Content »
 
 

privacy policy

Cookie policy

Site is using cookies to ensure safety, and efficiency and usability of the site. We use Google Analytics to collect anonymous statistics on how visitors are using the site. We use the data to improve our services and the user experience.

Privacy Notice of Customer, Stakeholder and Marketing Register

1 CONTROLLER

Stera Group Oy
Tierankatu 5
20520 Turku

2 CONTACT DETAILS OF THE CONTROLLER

Tuija Tomberg
Phone: +358400919870
E-mail: tuija.tomberg@stera.com

3 PURPOSES AND BASES FOR PROCESSING OF PERSONAL DATA

Stera Group processes the personal data of its customers and stakeholders in order to fulfill its obligations under the agreements entered into with them. Based on a performance of a contract, data may be processed for the purpose of:

  • Providing, delivering, producing, and designing Stera Group's services and products;
  • Management and maintenance of the customer relationship between Stera Group and the customer, incl. handling orders and invoicing; and
  • Customer service and related communications.

This basis for processing also covers processing operations performed prior to entering a contract.

The processing of personal data for the following purposes necessary for Stera Group's business is justified by the factual connection between the data subject and Stera and is therefore in the legitimate interest of Stera Group:

  • Development of Stera Group's business, services and products;
  • Business reporting and related needs;
  • Development and monitoring of customer service and related communications and marketing;
  • Marketing by phone or mail, or job-based targeted marketing; and
  • Preventing and investigating abuses, making or defending legal claims.

Stera Group is required to retain some personal information of the customer or stakeholder in order to comply with accounting or other mandatory legislation. In this case, the retention of data is based on compliance with a legal obligation.

With the consent of the data subject personal data may be processed for the following purposes:

  • Delivery of a newsletter; and
  • Cookies that anonymously track the activities of website visitors.

4 DATA CONTENT OF THE REGISTER AND REGULAR SOURCES OF THE DATA

In the register under this statement, Stera Group processes information about its current and former customers, stakeholders, and their representatives, as well as other persons who have contacted Stera Group, for example via a website or by telephone. The register contains the following types of personal data:

  • Name and contact information such as email address and phone number, and details of the company represented
  • Information related to the customer relationship or other factual connection and contractual relationship, such as order and payment information, information related to the delivery of products and services, and customer history
  • Possible direct marketing consents and prohibitions as well as information on other communications between the parties, incl. contact requests submitted through websites
  • The IP address, device ID, and other cookie information of the person visiting the website
  • Allocation data generated on the basis of data from the Trade Register, the Population Information System or other similar registers

Mainly the information is obtained from the data subject themself in connection with events related to their customer relationship, use of services, communication, and other transactions.

Personal information may be collected and updated from publicly available information sources, such as corporate websites, trade register, population information system, credit register, or other similar registers. Information provided by other Stera Group partners, such as an insurance company, can also be added to the register. Information about visitors to the website is collected through cookies and other similar technologies.


5 RETENTION PERIODS

The data collected in the register shall be kept only for as long and to the extent necessary in relation to the original purposes for which the personal data were collected as described in paragraph 3. Personal data stored in the register will be deleted when there is no longer a legal basis for processing them.

6 TRANSFER AND REGULAR DISCLOSURE OF DATA

Data may be disclosed to third parties only within the limits and to the extent permitted by applicable law or with the separate consent of the data subject.

In principle, customer data is not transferred outside the European Union or the European Economic Area. As an exception, the information contained in the SteraLux installers mapping service application may be processed in the United States by an application service provider. The parties are committed to complying with the European Commission's model contract clauses and to ensuring the secure transfer of data and maintaining its reliability.


7 PROTECTION OF THE DATA

Only Stera Group employees, professionals bound by a non-disclosure agreement or subordinates of a partner who have the right to process personal data in the course of their work are entitled to use the system or digital material containing personal data. All persons using the information in the register are bound by professional secrecy. Any manual material will be kept in a locked room that can only be accessed by separately authorized persons. Movement in the workspaces is controlled.

The data is collected in databases that are protected by firewalls, passwords, and other technical means, including controlled granting and control of access rights, use of encryption techniques, guidance of personnel involved in the processing of personal data, and careful selection of subcontractors.


8 RIGHTS OF THE DATA SUBJECT

8.1 The right of access to information and the right to have it rectified

You have the right to receive a copy of your personal information stored by Stera. If there are any gaps or errors in your information, we should correct them immediately.

8.2 The right to delete data and "be forgotten"

In certain situations, the data subject has the right to request Stera to erasure the data concerning him or her. The right is also known as the right to be forgotten. You have the right to have your data deleted if the processing was based on your consent, the data has been processed unlawfully or is no longer needed for the purposes for which it was collected.

This right does not exist if the processing of the data is necessary for Stera to fulfill a legal obligation, to perform a task in the public interest, to exercise public authority or to establish, present or defend a legal claim.

8.3 The right to restrict the processing of personal data

In certain situations, you have the right to restrict the active processing of your data. You can request a restriction on processing, for example, when you are waiting for a response from Stera to a request to correct or delete your information.

8.4 The right to object the processing of personal data

You have the right to object to the processing of your personal data if the processing is based on tasks in the public interest, the exercise of official authority, or legitimate interests, and you have a reason to object to the processing based on your specific personal situation.

You also always have the right to object to the use of your information for direct marketing.

8.5 The right to data portability

You have the right to obtain the personal information you provide to Stera from us in a machine-readable form and to transfer it to another organization if the processing is based on consent or agreement and the processing is automatic.

8.6 Right to appeal to the supervisory authority

You have the right to complain to the supervisory authority if you believe that your personal data is being processed in breach of data protection law or Stera is otherwise acting in breach of its data protection obligations. The competent supervisory authority in Finland is the Office of the Data Protection Ombudsman.


9 EXERCISE OF RIGHTS

If you wish to exercise any of your privacy rights mentioned above, you can contact us using the contact details in section 2. In your message, please tell us at least what right you want to exercise and what personal information your request concerns. Please note that in order to exercise all your rights, we must be able to identify you and verify your identity in a reliable manner. In this case, the answers can be sent by registered mail and the Post will verify the identity of the recipient.

In principle, the exercise of data protection rights is free of charge. However, if the data subject's requests are manifestly unfounded or unreasonable or if the person makes them repeatedly, Stera Group may either refuse to comply with the request or charge an administrative fee of EUR 30.


10 CHANGES TO THE PRIVACY NOTICE

Stera Group reserves the right to change this privacy notice. An updated version of the privacy notice is always published on our website, and if the changes are significant, Stera will also notify its customers of the changes in other ways, such as by sending an email or posting a bulletin on the website.