Sepa Group

en Search

Privacy notice

Drawn up on 14 May 2018

Data controller

Sepa Oy, Vesannontie 7, FI-72600 Keitele, Finland.

Contact person for issues regarding the data file

Marketta Pellikka, tel. +358 20 762 8730. Please deliver any inquiries about the data file to Sepa Oy’s customer service at tel. +358 20 762 8700 or via email to sepa@sepa.fi.

Name of the data file

Sepa Oy’s customer and supplier data file

Purpose of the processing of the personal data

The purpose of the data file is to enable the management of customer relations and deliveries. Procurement of raw materials and services.

Content of the data file

The following personal data can be stored for the data subjects:
Customer registers: name and contact information for the customer making an order, and in cases where the customer is a company, the position or role of the contact person in the company and the company’s information including contact information. Time and content of communications.
Delivery sites: information including contact information for the recipient of a delivery.
Supplier register: the position or role of the supplier’s contact person in the company and the company’s information including contact information.
Reports on construction work: information required by the tax authorities.

Regular sources of information

Information is mainly obtained directly from the customer or the supplier. In addition, information is sourced from public providers of contact information, such as the Finnish Business Information System.

Regular disclosure of data

The information on the delivery sites is provided to the cooperating partners handling the transportation of deliveries. Statutory data, such as the information in the reports on construction work, are only disclosed to the appropriate authorities. When utilising a subcontractor, for example, for the maintenance of information systems and the management of backups, data can be transferred to such subcontractors only in the extent necessary in order to implement the service.

Transfer of data outside the EU or the European Economic Area

Sepa Oy does not transfer any data outside the EU or the European Economic Area. A subcontractor can transfer data contained, for example, in cloud-based services outside the EU or the European Economic Area in accordance with the data protection legislation.

Principles of protection of the data file

Personal data are stored as confidential information. Access to personal data is restricted only to the persons who are entitled to the information concerned in their work tasks. The data network and hardware of the data controller and the subcontractors on which the data files are stored, are protected by firewalls, management of access rights and other technical means.

Right to request access to personal data

The data subject has the right to access and inspect any personal data concerning him or her held in a personal data file.

Right to request correction of personal data

A data subject has the right to require that any incorrect personal data be corrected.

Other rights regarding the processing of personal data

In accordance with the General Data Protection Regulation, a data subject has the right to object to the processing of his or her personal data or to request that the processing of the data is restricted. A data subject is also entitled to request that his or her personal data be deleted if the data is no longer needed for the purposes for which it was collected.