Read this Policy carefully before using the Service or visiting the website.
The controller in accordance with the applicable Data Protection Act Vema Lift Oy (hereinafter “Vema”, “we”, “us” or “our”). Europress is responsible for ensuring that your personal data are processed according to this Policy and the applicable data protection legislation.
Controller’s contact information:
Vema Lift Oy
Business ID: 3354713-3
Address: Lakimiehenkatu 2, 20780 Kaarina, Finland
2. COLLECTING PERSONAL DATA
Your personal data can be collected in different ways. As a rule, we collect and process personal data that
- you have given us when you contact us or do business with us, for example when you buy our Services or register for our Services, subscribe to our newsletter or contact us to request an offer or more information;
- are created when using the Service or visiting the website, such as when you log in to the Service; and
- are retrieved from other sources to the extent allowed by applicable law, such as the Finnish Trade Register, Population Information System or Business Information System, or the address information system of the Finnish postal service Posti.
You do not have to give us your personal data, but if you choose not to, we may not be able to provide our Service to you.
We collect and process the following personal data groups, for instance:
- basic information, such as name, job title and relationship with the company you represent, as well as contact information (email address, postal address and telephone number) and language of communication;
- information related to the customer relationship, such as information on the Service and the order, payment information, invoicing information, marketing permissions and prohibitions;
- customer communications and related correspondence as well as entries related to the rights of data subjects;
- personal data created in connection with using our Service or data gathered in connection with using our website, such as user IDs, passwords, identification information, log information on the use of the Service, information collected from the website using cookies or similar technologies (device ID and type, operating system and application settings); and
- other information specified on a case-by-case basis based on your consent.
Developing the service, information security and internal reporting
We also process personal data to ensure the information security of the Service and the website, improve the quality of the Service and the website, and develop the Service. We can also use the personal data to compile internal reports for management to assist with the appropriate management of our business. In these cases, the processing of personal data is based on our justified interest in ensuring the appropriate information security of our Service and website and receiving sufficient and appropriate information to develop the Service and manage our business.
Compliance with the law
We can process your personal data to fulfil our statutory duties related to, for example, accounting, or we can fulfil the information requests based on law by other authorities (e.g. the tax authority).
Other purposes to which you have consented
We also process your personal data for other purposes, if you have consented to such processing.
3. TRANSFERRING AND DISCLOSING PERSONAL INFORMATION
We can disclose personal data to other companies in the Europress Group within the limits of applicable law for the purposes described in this Policy, including the marketing of the products and services of the companies mentioned above. Personal data can also be transferred within the Europress Group companies for internal administrative purposes such as reporting and carrying on our business effectively or, for example, using centralised information and communication systems. The disclosure of personal data within the Europress Group is based on our justified interest in conducting our business, managing our customer relationships effectively and telling the customers about the services of other companies in the Europress Group.
We can disclose personal data to third parties:
- within the scope permitted or required by law, such as fulfilling an information request by a competent authority or in connection with legal proceedings;
- when our partners process personal data on our behalf and in accordance with our instructions. We always ensure that your personal data is handled appropriately;
- if we are involved in a merger, a reorganisation of the business or a sale of the business or part thereof;
- when we consider disclosure to be necessary to realise our rights or protect your safety or the safety of other people, investigate malfeasance or respond to the request of an authority; and
- with your consent, to the parties to which the consent applies.
4. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU OR EEA
We can transfer personal data outside the EU or the European Economic Area when our partner managing the assignment is located outside these areas. In these cases, we take care of the appropriate safeguards for the rights and freedoms of the data subject in accordance with the applicable data protection legislation, such as the General Data Protection Regulation of the EU (GDPR) (679/2016).
For example, a service provider that conducts marketing for us can transfer personal data to the United States in connection with providing the service. In this case, the appropriate safeguards on personal data are implemented so that the service provider is committed to the Privacy Shield arrangement between the EU and the United States, or we use the standard data protection clauses approved by the European Commission.
Read more about the Privacy Shield arrangements here: https://www.privacyshield.gov/welcome.
You can read more about cookies here: www.vema.fi/about-cookies
6. STORING PERSONAL DATA
Personal data are stored only as long as necessary to implement the purposes of use specified in this Policy.
The personal data are stored for the duration of the customer relationship. With regard to essential information, personal data can also be stored after the end of the customer relationship to the extent permitted or required by the applicable law. For example, we typically store personal data that are needed to respond to claims or legal action after the end of the customer relationship in accordance with the currently valid regulations on the period of limitation. We can also store the necessary parts of personal data in order to comply with the prohibition of direct marketing you have issued, for instance.
The personal data are removed once storing them is no longer required by law or to realise the rights and obligations of either party.
7. YOUR RIGHTS
You have the right to access your personal data. You can also request the rectification, update or erasure of your personal data at any point. Note, however, that personal data required to implement the purposes of use mentioned in this Policy, or data that must be stored as required by law, cannot be erased.
You have the right to object to or to restrict the processing of your personal data to the extent of the applicable law.
In certain cases, you have the right in accordance with the applicable law to transfer the personal data you have submitted to us from one system to another, i.e. the right to receive your personal data in a structured, commonly used and machine-readable format and transfer your personal data to another controller.
When we are processing your personal data based on consent, you have the right to withdraw the consent you have given at any time. After that, we will not process the personal data unless there is another legal basis for the processing.
You can exercise your rights by sending us a request at the address firstname.lastname@example.org
If you feel that your personal data have not been processed appropriately, you have the right to contact the Data Protection Ombudsman concerning the issue. You can find the Ombudsman’s contact information on the website of the Data Protection Ombudsman: http://www.tietosuoja.fi/fi/index.html.
8. INFORMATION SECURITY
We implement the appropriate measures (including physical, digital and administrative actions) in order to protect personal data from loss, destruction, misuse and unauthorised access or disclosure. For example, only the persons who need personal data to carry out their duties have access to the data.
Note that even the most appropriate measures cannot prevent all potential personal data breaches. In case of a personal data breach, we will notify you about the issue in accordance with the applicable law.
9. CHANGING THE POLICY
We have the right to change this Policy. We will notify you about the changes on our website www.vema.fi where you can also find the latest version of this Policy.
10. CONTACT US
You can ask for more information about this Policy or more detailed information on the processing of your personal data by contacting us by email at the address: email@example.com