Home
Privacy Policy

Privacy Policy

1. Data controller and contact details

Louhintahiekka Oy (hereinafter"Data Controller" or "we")

Business ID: 0110989-2

Address: Tuotantotie 1, 04300 Tuusula, Finland

Email: louhintahiekka@louhintahiekka.fi

2. General

This privacy policy describes how we process personal data related to our customers, potential customers and other stakeholders, such as our suppliers and subcontractors, contact persons/representatives, as well as our job applicants and users visiting our websites.

3. Purpose and legal basis of data processing

We process personal data for the following purposes:

  • Customer relationship management and maintenance;
  • Management of contracts and projects;
  • Worksite feedback surveys;
  • Invoicing (incl. accounting and payment monitoring and collection);
  • Laskutus (sis. kirjanpito sekä maksujen valvonta ja perintä);
  • Marketing and event organisation;
  • Ensuring, maintaining, developing and analysing the functioning of our website, as well as targeting advertising;
  • Verkkosivujemme toiminnan varmistaminen, ylläpitäminen ja kehittäminen sekä verkkosivujen toiminnan analysointi ja mainonnan kohdentaminen;
  • Recruitment; and
  • Camera surveillance.

We do not use personal data for automated decision-making or profiling.

The legal basis for our processing of personal data under the EU's General DataProtection Regulation is:

  • Legitimate interest of the data controller with regard to
    • Management and maintenance of customer relationships and related invoicing and management of contracts/projects (conducting business as the legitimate interest)
    • Marketing and event management (promoting business as the legitimate interest)
    • The functioning of cookies necessary for the operation of our website(communicating via the communication network and ensuring data security as the legitimate interest)
    • Camera surveillance (protecting property and ensuring safety, as well as preventing and investigating situations that endanger them as the legitimate interest)
  • Legal obligation of the data controller in case of processing of personal data contained in accounting records (Accounting Act (1336/1997))
  • Data subject's consent in the case of
    • Functioning of non-essential cookies
    • Recruitment

4. The categories of personal data to be processed and their purpose

We process the following personal data:

  • Customers and stakeholders:
    • Name and contact details, such as (work) email address and (work) phone number
    • Represented organisation and position in it
    • Information related to or accumulated during the customer relationship and the management of contracts and projects, such as invoicing information and history
  • Marketing and events:
    • Name, (work) email address and (work) phone number
    • Represented organisation and position in it
    • Depending on the event, possibly information on any special diet and/or allergies
  • Website:
    • Information collected by cookies used on our website, such as IP address. The information collected by cookies is described in more detail on our website.
  • Recruitment:
    • Name and contact details of job seekers, as well as any other identifying information such as the date of birth
    • Recruitment-related information, such as a CV, job application and other information accumulated during the recruitment process
  • Camera surveillance:
    • Surveillance recordings and information on the time of recording. The surveillance area of the recording camera surveillance is indicated by signs.

The provision of personal data is not a legal or contractual requirement. However, the provision of certain personal data is a prerequisite for the conclusion and performance of the contract between us and the organisation represented by the data subject and for the performance of our services.

We receive the information primarily from data subjects themselves or from the organisation they represent by phone or email, for example, in connection with the performance of contracts and projects and during the customer relationship. We may also receive information from authorities and/or official registers, as well as from contact information service providers. Within the applicable law, we may also collect and update information from public sources, such as organisations' websites.

5. Disclosure of personal data

As a rule, we do not disclose personal data to third parties.However, personal data may be disclosed to the authorities based on our legal obligation. Personal data may also be disclosed within our Group when necessary for administrative reasons.

In our operations, we utilise external service providers, i.e. data processors, to whom we disclose personal data when they process data on our behalf for the purposes described in this privacy policy. Such data processors include, for example, our accountants and the service providers we use for financial administration and recruitment. Data processors may only use personal data in accordance with our instructions. Data processors are not entitled to use the personal data disclosed by us for their own purposes.

In the event of a security incident, data collected from camera surveillance may be disclosed to the authorities for the purpose of a pre-trial investigation in accordance with the Criminal Investigation Act (805/2011) or to an insurance company investigating the matter, for example.

6. Transfer of personal data outside the EU or the EEA

As a rule, we do not transfer personal data outside the European Union (EU) or theEuropean Economic Area (EEA).  

However, some of the data processors we use to process personal data or their sub-processors are based outside the EU or the EEA. In this case, we ensure the protection of personal data by ensuring that the European Commission has issued a decision on the adequacy of data protection in the country in question (the so-called equivalence decision), or, for example, by requiring the data processor to accept the standard clauses approved by the European Commission as part of the agreement between the data controller and the data processor.

7. Storage periods for personal data

We will only store personal data for as long and to the extent necessary for the purposes described in this privacy policy. The storage periods of the personal data we process are specified below:

  • Customer relationships and management of contracts/projects:
    • Personal data related to and/or accumulated during customer relationships and the management of contracts/projects are stored for the duration of the customer relationship in question and for 10 years after the end of the customer relationship. If we become aware of a change in the customer's contact person/representative, we will update the information accordingly.
    • Invoicing and accounting: personal data contained in the accounting material is stored for ten (10) years from the end of the accounting period to which the accounting material in question relates.
  • Marketing and events: Personal data related to marketing and events will be stored for a maximum of 10 years after the year in question. The data can be updated and deleted earlier, taking into account the duration and nature of the customer relationship, the need for the data, and whether the data is up to date.
  • Website: Personal data collected by cookies is stored as specified in more detail on our website.
  • Recruitment: Personal data related to recruitment is stored for one (1) year after the announcement of the selection decision.
  • Camera surveillance: A maximum of 100 days from the collection of the information, unless the continuation of storage is necessary for an investigation into a safety incident.

8. Right of data subjects

8.1. General

Data subjects may exercise the rights described in this section by contacting us.

In principle, we will submit a notification of measures taken on the basis of such a request no later than one month after its receipt. We will also inform the data subject if the request is not acted upon for some reason.

As a rule, no fee is charged for measures taken on the basis of a request related to data subjects’ rights.

In order to realise the rights of the data subject, we may need to request additional information from the data subject in order to verify their identify.

8.2. Right to access personal data

Data subjects may request information on whether personal data concerning them is being processed, as well as request information about the personal data collected about them. Data subjects have the right to receive a copy of the personal data pertaining to them.

8.3. Right to rectification

Data subjects may request the rectification or completion of their personal data if the data is inaccurate, erroneous or incomplete.

8.4. Right to erasure

Data subjects may request the deletion of personal data concerning them on the grounds laid down in the General Data Protection Regulation, for example, if the personal data is no longer necessary for the processing purposes for which it was collected. However, in some situations, we may not be able to delete personal data if we are required by law to store it or there is another legal basis for its storage.

8.5. Right to restrict processing

Data subjects may request the restriction of the processing of their personal data in certain situations defined by data protection legislation, for example if the data subject has contested the accuracy of the data, in which case the processing is restricted for the period required for us to verify its accuracy.

8.6. Right to object

Data subjects may object to the processing of their personal data if the processing is based on our legitimate interest. In this case, we may no longer process such personal data unless we can demonstrate that there are compelling legitimate grounds for the processing that override the rights of the data subject.

8.7. Right to revoke consent

Where the processing of personal data is based on the consent of the data subject, data subjects may revoke their consent at any time. If the data subject has given consent to the use of cookies, the consent can be withdrawn from the cookie banner found on the website.

8.8. Right to data portability

Data subjects may, under certain conditions specified in data protection legislation, ask us to provide them with the personal data that they have provided to us and to transfer it to another data controller.

8.9. Right to lodge a complaint with a supervisory authority

Data subjects may lodge a complaint with a national supervisory authority if they believe that we do not process their personal data properly or violate the rights of the data subject. A notification to Finland's national data protection authority, the Data Protection Ombudsman, can be made at www.tietosuoja.fi/ilmoitus-tietosuojavaltuutetulle. 

9. Changes to the Privacy Policy

This privacy policy may be updated if necessary due to changes in our operations or legislation.

We will submit a notification of any significant changes to the processing of personal data on our website and/or, if possible, by email.

This privacy policy was last updated on 30 July 2024.