ALUCAT® Privacy Policy

This is the register and privacy policy of Alucat Catamarans Ltd, in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). This privacy policy was drafted on May 25, 2018.

1. DATA CONTROLLER

Alucat Catamarans Oy
Pinotie 7
33470 Ylöjärvi
Telephone: +358 3 348 4666
info(@)alucat.fi

2. CONTACT PERSON FOR REGISTER MATTERS

Kalle Konttinen
+358 40 740 8364
kalle(@)alucat.fi

3. NAME OF THE REGISTER

The register is Alucat Catamarans Ltd's customer and marketing register.

4. PURPOSE AND BASIS FOR THE PROCESSING OF PERSONAL DATA

The primary basis for the processing of personal data is the customer relationship between the customer and the company, the customer's consent, an assignment given by the customer, or another appropriate connection.

Personal data may be processed for the following purposes:

Managing, implementing, developing, and monitoring customer relationships, customer service, and related communication and marketing.

Analysis, segmentation, and reporting of customer relationships, as well as other purposes related to the development of the overall customer relationship and the company's business operations.

Processing tasks may be outsourced to third-party service providers in accordance with and within the limits set by data protection legislation.

Data is not used for automated decision-making or profiling.

5. DATA CONTENT OF THE REGISTER

The personal data stored in the register may include the following:
Name of the person, position, company/organization, contact information (phone number, email address, address), website addresses, IP address of the network connection, information on ordered services and changes to them, billing information, and other information related to the customer relationship and ordered services.

6. REGULAR SOURCES OF DATA

Data is primarily obtained from the following sources:
The data subject themselves and events related to the data subject's customer relationship, use of services, communication, and transactions.
A party providing identification, verification, address, updating, credit information, or other similar services.

7. REGULAR DISCLOSURE OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR EEA

Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer.

Data may also be transferred by the controller outside the EU or the EEA.

8. PRINCIPLES OF REGISTER SECURITY

The register is handled with due care, and data processed using information systems is appropriately protected. When registry data is stored on Internet servers, the physical and digital security of their hardware is appropriately managed. The controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes it. Furthermore, access is restricted by personal usernames and passwords.

Any physical documents are stored in a locked space accessible only by specifically authorized personnel.

9. RIGHT OF ACCESS AND RIGHT TO REQUEST RECTIFICATION OF DATA

Every person in the register has the right to check their stored data and demand the correction of any incorrect information or the completion of incomplete information. If a person wishes to check the data stored about them or demand a correction, the request must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time frame set in the EU General Data Protection Regulation (generally within one month).

10. OTHER RIGHTS OF THE DATA SUBJECT RELATED TO THE PROCESSING OF PERSONAL DATA

A person in the register has the right to request the deletion of personal data concerning them from the register ("the right to be forgotten"). Likewise, data subjects have other rights under the EU General Data Protection Regulation, such as the restriction of processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time frame set in the EU General Data Protection Regulation (generally within one month).