Privacy Statement

This privacy statement describes how Vepsäläinen Oy ("Vepsäläinen") processes the personal data of its customers (hereinafter also "data subject"). Vepsäläinen has the right to update this privacy statement at any time as it deems necessary and will inform the data subjects of any material changes to it.

Controller:

Vepsäläinen Oy
Business ID: 2111755-8
Juvankartanontie 11, 02920 ESPOO, FINLAND

Contact details for matters involving the data file:

Vepsäläinen Oy, Juvankartanontie 11, 02920 Espoo, Finland
Telephone: +358 20 7801 471
E-mail: [email protected]

Purpose and basis for processing personal data

The processing of personal data contained in the customer register is based on the legitimate interest of Vepsäläinen and its subsidiaries, and on the customer relationship with the data subject. Processing the data is necessary for managing customer relations, developing our business, ensuring a better customer experience across all channels and managing marketing communications. The register is also used for sending newsletters, event invitations and announcements. The customer’s consent for such use will be requested if required.

Content of the data file

The minimum data stored in the customer register consists of the data provided by the customer in connection with subscribing to the newsletter or making a purchase. The register also contains data added or updated by Vepsäläinen or the users themselves. 

The following data may be processed in the register:

• First and last name(s), gender, date of birth, language
• Contact details: billing address, delivery address, phone numbers, email addresses
• Company name and business ID (for corporate customers)
• Information related to the marketing consent: consent or refusal
• Information related to purchases: customer number, purchase times, products and services ordered, delivery method, payment method*, complaints and other customer communications
• The credit application for Nousukausirahoitus financing is stored and archived as required by the Accounting Act
• Customer’s account number (only if a refund needs to be made to the customer’s account)
• Information related to marketing: for example, targeted actions and participation in competitions and events
• Data and interests reported by the data subject themselves and inferred from the use of services
• Username and password for Vepsäläinen's electronic services

* Vepsäläinen never stores personal codes or other information about online banking or debit or credit cards.

Regular data sources

Data concerning the data subjects is mainly collected from the data subjects themselves, from Vepsäläinen's systems and services used by the data subject, and in connection with various marketing activities. Data may also be collected and updated from our partners’ data files and from authorities and companies providing personal data services.

Regular disclosures of data

The data in the customer register will not be disclosed to third parties, apart from the following exceptions: to the authorities as required by law, or in connection with mergers and acquisitions if Vepsäläinen sells or reorganises its business. Vepsäläinen also relies on partners in its business operations and, if necessary, may temporarily transfer data from the customer register for processing in a secure manner. In such cases, the data transferred to a third party will be erased with the appropriate methods. The partners always process the data on Vepsäläinen's behalf and do not create their own personal data files from the disclosed data.

Transfer of data outside the EU or EEA

As a rule, data stored in the register is not transferred outside the territory of the Member States of the European Union or the European Economic Area, unless this is necessary for the purposes of processing the personal data or for the technical implementation of processing, in which case the data will be transferred in compliance with personal data legislation.

Storage time of personal data

Vepsäläinen processes the personal data of the data subjects for the duration of the customer relationship or for the duration of the newsletter subscription or other service. Data may also be stored for a longer period expressly required by law or the fulfilment of legal or contractual obligations, such as warranty obligations.

Principles of securing the data file

The customer register is stored in systems that are appropriately secured by personal passwords and firewalls in accordance with industry-standard information security principles. Manually processed materials are stored on premises that can only be accessed by the parties responsible for processing. Access to the customer register is limited to those Vepsäläinen employees whose duties require it.

Rights of the data subject

Data subjects have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them. If a data subject objects to the processing of their personal data, Vepsäläinen may not able to offer its services to the data subject.

In addition, the applicable data protection legislation gives data subjects the right at any time to:

• gain access to their personal data;
• demand the rectification or completion of inaccurate or incomplete personal data concerning them;
• demand the erasure of their personal data;
• receive their personal data in electronic form and transmit it to another controller when the conditions laid down by law are met; and
• demand that the processing of their personal data be restricted.

The data subject must submit the request for exercising their rights to the contact person specified above. Vepsäläinen may refuse to fulfil the data subject's request on grounds provided for in data protection legislation.

Right to lodge a complaint with a supervisory authority 

Data subjects have the right to lodge a complaint with the competent supervisory authority if they consider that Vepsäläinen has processed personal data in violation of data protection legislation.