Close

Log in with e-mail address

If you do not know or remember your password, we can send a direct login link to your e-mail address.

Create account (corporate customers)

Log in with password

Log in immediately with your e-mail address and password.

Privacy Policy - Marketing Register

A document providing information in accordance with the General Data Protection Regulation (EU) 2016/679

1.    Controller

Kuusakoski Group Oy, Metsänneidonkuja 12, 02130 Espoo

What is stated in this Privacy Policy also applies, where applicable, to the processing of personal data of the following group companies of Kuusakoski Group Oy:
Kuusakoski Oy;
Kuusakoski AS;
Kuusakoski Ltd;
Petromax AO;
Kuusakoski Sverige AB
(each controller referred to hereinafter also as “Kuusakoski”)

2.    Contact point in matters related to the processing of personal data

Customer service
Tel. +358(0)800 30880,
email: asiakaspalvelu@kuusakoski.com

3.    Legal grounds for and the purposes of the processing of personal data

Personal data is processed on the basis of the data subject’s unambiguous consent or the Controller’s legitimate interest. Personal data is processed for the following purposes:
1)    Customer communications;
2)    Direct marketing and other targeted marketing;
3)    Managing the sales contact information.

4.    Processed personal data

The following data is being processed for the execution of the above mentioned processing purposes:

Basic information, such as:
•    Name of the person
•    Contact information (such as address, telephone number and email)
•    When representing an entity, information concerning the data subject’s employer and position or assigned tasks within the entity

In addition to the basic information, also information related to the execution of the marketing as well as sales meetings are processed in the marketing register, such as information concerning the sales or sales project related events, phone calls and other conversations including emails; information concerning executed marketing acts; as well as web browsing information.

In addition, the register contains the information on direct marketing permissions or prohibitions provided by data subjects.

5.    Regular sources of data

Personal data is collected from the data subject himself/herself, for instance, in various communication situations via telephone or email or when the data subject subscribes to Kuusakoski’s mailing list on Kuusakoski’s website or in the context of marketing lotteries or by other equivalent means.

Kuusakoski’s employees record such contacts in the marketing register that are essential from the perspective of active sales projects.

Personal data may also be collected and updated from the controller’s other registers or registers of companies belonging to the same group of companies and economic interest group with the controller at a given time, to the extent permitted by the controller’s legitimate interest or in case the data subject has consented to this, as well as from authorities and companies providing services related to personal data, such as Suomen Asiakastieto Oy, to the extent such entities have the permission to disclose data for direct marketing purposes.

6.    Regular transfers and disclosures of data as well as transferring data outside the EU or the European Economic Area

Controller may transfer data subjects’ personal data to third parties for the execution of the processing purposes described in this document as further specified hereinafter. When personal data is transferred to an entity processing personal data on behalf of the controller (i.e. to the data processor), the controller has ensured by contractual arrangements, amongst others, that the personal data is only processed based on written instructions provided by the controller and only for such purposes that have been defined in this privacy policy, and that the access to the personal data is limited to such persons only who need to access the personal data on the basis of the tasks assigned to them.

The controller may transfer personal data to data processors for the execution of such services and tasks that the controller has assigned to them. Data processors’ tasks relate to the provision and maintenance of data systems and software as well as to the provision of other data processing services, or to the production of marketing services or other equivalent tasks closely related to sales and marketing.

In case of the sale of the controller’s business, or a part of it, or in case the controller conducts other organizational changes to its business, the controller may disclose personal data to the buyers and their advisors in accordance with the then current legislation.

The personal data is stored on servers located within the European Economic Area (EEA).

7.    Data Security

Manual material:

Manually processed documents including information on data subjects are stored in locked up spaces so that unauthorized access is prevented.

Electronically processed data:

Databases, in which the marketing register data is stored, are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked up spaces.

The controller makes sure that access to data is permitted only to those of its employees and only to those employees of the companies acting on behalf of him who have the need to access the data for the execution of the tasks assigned to them.

8.    Retention period of personal data

Personal data is retained as long as its necessary for the execution of the processing purposes mentioned in this privacy policy. The retention periods are defined based on the following grounds:

- The personal data of the data subject is stored as long as the controller has a legitimate interest to do so. The controller shall define the validity of its legitimate interest based on the use of the controller’s online services as well as based on the communication between the data subject and the controller, such as communication related to active sales projects.
- The data subject’s data shall be deleted from the register in case the data subject cancels his/her permission for direct marketing or objects to the processing of his/her personal data for the purposes of direct marketing. In such case, the information regarding prohibition of direct marketing is, however, retained.
- The data subject’s data is deleted from the register in case the data subject has requested the deletion of his/her personal data and the controller has no other ground for the processing of such data.
Outdated data and data that has been marked to be deleted from the register are deleted during regular database updates.

9.    Rights of the data subject

The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Kuusakoski to the extent Kuusakoski acts as the controller to the personal data of the data subject in question.

-    Right of access: The data subject has the right to obtain a confirmation from the controller on whether the controller processes personal data concerning the data subject and the right to access such data. The data controller may ask the data subject to specify his/her access request, amongst others, with regard to the details of the data to be delivered.
-    Right to rectification: The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him/her processed by the controller, or to have incomplete personal data processed by the controller to be completed.
-    Right to be forgotten: The data subject has the right to obtain from controller the erasure of personal data related to him/her and the controller has the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding the controller related to the storing of the personal data has ended or, where the data subject has withdrawn his/her consent to the processing of his/her personal data.
-    Restriction of processing: In certain cases, where so prescribed by law, the data subject may have the right to obtain from the controller restriction of processing of his/her personal data.
-    Right to data portability: The data subject may, subject to certain conditions prescribed by law, have the right to receive the personal data concerning him/her processed by the controller in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the original controller.
-    Direct marketing and the right to object to the processing of personal data for the purposes of direct marketing: The data subject has the right to object to the processing of his/her personal data by the controller for the purposes of direct marketing. In case the data subject has given the data controller his/her consent with regard to sending electronic direct marketing, the data subject can withdraw his/her consent at any time.

In certain cases the data subject can access and rectify his/her data through electronic services provided by Kuusakoski. In cases where the data subject has no such services in use, the requests shall be directed to customer service of Kuusakoski (contact information to be found below). Requests concerning the erasure, portability or the objection to processing shall be directed to customer service.

Contact information of the customer service:
Norokatu 5, 15170 Lahti
0800 30880
asiakaspalvelu@kuusakoski.com

Kuusakoski will take measures based on the data subject’s request without delay, and provide the data subject with the information concerning the measures related to the use of the data subject’s rights primarily within one month from receiving the data subject’s request.

In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Finland to the Data Protection Ombudsman, in accordance with its instructions. The website of the Data Protection Ombudsman can be found here.