Data Protection Statement
NAVA-Sähkö Oy (FI18682943)
+35850 407 3372
Collected Personal Data
We collect the necessary personal data for managing customer relationships, such as the customer's name and contact information, as well as user data for service usage. We gather personal data from the registered individual themselves and from other publicly available authorities' registers and external sources, such as the business register or similar public corporate registers. Additionally, we collect information provided by users of contact forms and use it for the aforementioned purposes related to maintaining customer relationships.
Purpose of Processing and Legal Basis for Processing Personal Data
We process personal data within the limits allowed by current legislation for purposes including testing web services, managing customer relationships, informing about services, and providing advice. We may use the registered individual's data for gathering user statistics and analyzing them. Collected data may also be used for marketing communication. The processing of personal data for marketing communication is based on the consent provided by the individual through contact forms. Direct marketing will cease upon the customer's request. The individual has the right to withdraw their consent at any time by notifying the designated contact person. Processing personal data may be necessary to fulfill the legitimate interests of the Company and the registered individual's customer relationship, marketing, service, and customer analysis, as well as service testing. Marketing purposes may involve profiling, and in such cases, the registered individual has the right to object to the processing of their personal data.
Access to personal data is restricted to individuals responsible for managing customer relationships and marketing.
Personal data will not be disclosed to third parties or transferred outside the European Union or the European Economic Area, unless it is necessary for the technical implementation of the service. In situations where data is disclosed or transferred, the level of data protection required by data protection legislation and other necessary security measures will be followed.
Protection of the Register
We protect personal data with appropriate technical and organizational measures. The data is stored in databases that are protected by firewalls, passwords, and other technical security measures. Databases and their backups are located in locked and guarded facilities, and access to the data is restricted to specific, pre-designated individuals.
Retention and Erasure of Personal Data
We retain personal data for as long as it is necessary for the purpose for which it was collected and processed or for the fulfillment of a contract or as long as required by law and regulations. After this, personal data is appropriately destroyed.
Rights of the Registered Individual
The registered individual has the following rights:
- The registered individual has the right to request access to their personal data, to the extent permitted by trade secrets and internal assessments. Requests for access should be sent in writing and signed to the designated contact person, and the individual must provide reliable identification.
- The registered individual may request the correction of incomplete or inaccurate data.
- The registered individual may request the deletion of data when there is no legal reason or independent consent for its processing.
- The registered individual has the right to restrict the processing of personal data if its accuracy or lawfulness requires it, or in accordance with the right to object, the registered individual requests the restriction of the processing only for data retention.
- The registered individual has the right to object to the processing of data for direct marketing purposes based on the Company's legitimate interest.
- The registered individual may request the transfer of data to another data controller if it is safe and technically feasible.
- The registered individual must send requests for their rights in writing or by email using the contact details in section 1.
The Company will respond to requests within 1 month of receiving the request, unless there are specific reasons to extend the response time.