Privacy Policy and Personal Data Register Description

Personal Data Act (523/99), Sections 10 and 24

Data Controller

Lohkare Infra Oy
Energiakatu 4
00180 Helsinki, Finland
Business ID: 3516369-4

Contact Person Responsible for Register Matters

Valtteri Palin
Email: valtteri.palin(at)lohkare.fi
Tel. +358 40 734 7749

Name of the Register

Lohkare Infra Oy’s Personal Data Register

Purpose of Processing Personal Data and Legal Basis for Processing

The primary purpose of this register is to serve as Lohkare Infra Oy’s customer database. The register contains personal data of current corporate customers and their contact persons, as well as potential customers. In addition to basic customer information, data may be collected from contracts, service usage, service areas, and information required for the delivery and management of services.

Customer data contained in the register may be processed for the following purposes:

  • Management and maintenance of customer relationships
  • Provision, development and maintenance of customer services
  • Customer service
  • Communication, information sharing, marketing, sales promotion and market research
  • Operational business purposes such as invoicing and reporting
  • Business planning and development
  • Service communication and contract-based marketing to business partners

The three primary legal bases for processing personal data are:
(1) the consent we have received,
(2) the contract we have entered into, and
(3) our legitimate interests.

Personal data is processed based on explicit consent (received in writing, verbally or online), as required to fulfil a contract with Lohkare Infra, or based on our legitimate interest in conducting business.

You have the right to withdraw your consent at any time by contacting:
valtteri.palin@lohkare.fi

Contents of the Register

Lohkare Infra’s register may include the following information: name of a person or organisation, postal address, country of residence, email address, phone number, job title, date of birth, company name and business ID, website and other online addresses. The register may also include data related to direct marketing permissions and restrictions, and technical identifiers required for the use of services.

Regular Sources of Data

Data stored in the register may be collected from:

  • The data subject directly
  • Third parties, with the consent of the data subject
  • Public online services and sources

Regular Disclosure of Data and Transfer of Data Outside the EU/EEA

Personal data will not be disclosed to third parties except within the limits permitted or required by applicable law. Personal data may be transferred outside the European Union or the European Economic Area in accordance with Sections 22–23 of the Personal Data Act, for example when technically necessary for the provision of services or communication. Data may also be disclosed with the explicit consent of the data subject.

Principles of Register Protection

The register is maintained as a technical database. The system is protected with passwords, and the register is accessible only to persons whose job duties require its use.

Right of Access and Right to Rectify Data

Every individual recorded in the register has the right to access their personal data and to request the correction of any inaccurate information. Customers also have the right to prohibit the sending of electronic communications and benefits, as well as the use of their personal data for direct marketing. Requests must be submitted to the data controller. The controller may request verification of identity. Responses will be provided within the timeframe set out in the EU General Data Protection Regulation (GDPR).

Other Rights Related to Personal Data Processing

A data subject has the right to request the deletion of their personal data from the register. Furthermore, individuals have other rights under the EU General Data Protection Regulation, such as the right to restrict processing in certain situations. Requests must be sent in writing to the data controller. The controller may request identity verification if necessary. The controller will reply within the timeframe required by GDPR.