Privacy policy

PRIVACY POLICY
General Data Protection Regulation 2016/679

1. Controller

Stala Oy
Taivalkatu 7
FI-15170 Lahti, Finland
Tel. +358 3 882 110
www.stala.com

2. Contact person for matters related to the data file

Data file contact person:
Merja Piirainen
Taivalkatu 7
FI-15170 Lahti, Finland
merja.piirainen@stala.com


3. Name of the data file

Stala Oy customer, user and marketing data file

4. Purpose of data file and personal data processing

Personal data will be processed in connection with orders, loans, invoicing, debt collection, communication, transactions, customer surveys, service development, reporting, marketing and other measures related to customer relationships and potential customers.

Any purchase and transaction data as well as location data processed in connection with the data file, may be used for profiling and tailoring marketing measures and customer communications to the interests of the data subject. Personal data will also be processed in order to send newsletters and event invitations as well as for participation in other marketing measures.

5. Data file content and categories of personal data

The categories of personal data that may be processed include contact people of companies that are or were customers of the controller, potential customers, people who have contacted the controller, users of the Stala online shops, participants in Stala events or those who have opted in for marketing.

Any data relevant to the purpose of the data file belonging in the following data categories may be processed:

a) basic details of the companies that are or were or potentially could be customers of the controller, such as name and contact details (address, email address, telephone number, Business ID) and the names and contact details of their contact people;

b) information concerning the customer relationship between the controller and the data subject, such as orders, meetings and other facts relevant to the customer relationship, possible direct marketing opt-ins or opt-outs, and any other communication between the parties and information related to the customer relationship and services produced by Stala, such as customer satisfaction and marketing surveys;

c) registered purchases or transactions on the controller’s website, behaviour on the website and other similar activities, participation in events, information entered in relation to events, contact with customer service, contact with Stala employees, and services and newsletter subscription;

d) full name, and possible contact details of any data subject who registers for an event organised by the controller and any subsequent information entered in relation to said event. The details entered by the data subject when registering for an event may include the following data: email address, phone number, address, possible allergies, name of employer and job title.

6. Regular sources of data

Data entered by the customer, ERP and customer management system databases, user and transaction data related to websites, blogs and newsletters, customer service system data, user data from Stala online shops, partners, and companies that provide personal data services.

7. Regular disclosure of data

Personal data will not be transferred outside the European Union or European Economic Area.

8. Data file security principles

Data files are gathered into databases that are protected by firewalls, passwords and other technical methods. Server equipment is located in locked spaces that can only be accessed by Stala or service provider staff members. The data may only be accessed by Stala Group employees or persons authorised by Stala Group that require the data for their work. The data file is backed up securely, and it can be retrieved when necessary.


9. Rights to access and rectification

The data subject has the right to access their own data and the right to demand rectification of any inaccurate personal data.

The data subject who wants to gain access to their data must submit a hand-signed or similarly authenticated request to the controller or personally visit the controller.

Any requests for access should be sent in writing and signed to:
Stala Oy
Merja Piirainen
Taivalkatu 7
FI-15170 Lahti, Finland