Sekretess för data
Vi har uppdaterat Etras sekretess policy för att ge dig en bättre uppfattning om vilken sorts information vi samlar och för vilket ändamål. Vidare utvecklar vi våra integritetgransknings inställningar och övriga administrations verktyg för att skydda din information och integritet. Grunden för dessa uppdateringar ligger i EU General Data Protection Regulation (GDPR). Mer information om GDPR hittar du på https://tietosuoja.fi/sv/framsida.
ETRA Privacy Statement
The purpose of this privacy statement is to describe the practices of Etola AB with respect to collecting, processing, protecting and storing of personal data. The privacy statement further describes the collecting of cookies and the rights of customers, suppliers and other cooperation partners. Etola AB is part of Etola Group and Etra Oy Finland.
Collecting of personal data
Personal data is such data, which may be either directly or indirectly connected to a person.
Etola AB collects personal data only for a specified legal purpose and does not use the data at a later time for any other purposes.
Register form descriptions are available at https://www.etra.se/sv/foretag/sekretess-for-data
Etola AB collects the following personal data:
- Basic information: [First name, family name, title or role in company, address, phone number, e-mail address, sales and purchase history]
- Information related to the customer relationship, such as information related to orders and services, invoicing, payments and credit ratings, marketing licenses and bans, customer references and e-mails.
- Information generated when providing services, such as information on the forwarding of e-mails, calls and personal data contained in references.
- Other information that describe the use of the service such as information collected by cookies or similar when visiting the website.
- Information related to the recognition of the customer, such as logging information (excluding passwords)
- Other information specified and collected in connection with the data subject’s consent
Processing of personal data
In the processing of personal data, the Finnish legislation currently in force, the EU General Data Protection Regulation and other instructions and regulations given by the authorities are followed.
Personal data is be processed in accordance with the relevant laws and in a way that is appropriate and transparent. Personal data retained in the personal data file is appropriate, essential and restricted to what is necessary to fulfill the purpose for which the data is processed.
All stored personal data is accurate and up to date. The information is updated as necessary. Every possible and reasonable action is be undertaken with regard to personal data in order to delete or correct inaccurate or erroneous personal data without undue delay.
Personal data is stored for only as long as it is necessary for carrying out the purposes of data processing.
Personal data is processed in a way and protected by appropriate technical or organizational measures that ensure the proper security of the personal data, including protection against unauthorized and unlawful processing, disappearance, destruction or damaging occurring by accident.
Personal data is processed only by the appropriate persons of Etola AB the subcontractor and the cooperation partners. The employees of Etola AB the subcontractors and the cooperation partners are subject to non-disclosure agreements or confidentiality obligations regarding the personal data. Access rights to data systems containing personal data are constantly maintained and monitored.
Use of personal data
Etola AB collects and processes personal data that is used in business operations, customer service, collaboration with suppliers and in appropriate commercial actions.
The processing of personal data is usually based on an agreement entered into with Etola AB or on a legitimate cause. The processing of personal data may also be based on other grounds, such as consent or legislation.
Etola AB processes personal data for the following purposes:
Carrying out services and maintaining customer relationships: Service and collaboration require the processing of customers’, suppliers’ and cooperation partners’ personal data for the purposes of identifying the users, processing and delivering orders, purchasing services, invoicing, controlling credits, collecting charges, customer service, solving failures and defects, and handling claims and complaints. In addition, personal data is used for customer communication, notifications related to services and contacting customers and suppliers as required by business operations.
Sales and marketing: The data file of customer data is used and processed for marketing purposes, for example, in order to define target groups for marketing. The use and processing of the data in the data file is always within the limits of the legislation in force. Personal data may also possibly be used for targeted offerings of services and personalization.
Development and analyzing: Personal data is processed internally in order to develop our products, services, processes, customer relationships and business operations.
Data security and abuse of personal data: Personal data may also be processed in order to attend to the data security of our services and to discover and prevent abuse and fraud as necessary.
With regard to court proceedings or upon request of an authority pursuant to applicable law or court order, in connection with a trial or a process in the authority. The data may also be submitted to a competent authority such as the police or emergency authority to the extent provided by law.
In business transactions such as mergers and different kinds of asset purchases and transfers.
For other purposes to which consent has been received: Personal data may also be processed for other purposes to which the person has given their consent.
In all of the above mentioned situations the personal data is processed only within the scope required by the purpose of the processing and the protection of privacy of the person concerned is considered.
In Etola AB personal data is processed only for a predetermined purpose. Data collected from different services for the same purpose may be combined, as necessary. Personal data is never processed in a way that is unsuitable with respect to the determined purpose of processing.
The storage of cookies may be prevented by changing the browser settings, which may in some cases cause the browsing of the website to slow down or block access to some websites.
Data collected through cookies is typically used for the following purposes:
Functional cookies and service production: Cookies are essential as regards the functioning of websites and online services and they ensure a smooth user experience. For example, user account information, passwords and personalization settings do not have to be inserted with every log-in.
Analyzing: Cookies are used for statistic monitoring of attendance of websites and of online services, and for calculating the effectiveness of advertising. Data may be collected from, for example, marketing e-mails and newsletters in order to find out whether the messages have been opened and whether any actions have been taken on the basis thereof, such as website visits.
Targeted marketing: Cookies also allow the collecting of data for the purpose of producing targeted advertising or content by creating different target groups.
The data obtained by using cookies may, within the limits allowed by legislation, possibly be combined with data obtained elsewhere, for instance in connection with the use of services.
Storing of personal data
Personal data is stored in the data systems of Etola AB, some of which are created in collaboration with subcontractors. The cooperation partners of Etola AB are system providers and they process personal data on behalf of Etola AB on the basis of a written assignment. These third parties may not use the personal data for any other purpose than to provide the service agreed with Etola AB. When using subcontractors the subcontractors are obliged to ensure that the processing of personal data is performed in accordance with this Privacy Statement. All personal data is returned or deleted permanently by the subcontractors once the processing assignment is complete.
The subcontractors that process personal data on behalf of Etola AB may be located in Finland or elsewhere in the European Union. Personal data may in some cases also be processed outside the European Economic Area, but the customer’s consent shall always be obtained in such cases. We nevertheless ensure and obligate our cooperation partners to process personal data in accordance with the legislation in force.
Personal data is stored only for as long as it is necessary for the needs and purposes described in the Privacy Statement, unless otherwise stated in law. Outdated or unnecessary data is not stored and we seek to ensure that any personal data or other customer and supplier data is up to date and correct.
Securing of personal data
Etola AB constantly works to secure the rights of persons and ensures the security of personnel, information, data systems, internal and common communication networks, and of offices and utility services rooms.
In order to ensure the safety of personal data, Etola AB surveys potential threats, considers possible risks to the protection of privacy and business operations, and surveys technical possibilities to enhance security. The above mentioned measures are taken in accordance with applicable legislation, regulations given by the authorities, and contractual obligations.
The rights of a person
Pursuant to legislation, a person has the right to
- Check whether his or her personal data is being processed and whether the processing is compliant with the legislation in force. An inspection may be initiated by contacting Etola AB management in charge of data protection/contact person in data protection matters (see contact information below).
- Obtain information about the personal data being processed.
- Request correction or deletion of incorrect, unnecessary, insufficient, or outdated personal data.
- Prohibit the use of personal data for the purposes of direct marketing and market or opinion polls.
- Prohibit publishing and transferring of personal data and contact information for contact information services.
- Cancel the consent to process personal data when processing is based on consent.
If personal data is deleted from the systems, the following services may not necessarily be provided to the person:
- Customer service
Should the person consider that Etola AB’s actions violate this Privacy Statement or the current legislation in force, the person has the right to file a complaint. The complaint may also be filed to the Finnish Data Protection Ombudsman or to the Finnish Communications Regulatory Authority. Contact information regarding the filing of a complaint can be found at the end of this Privacy Statement.
Etola AB is a part of Etola Group. With respect to matters relating to the processing of personal data or the Privacy Statement please contact the Etola Group data protection management:
Tony Sandberg, ICT Manager, Etola Group
tel. +358 408283035
ETRA Privacy Statement of customer & marketing register
In this document, we are giving information to you, the data subject, about the processing of your data and the rights of the data subject, in accordance with the EU General Data Protection Regulation.
The controller of the customer register is Etola AB [Business ID: 559278257601]
Etola AB is part of Etola Group and Etra Oy Finland
The contact person in matters related to the filing system is:
Krister Nyman, CEO
Norregårdsvägen 20, 54134 SKÖVDE
2 Name of the filing system
The name of the filing system is Etola AB´s Customer & Marketing Register.
3 Purposes of processing personal data
Personal data is processed for purposes relating to the administering, management and developing of customer relationships, offering, selling and delivering services and products, and development and invoicing of services and products. Personal data is also processed for purposes of handling notices of defects and other claims.
In addition, personal data is processed for the purposes of customer communications, such as announcements and news reporting, and marketing, including direct marketing and electronic direct marketing.
The customer has the right to forbid direct marketing targeted at them.
The controller processes the data by itself and it uses subcontractors that operate on the controller’s behalf and in its name to process the personal data.
4 Legal basEs for the processing of personal data
Pursuant to EU’s General Data Protection Regulation (hereinafter also the “GDPR”), the legal bases for the processing of personal data are the following:
(a) the data subject has given their consent to the processing of their personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
The above mentioned legitimate interest pursued by the controller is based on a relevant and appropriate relationship between the data subject and the controller resulting from situations such as where the data subject is a client [or a potential client] of the controller, and where the data subject can at the time and in the context of the collection of the personal data reasonably expect that processing for that purpose may take place.
5 Data content of the FILING SYSTEM [Personal data groups being processed]
The filing system contains the following personal data of the data subjects:
- basic information and contact information: [first name, last name, address, phone number, e-mail address];
- information relating to the data subject’s company or other organization and position or title in the company or organization in question;
- direct marketing permissions and prohibitions.
6 Regular sources of information
Personal data is collected from the data subject.
Personal data is also collected and updated within the limits of applicable legislation [from publicly available sources, which relate to the enforcement of the customer relationship between the controller and the data subject, and by means of which the controller carries out its duties relating to the maintaining of customer relationships.]
7 Storage period of personal DATA
The collected personal data shall be stored only for as long as and to the extent that is necessary in relation to the original and compatible purpose for which the personal data has been collected.
The controller shall regularly evaluate the need to store the data [in accordance with internal practice]. In addition, the controller shall take every reasonable step to ensure that personal data that is inaccurate, erroneous or outdated for the purposes of processing, shall be deleted or rectified without delay.
8 The recipients of personal data (categories of recipients) and regular disclosure of data
Data is not disclosed to third parties, with the exception of Etola AB ICT-services and marketing communications contractors that are obligated by the supply and framework agreements to adhere to the guidelines set by Etola AB, as well as the rules and regulations of the EU General Data Protection Regulation and the current legislation.
9 Transfer of data outside EU or EEA AREA
The data included in the filing system may be transferred outside EU or EEA. [When transferring personal data outside the EU or EEA, the controller follows the model contract clauses adopted by the European Commission regarding transfer of personal data to third countries.]
10 Security principles of the filing system
Material containing personal data is kept in locked premises to which entry is granted only to appointed and authorized persons for carrying out their work assignments.
The database containing personal data is on a server which is kept in locked premises to which entry is granted only to appointed and authorized persons for carrying out their work assignments. The server is protected by an appropriate firewall and technical security.
All databases and information systems are accessible only with individual and personal login information [username and password]. The user rights and authorizations to the information systems and other data carriers are restricted by the controller, so that the information can only be viewed and processed by persons who are legally admitted and required to do so. In addition, all interactions on the databases and systems are registered to the log data of the controller’s IT system.
The employees and other personnel of the controller have committed to comply with professional secrecy and concealment regarding the information received in connection with processing of personal data.
11 Rights of the data subject
Pursuant to the GDPR, the data subject has the following rights:
- the right to obtain confirmation as to whether or not personal data concerning the data subject is being processed by the controller, and where that is the case, access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipient to whom the personal data has been or will be disclosed; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where the personal data is not collected from the data subject, any available information as to its source. This form is used to give the data subject the basic information described in (i)–(vii);
- the right to withdraw their consent at any time without it affecting the lawfulness of processing based on consent before its withdrawal;
- the right to obtain from the controller without undue delay the rectification of inaccurate and erroneous personal data concerning them and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement;
- the right to obtain from the controller the erasure of personal data concerning them without undue delay, provided that (i) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) the data subject withdraws the consent on which the processing is based, and where there is no other legal ground for the processing; (iii) the data subject objects to the processing on grounds relating to a particular personal situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes; (iv) the personal data has been unlawfully processed; or (v) the personal data has to be erased for compliance with a legal obligation in Union or national law to which the controller is subject;
- the right to obtain from the controller restriction of processing, where (i) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims; or (iv) the data subject has objected to processing on grounds relating to a particular personal situation pending the verification whether the legitimate grounds of the controller override those of the data subject;
- the right to receive the personal data that has been provided to the controller, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent meant in the regulation and the processing is carried out by automated means;
- the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data infringes the GDPR.
Requests concerning the data subject’s rights shall be addressed to the contact person of the controller referred to in Section 1.