Lentotehdas Oy’s Data Protection Statement
This Data Protection Statement of Lentotehdas Oy complies with the Personal Data Act (paragraphs 10 and 24) and the EU General Data Protection Regulation (GDPR). Created on 12 September 2019
Hermannin rantatie 9, PO Box 39
00580 Helsinki, Finland
- Contact person in matters related to the register
Lentotehdas Oy, Mauri Väistö, +358 40 712 2044, firstname.lastname@example.org
- Name of the register
Customer and newsletter register of Lentotehdas Oy.
- Purpose of processing personal data
Lentotehdas Oy collects personal data in order to serve its customers with useful targeted and customised services. The purpose of processing personal data is marketing through traditional channels, such as direct marketing, marketing through electronic means and text messages, if the customer has not specifically forbidden marketing.
The persons in the register may be approached via e-mail about the topical matters, events, products or services of Lentotehdas Oy and its cooperation partners. The user’s personal data will be processed confidentially and they will not be disclosed to third parties without the customer’s consent.
- Data content of the register
A customer register may contain the following customer data:
a person’s name, contact details (telephone number, e-mail address, address), year of birth, gender, customer number, network connection’s IP address, cookies from the website, location information, usernames/profiles in social media services, information of ordered services and their changes, billing details, behavioural data related to marketing text messages and online content as well as information on ordered services.
The customer’s data stored in the register is provided by the customer through online forms, e-mails, telephone, social media services and/or in other contact.
On our website, we use a Facebook pixel that, in practice, means a string of code on our website with which we remarket the website on Facebook. The pixel enables showing advertisements to the correct people and creating target groups for advertising. The pixel doesn’t individualise visitors as persons, the visitors remain anonymous to the online service’s producer. We also use the pixel to measure the efficiency of our Facebook advertising. Read more about the Facebook pixel: https://www.facebook.com/business/help/742478679120153
- Regular data sources
A person in the register has submitted their contact details through a form at fööni.fi, purchased services through Lentotehdas Oy’s corporate sales, filled in a form manually or otherwise expressed their consent to be added to the register and to disclose their data (see section 7). Contact and customer details can also be collected using different competitions and marketing campaigns.
A person can at any time erase their data from the newsletter register using a link on the newsletter or by sending an e-mail to email@example.com.
- Regular disclosures of data
Data is not disclosed to external parties unless it is requires to provide successful communications and customer services and in these cases, only taking into account the requirements of the GDPR. Personal data collected by Lentotehdas Oy may be disclosed to Kiitsa Oy. Kiitsa Oy provides the café services in the lobby of Lentotehdas Oy and catering services to the customers of Lentotehdas Oy. Kiitsa Oy may use the disclosed personal data only in order to serve the customers of Lentotehdas Oy. In addition, Avalon Oy may collect data on behalf of Lentotehdas Oy and data may be disclosed to Avalon Oy or another marketing agency. A marketing agency may use the disclosed or collected data only to manage the communications of Lentotehdas Oy.
- Transferring the data outside the EU or EEA region
The data of the register will not be transferred outside the EU and EEA region.
- Principles of protecting the register
The persons processing the data in the register are bound by professional secrecy and have received an orientation to using the register.
The contact details are stored in the CRM system of Lentotehdas Oy.
Lentotehdas Oy’s information network and equipment on which the register is located is protected by a firewall and other necessary technical measures.
- Right to access and right to object
A customer’s data may be erased on the customer’s demand or because the customer relationship has ended. Written requests to erase the data must be sent to the controller to the address firstname.lastname@example.org.
If necessary, the controller may ask the person making the request to prove their identity. The controller will respond to the customer within the time specified in the GDPR (mainly within a month).
The customer has the right to object to the disclosing and processing of personal data for direct and other marketing.