Triotec logo

Privacy policy

Customer register

Privacy statement

Data controller


The data controller is Triotec Oy. Information may be disclosed to other companies within the Arska Group to deliver services as per customer agreements and implement chain operations. Other companies in the Arska Group include Mepu Oy (business ID: 2761878-3) and Arskametalli Oy (business ID: 0747454-0).

Contact person for matters concerning the register


Janne Käkönen
+358 50 511 5540
janne.kakonen@arskagroup.com

Purpose of processing personal data


The register maintains the organisation’s customer database, manages and archives orders, and handles customer relationships. Data may also be used for business development, statistical purposes, and delivering more personalised content. Personal data is processed within the limits that data protection legislation requires. Information may be used within the organisation’s registers, for example, for targeting advertising, without disclosing personal data to external parties. The organisation may use service partners to maintain customer and service relationships, which may require transferring parts of the data to the partner’s servers for technical reasons. Data is processed solely to maintain customer relationships through technical interfaces. The organisation can publish customer register data electronically or in print unless the customer explicitly forbids it. “Publishing” in this context refers to, for example, address labels for direct mailings. Customers may prohibit publication by notifying customer service or the contact person. The legal basis for processing is a contract.

Categories of personal data


Name, represented organisation, contact details, invoicing information

Recipients and categories of recipients


The data controller’s staff and outsourced partners (e.g., accounting) as applicable

Content of the register


The register may contain the following information:

  • First and last name
  • Represented organization
  • Business ID
  • Email address
  • Postal address
  • Phone number
  • Website address
  • IP address
  • Order history

Regular sources of data


Data is obtained from customer registrations and notices given during the customer relationship. Contact details may also be updated from official registers and service providers. Data may also be collected from subcontractors providing or operating the service. Customer activity in digital environments may be tracked via partners' websites, systems or other digital sources using links, cookies or login credentials. The organisation uses Customer data solely, except when using an external provider for additional services or credit assessments. Data is not shared outside the organisation or with partners, except for credit applications, debt collection or invoicing, or when required by law. Personal data is not transferred outside the EU unless required for technical implementation by the controller or a partner. Personal data is deleted upon request unless legal obligations, unpaid invoices or collection processes prevent it.

Retention period for personal data


10 years after the end of the customer relationship.

Regular disclosures of data


As above – data is used internally and only disclosed externally when necessary (credit, debt collection, legal requirements).

Transfers outside the EU or EEA


Personal data is not transferred outside the EU/EEA unless necessary for technical implementation.

Register protection principles – a: manual data


Contact details and other customer information collected manually are stored in locked, fireproof facilities after initial processing. Only designated employees who have signed a confidentiality agreement may process such data. Data protection laws and best practices are followed.

Register protection principles – b: electronic data


Only authorised employees of the organisation and its service providers may access and maintain the register. Each user has personal login credentials and has signed a confidentiality agreement. A firewall protects the system against external threats. Data protection laws and best practices are followed.

Cookies


We use cookies on our website. A cookie is a small text file sent to and stored on the user’s device. Cookies do not harm users’ devices or files. Their primary purpose is to improve and personalise the user experience and to analyse and enhance website performance and content. Information collected via cookies may also be used to target communications and optimise marketing actions. Visitors cannot be identified solely through cookies, but data may be linked to other information the user provides (e.g., form submissions).

Cookies collect the following data:

  • Visitor’s IP address
  • Time of visit
  • Pages viewed and viewing durations
  • Browser type

Your rights
You may disable cookies at any time via your browser settings. Most browsers allow you to disable cookies and delete saved ones. Disabling cookies may impact website functionality.

Google analytics
We use Google Analytics to collect usage statistics for monitoring, development and marketing planning. This data cannot be used to identify individual users. We also use Google Analytics Demographics to collect information such as age, gender and interests. You can adjust related settings in your Google account at https://www.google.com/settings/ads. You can opt out of tracking entirely using the Chrome browser add-on.

Right of access


You have the right to access your data stored in the register. Requests must be made in writing, signed, or sent from a verifiable email address in Finnish or English. Contact the customer service or the registered contact person.

Right to data portability


You have the right to request that your personal data be transferred to another system. Contact the registrar's contact person to make this request.

Right to rectification


Incorrect, unnecessary, incomplete or outdated personal data must be corrected, deleted or completed. Requests must be signed or sent from a verifiable email. Specify the data to be corrected and the reason. Rectification will be carried out without delay. If denied, a written explanation will be provided. You may appeal the denial to the data protection ombudsman.

Right to restriction of processing


If your data is inaccurate, you may request restriction of processing. Contact the registrar contact person.

Right to object


You have the right to request access, rectification or deletion of your data. However, if you are listed as a company or organisation representative, your data cannot be deleted during that period.

Right to complain to a supervisory authority


Suppose you believe your personal data has been handled violating data protection laws. In that case, you may file a complaint with the supervisory authority in your country of residence or employment. In Finland:

Office of the data protection
Visitor address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Switchboard: +358 29 566 6700
Registry: +358 29 566 6768
tietosuoja@om.fi
www.tietosuoja.fi

Other rights related to personal data


You have the right to object to the processing or disclosure of your data for direct marketing, to request anonymisation where applicable and to request complete erasure (“right to be forgotten”).