from which the user arrived on our website,
- device model,
- unique device ID or cookie code,
- browser and its version,
- IP address,
- session time and duration, and
- display resolution and operating system.
3) Data derived from the use of services: From the observed data and/or data provided by the user we can deduce the user’s interests and thus profile the user in a specific user segment. We use the data for statistics and analysis, development of services and business, and for customising content, advertisements and marketing messages.
4) Data obtained from external sources We may use external data sources to update and enrich information, such as the business register maintained by Suomen Asiakastieto, and other similar private and public registers. With this data, we can ensure that our users are treated based on accurate and up to date information, and we can tailor our products and services to better match the users’ interests.
If we process data for purposes other than those mentioned above, we ensure that the processing is compatible with the purpose for which the data originally was collected.
3. On what grounds do we collect personal data?
We process data on the following grounds based on data protection legislation:
Agreement: We process data provided by the user in order to fulfil the agreement we have concluded with the user concerning a product or service. Without the aforementioned data, we cannot provide our services as requested by the user, handle orders, allow for logging in to an online account, verify customer transactions, contact the customer on contractual matters, provide technical support or bill for our services.
Consent: We may process user data to carry out online marketing measures or disclose contact details to selected partners for direct marketing purposes. We may also ask the user’s consent if the purposes of processing change.
Legitimate interests: We process data in order to be able to develop our business and customer service, prevent and investigate crime and misconduct, file and defend legal claims, analyse our service usage, profile and segment users, and market our services by phone or mail or based on people’s jobs. These purposes are necessary for our business, and justified on the basis of a factual connection between the user and Fastroi Ltd, and thus in accordance with our legitimate interests. The user may object to the processing on a basis specific to the situation.
Legal obligation: We may be required to retain some of the customer’s personal data in order to comply with the Accounting Act or other compelling laws, in some cases even after the end of the customer relationship or after the basis of processing of personal data ceases to exist. In that case, the processing will be based on compliance with the legal obligation.
4. How do we protect the data collected, and for how long will it be retained?
We store the collected data in databases that are protected by, for example, firewalls, cryptographic techniques, and restricted access and user rights. We regularly make backup copies of the data files. Please note that online services are not completely secure. Users are responsible for ensuring the security of their own information systems.
We will retain the user’s data in accordance with current legislation and only for as long as is necessary for the purposes specified above. The user can also influence the data retention time through the mechanisms described in section 5 below.
In a marketing register, data is typically kept for as long as a person functions in positions to which the product or service marketed is related and he or she has not refused to receive marketing communications. If a person opts out of marketing, we will retain the opt-out information and the contact details so that we can comply with the opt-out.
Collected data will only be retained for as long as is necessary in accordance with current legislation. For example, certain personal data will be retained even after the end of the customer relationship due to the provisions of the Accounting Act.
5. What rights do users have concerning their personal data?
Right of access
You have the right to access your personal data. If you notice any inaccuracies or omissions in your data, you can ask us to correct or complete the information.
Right to object
You have the right at any time to object to the processing of your personal data if you feel that we have processed your personal data unlawfully or that we are not entitled to process your personal data.
Direct marketing restriction
You have the right at any time to forbid us from using your data for direct marketing. We never sell or otherwise disclose your personal data to third parties so that they may send direct marketing to you.
We purchase online advertising from Facebook, LinkedIn and Google, for example. However, these companies never receive your personal data, and this kind of advertising is not direct marketing but is based on cookies. Read more under Cookies.
Right to erasure
If you feel that the processing of some of your data is not necessary for our tasks, you have the right to request us to erase the data in question. We will consider your request, after which we will either erase your data or give you a justified reason why we cannot erase it. If you disagree with our decision, you have the right to file a complaint with the Data Protection Ombudsman. You also have the right to demand that we restrict the processing of disputed data until the matter is resolved.
Right to file a complaint
You have the right to file a complaint with the Data Protection Ombudsman if you feel that while processing your personal data we are in violation of existing data protection regulations (instructions for filing a complaint).
6. Will your personal data be disclosed or transferred?
Customers’ personal data will not be disclosed to services operating under the auspices of Fastroi or to third parties involved in generating, developing or maintaining communications, except in accordance with a contract, consent or statutory provision. As a rule, we will not transfer your data outside the EU or EEA. If we do transfer data outside the EU or EEA, we will ensure an adequate level of protection of personal data, inter alia, by agreeing on the confidentiality and processing of personal data as required by law, or, for example, by standard contractual clauses approved by the European Commission, and otherwise by processing personal data in accordance with this Data Protection Statement. Data transfer outside the EU or EEA may also be based on the user’s consent.
7. Are children’s personal data processed in the services?
Our services are not aimed at children: only adults are allowed to sign in to our services. We do not deliberately process children’s personal data or create child target groups.
8. Purpose of cookies
We can use the website usage data to generate advertising or content for a specific browser. We can generate customer segments based on which websites certain browsers have visited during a specific time period. These customer segments will be presented with advertising relating to our services. We may draw on our partners to generate these customer segments. In such an event we will have contractual arrangements in place to ensure that the partner will only use the data in relation to Fastroi Ltd and will not utilise the data for their own purposes or disclose it to any other party. We may use behavioural data sourced from external websites to generate customer segments and to target our advertising activities.
To opt out of Google Analytic cookies, click here: Opt out of Google Analytics tracking
Our website may also contain links to other websites, including our partners and the authorities, but we are not responsible for the content on or privacy policies applicable to such third-party websites. We recommend that you familiarise yourself with the privacy policies of each individual website.
9. Updates to Data Protection Statement
We are continuously developing our services and reserve the right to change this Data Protection Statement accordingly. Changes may also be based on changes in legislation. We recommend reviewing the content of the Data Protection Statement regularly.
Contact details of the supervisory authority:
Office of the Data Protection Ombudsman
Street address: Ratapihantie 9, 6th floor 00520 Helsinki
Mailing address: PO Box 940, FI-00521 Helsinki, Finland
Switchboard: +358 29 56 66700