This is the privacy statement and registry description of Nordic Plast Oy, in compliance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created on 8.11.2024.
1. Data Controller
Nordic Plast Oy, Painotie 25, 29250 Nakkila, Finland.
2. Contact Person for Registry
Ville Laitinen, ville.laitinen@europlast.fi
3. Registry Name
Nordic Plast Oy’s customer, marketing, and web service user registry.
4. Legal Basis and Purpose of Data Processing
The legal basis for processing personal data under the GDPR includes:
- Consent (documented, voluntary, informed, and unambiguous)
- Contractual necessity where the data subject is a party
- Fulfillment of public duties, if applicable
- Legitimate interest of the controller (e.g., customer relationship, employment, or membership).
The purpose of data processing includes customer communication, relationship management, and marketing. No automated decision-making or profiling is applied.
5. Data Content in the Registry
Stored data includes: name, position, company/organization, contact details (phone number, email, address), website URLs, IP address, details of subscribed services, billing information, and other relevant customer relationship and service-related data.
6. Regular Data Sources
Data is collected from the customer via web forms, emails, phone calls, contracts, customer meetings, and other situations where the customer provides their information.
7. Regular Data Disclosures and Transfers Outside the EU or EEA
Data is not regularly disclosed to third parties. It may be published if agreed with the customer. Data may be transferred by the controller outside the EU or EEA if necessary.
8. Principles of Registry Security
Data handling follows strict care protocols, with digital data secured appropriately. When stored on internet servers, physical and digital security measures are provided by the service provider. Access to data and usage rights are limited to employees whose job descriptions include handling such data.
9. Right to Access and Correct Data
Individuals in the registry have the right to review their stored data and request corrections or additions. Written requests should be sent from the registered email address. Verification of identity may be requested. The controller responds within the timeframe set by the GDPR (usually within one month).
10. Other Data Processing Rights
Individuals may request the deletion of their data (“right to be forgotten”). Requests should be sent from the registered email address. Identity verification may be required. The controller will respond within the timeframe set by the GDPR.