Privacy Policy


Data Controller

 Porvoon Teollisuussähkö Oy (1080049-0)
Hereafter referred to as “the Company” in this policy


Data protection officer and/or contact person

Marcus Gustafsson
+358 400 373 656
 info@ptsoy.fi


Name of the personal data register

Porvoon Teollisuussähkö Oy customer and marketing register

This Privacy Policy applies to our website, marketing, customer relationship management, and the processing of personal data related to the products and services we provide.


Collected personal data and data sources

We collect personal data necessary for managing customer relationships.


Data category – Examples of data content

  • Identification and contact details – Customer’s and/or representative’s name and contact information.
  • Information related to products, services, orders, and customer communication – Order details, delivery times, and information related to agreements, invoicing, customer communication, and complaints.
  • Information related to marketing (including direct marketing) and events, as well as consents and restrictions given by the data subject – Contact details for marketing purposes, as well as data collected in connection with events. Consents and refusals regarding direct marketing.
  • Information on the use of websites and other electronic services – IP address, electronic communication identifiers, search and browsing data, browser and operating system information, and registration details.

We collect personal data from the data subject, from publicly available official registers, and other external sources such as the Trade Register or similar public company registers. In addition, we collect information submitted via contact forms and use it for the above-mentioned purposes related to customer relationship management.


Purpose and legal basis for processing personal data

Personal data is processed within the limits permitted by applicable law for the following purposes:

  • Delivery of products and services and execution of customer contracts (contractual relationship or preparation thereof)
  • Customer relationship management (legitimate interest)
  • Service information and advice (legitimate interest)
  • Web service testing (legitimate interest)
  • Development of products and services (legitimate interest)
  • Collection and analysis of user statistics (consent, legitimate interest)
  • Improving the user experience of our website and other services (consent, legitimate interest)
  • Invoicing, credit decisions, and debt collection (legitimate interest)
  • Marketing communications (legitimate interest)
  • Direct marketing, including electronic and telephone marketing, as well as planning and measuring advertising and marketing effectiveness, and combining/updating personal data for direct marketing purposes (legitimate interest, consent)
  • Stakeholder management, subcontracting, and cooperation with service providers (legitimate interest, contractual relationship or preparation thereof)
  • Internal reporting and other administrative measures (legal obligation)
  • Warranty and defect liability management, handling of complaints, and participation in legal and regulatory proceedings (legitimate interest)
  • Prevention and investigation of misuse, and ensuring data security, as well as the safety of people and property (legitimate interest)
  • Fulfilment of other statutory obligations (e.g. accounting and tax-related actions, reporting obligations)


When processing is based on consent, the data subject may withdraw consent at any time by notifying the above-mentioned contact person.

Processing of personal data may also be necessary to safeguard the legitimate interests of the Company and the data subject’s customer relationship. The Company has a legitimate interest to process personal data for marketing, service and customer analysis, and service testing. Marketing purposes may also involve profiling. In such cases, the data subject has the right to object to the processing. When processing is based on legitimate interest, we have assessed the benefits and potential disadvantages to the data subject and concluded that the data subject’s rights and interests do not override our legitimate interest. More information about legitimate interest–based processing is available upon request.


Processors of personal data

Access to personal data is restricted to persons responsible for managing customer relationships and marketing.


Recipients of personal data

In the processing of personal data, various service providers and other third parties may also be used, such as providers of technical solutions, server space, or accounting and financial administration services. We ensure compliance with data protection legislation by entering into necessary agreements with such parties.

Personal data may be disclosed to third parties when required by law or authorities, or for the investigation of misuse and ensuring security. Personal data may also be disclosed in connection with legal proceedings or similar processes.

If the Company is involved in a merger, business acquisition, or other corporate restructuring, personal data may be disclosed to the parties of the arrangement or those assisting in the arrangement.

Further information on recipients of personal data is available upon request.


Transfer of personal data outside the European Economic Area

Personal data is not transferred outside the European Union or the European Economic Area unless necessary for technical implementation of the service. In such cases, we ensure that the required level of data protection under data protection legislation is met, along with other necessary safeguards.

Further information on transfers and safeguards is available upon request.


Cookies

We use cookies and similar technologies on our website. A cookie is a small text file that a browser stores on a user’s device. Cookies contain an anonymous, unique identifier that allows us to recognize and count different browsers visiting our site. The purpose of using cookies and similar technologies is to analyze and further develop our services to better serve users and to target advertising. Users can manage their consent through the cookie tool available on our website.


Data protection

We protect personal data with appropriate technical and organizational measures. Data is collected into databases protected by firewalls, passwords, and other technical means. Databases and their backups are located in locked and guarded facilities, and only designated persons have access to the data.


Storage and disposal of personal data

Personal data is stored as long as necessary for the purpose for which it was collected and processed, for the execution of a contract, or as long as required by law and regulations. After this, personal data is destroyed appropriately.


Rights of the data subject

The data subject has the following rights:

  • Right of access – The data subject has the right to confirm whether their personal data is being processed and to receive information in accordance with data protection legislation. They also have the right to obtain a copy of their data.
  • Right to rectification – The data subject may request correction of incomplete or inaccurate data.
  • Right to erasure – The data subject may request deletion of data when there is no legal basis for processing independent of their consent.
  • Right to restriction of processing – The data subject may request limitation of processing, for example if the accuracy or lawfulness of the data is contested, or based on the right to object.
  • Right to object – The data subject has the right to object to the processing of their data for direct marketing purposes based on the Company’s legitimate interest.
  • Right to data portability – The data subject may request the transfer of data to another controller. This applies to personal data provided by the data subject in a structured, commonly used, and machine-readable format, when processing is based on consent or a contract, and/or is carried out automatically.
  • Right to withdraw consent – Where processing is based on consent, the data subject may withdraw consent at any time. Withdrawal does not affect processing carried out before the withdrawal.


Requests regarding rights must be submitted in writing or by email to:

Porvoon Teollisuussähkö Oy
Request for inspection/other personal data request
Marcus Gustafsson
+358 400 373 656
 info@ptsoy.fi


The requester’s identity may be verified before processing the request. The Company responds within one month, unless there are specific reasons to extend the response time.

The data subject has the right to lodge a complaint with the competent supervisory authority if they believe their personal data has been processed in violation of data protection legislation.

Contact details of the Finnish Data Protection Authority can be found here.