UPCAST OY – Data Protection Description

General Data Protection Regulation, GDPR, became effective today, on the 25th of May 2018.

It means every company has had to take certain measures to assure that they follow this new regulation and make certain that their employees ́, customers ́, partners ́ and suppliers ́ privacy is respected as required.

In this Data Protection Description UPCAST OY will explain in detail how the company handles and secures the data in question in the following two areas:

  1. I  Privacy Notice / Customer Record Description
  2. II  Privacy Notice / Supplier Record Description

I Privacy Notice / Customer Record Description

1 Controller

UPCAST OY
Kuparitie 10, P.O.Box 60, FI-28101 Pori, Finland Tel. +358 207 577 400
upcast@upcast.com www.upcast.com (hereafter ”we” or ”company”)

2 Contact person for register matters

Hanna-Leena Mäkitalo
+358 207 577 422 hanna-leena.makitalo@upcast.com

3 Name of register

Customer and marketing register

4 What is the legal basis for and purpose of the processing of personal data?

The basis for processing personal data is the legitimate interest of the company based on maintaining customer relationship, information flow and the performance of contract.

The purpose of the processing of personal data:

  • delivery and improvement of our products and services,
  • fulfilment of contractual obligations and other undertakings of the company,
  • management of customer relations,
  • sending news about UPCAST ® technology and process and the latest developments
  • electronic direct mailing, e.g. for Customer magazines, quality feedback questionnaires, invitations for various events such as User Meetings and exhibitions.

5 What data do we process?

We process the following personal data of the customer or other data subject in connection with the customer register:

  • basic information of the data subject such as name, job title, the company name and address and customer number;
  • contact information of the data subject such as email address and phone number;
  • information regarding the company and its contact persons, such as business ID and names and contact information of the contact persons;
  • case by case (not in the permanent register) event participation details and possible information regarding the event, such as food limitations.

6 From where do we receive information?

We receive data primarily from the following sources e.g. from the data subject himself, from the population register, from the authorities, from credit information agencies, from contact information service providers and from other similar reliable sources.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

7 To whom do we disclose data and do we transfer data outside of EU or EEA?

We do not disclose data from the register to external parties other than the advertising agency who takes care of sending e.g. the quality feedback questionnaires and invitations on behalf and for us.

We do not disclose personal data outside of EU/EEA.

8  How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing the above mentioned (see point 5) personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

We store the personal data for as long as is necessary considering the purpose of the processing.

We regularly check and update the register and assess the need for data. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.

9  What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of erroneous, outdated, unnecessary or illegal data.

As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

10  Who can you be in contact with?

All contacts and requests concerning this privacy notice must be submitted in writing or in person to the person mentioned in section two (2).

11  Changes in the Privacy Notice

Should we make amendments to this privacy notice we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit our webpage and notice possible amendments to this privacy notice. Review these privacy protection principles from time to time to ensure you are aware of any amendments made.

II Privacy Notice / Supplier Record Description

1 Controller

UPCAST OY
Kuparitie 10, P.O.Box 60, FI-28101 Pori, Finland Tel. +358 207 577 400
upcast@upcast.com www.upcast.com (hereafter ”we” or ”company”)

2 Contact person for register matters

Hanna-Leena Mäkitalo
+358 207 577 422 hanna-leena.makitalo@upcast.com

3 Name of register

Supplier register

4 What is the legal basis for and purpose of the processing of personal data?

The basis for processing personal data is the legitimate interest of the company based on maintaining supplier relationship, information flow and the performance of contract.

The purpose of the processing of personal data:

  • delivery and improvement of goods and services ordered by us,
  • fulfilment of contractual obligations and other undertakings of the company,
  • management of supplier relations as well as our external supplier audits,
  • sending inquiries, Customer magazines or other news about UPCAST ® technology and process and the latest developments
  • electronic direct mailing, e.g. for invitations for various events such as User Meetings and exhibitions.

5  What data do we process?

We process the following personal data of the supplier or other data subject in connection with the supplier register:

  • basic information of the data subject such as name, job title, the company name and address and customer number;
  • contact information of the data subject such as email address and phone number;
  • information regarding the company and its contact persons, such as business ID and names and contact information of the contact persons;
  • case by case (not in the permanent register) event participation details and possible information regarding the event, such as food limitations.

6  From where do we receive information?

We receive data primarily from the following sources e.g. from the data subject himself, from the population register, from the authorities, from credit information agencies, from contact information service providers and from other similar reliable sources.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

7  To whom do we disclose data and do we transfer data outside of EU or EEA?

We do not disclose data from the register to external parties other than the advertising agency who takes care of sending e.g. the quality feedback questionnaires and invitations on behalf and for us.

Should the project work to be carried outside EU/EEA specifically require personal data of an employee of our subcontractor we can transfer that data with a consent received from the subcontractor for their employee in question. We do not keep any register of the employees of our subcontractors. We have taken care of suitable safeguards for the transfer. We use standard contractual clauses accepted by EU.

8 How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data mentioned in section five (5). Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

We store the personal data for as long as is necessary considering the purpose of the processing.

We regularly check and update the register and assess the need for data. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.

9 What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of erroneous, outdated, unnecessary or illegal data.

As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

10 Who can you be in contact with?

All contacts and requests concerning this privacy notice must be submitted in writing or in person to the person mentioned in section two (2).

11 Changes in the Privacy Notice

Should we make amendments to this privacy notice we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit our webpage and notice possible amendments to this privacy notice. Review these privacy protection principles from time to time to ensure you are aware of any amendments made.