This is the data protection and privacy policy of Profile Vehicles Oy based on the EU General Data Protection Regulation (2016/679) and the Finnish Data Protection Act (5.12.2018/1050). Drafted on 20.06.2019. Last modified on 18.03.2021.

1. Personal data processor / Registrar

Profile Vehicles Oy
Yrittäjäntie 1
74130 Iisalmi, Finland
+358 17 821 7411
info@profilevehicles.com

2. Contact person in matters concerning data protection

Johanna Repo
+358 44 721 7450
johanna.repo@profilevehicles.com

3. Purpose of Processing Personal Data

Profile Vehicles Oy uses personal data for customer management, production and delivery of services, financial and personnel management, product development, marketing and communication, and for fulfilling legal obligations.

4. Data Content and Data Sources

The register may include the following data: name, position, company/organization, contact details (phone number, email address, address), website addresses, information on ordered services and changes to them, billing details, and other data related to customer relationships and ordered services. Cookies may also collect IP addresses or similar identifiers, as well as user activities on the company’s web service.

Data recorded in the register is collected from customers through web forms, emails, phone calls, contracts, customer meetings, and other instances where customers provide their data.

For personnel management, we process personal data including employee or applicant details, background and application data, payroll information for fulfilling employment-related obligations and rights, and any additional background information necessary for meeting employer responsibilities.

5. Legal Basis for Processing Personal Data

We ensure there is always a lawful basis for processing personal data. We process personal data on various grounds, but always with at least one legal processing basis as defined by law.

We process customer register data to fulfill contracts and based on legitimate interests to provide and deliver our services, manage customer relationships, develop services, market and communicate our services, and handle customer feedback. Data may also be processed based on consent, which can be withdrawn at any time if it is the sole basis for processing personal data.

6. Regular Disclosures of Data

Contact information of individuals in the register may be disclosed, as needed, to third parties necessary for service delivery in a confidential manner and based on agreements. Data may be disclosed to Profile Vehicles Oy’s subcontractors confidentially to deliver services and to advance the objectives mentioned in this privacy policy, adhering to the practices outlined here. Depending on the service provider, the data may be stored within or outside of Finland in the data storages of the service providers utilized by Profile Vehicles Oy.

Data may also be disclosed outside the EU or the EEA. If data is transferred outside the EU, we ensure that the country has an adequate level of data protection as defined by the EU Commission, or the recipient has Privacy Shield certification for transfers to entities in the United States, using standard contractual clauses published by the EU Commission. Any data transfer is always carried out with a lawful basis and sufficient safeguards.

7. Use of Cookies

We use cookies on our website. A cookie is a small text file sent to the user’s computer and stored there, enabling the website administrator to recognize frequent visitors, facilitate logging into the site, and compile aggregate data on visitors. This feedback helps us continuously improve our website content. Cookies do not harm users’ computers or files. We use them to provide information and services tailored to individual customer needs. Most web browsers allow users to disable cookie functionality. However, disabling cookies may affect the proper functioning of some of the services we provide on our site.

We use Google Analytics for visitor analysis. Google Analytics uses cookies to help the website analyze how users use the site. The cookie-stored data on website usage (including the IP address) is sent to and stored on Google’s servers, which may be located outside the EU. Google uses this information to evaluate website use, compile reports on website activity for site operators, and provide other services related to website activity and internet use. Google may also transfer this information to third parties if required by law or if such third parties process the information on Google’s behalf. Google does not associate your IP address with other data held by Google. By using the website, you consent to Google processing your data as described and for the purposes set out above.

8. Principles of Register Protection

The processing of the register is carried out carefully, and data processed through information systems is properly protected. When data is stored on internet servers, both physical and digital data security of the equipment is adequately managed. The data controller ensures that the stored data, server access rights, and other critical personal data security-related information are processed confidentially and only by employees whose job description includes this.

9. Rights of the Data Subject

The EU General Data Protection Regulation (2016/679) provides the data subject with the following rights:

• Right to withdraw consent: the data subject has the right to withdraw their consent at any time.
• Right to access data: the data subject has the right to obtain confirmation from the data controller on whether their personal data is being processed.
• Right to rectification: the data subject has the right to request the correction of inaccurate data in the register. Correction requests must be made in writing.
• Right to erasure: the data subject has the right to request the erasure of their personal data if one of the following applies:
  • The data is no longer needed for the purposes for which it was collected or otherwise processed.
  • The data subject withdraws their consent, and there is no other legal basis for the processing.
  • The data subject objects to the processing, and there are no overriding legitimate grounds for the processing.
  • The personal data has been processed unlawfully.
  • The personal data must be erased to comply with a legal obligation based on Union or Member State law applicable to the data controller.
• Right to restrict processing: the data subject has the right to restrict processing if one of the following applies:
  • The data subject disputes the accuracy of the personal data, restricting processing for a period that allows the data controller to verify the accuracy.
  • The processing is unlawful, and the data subject opposes the erasure of the data and requests the restriction of its use instead.
  • The data controller no longer needs the personal data for processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.
  • The data subject has objected to processing under Article 21 pending verification of whether the data controller’s legitimate grounds override those of the data subject.
• Right to data portability: the data subject has the right to receive in a machine-readable format the personal data they have provided to the data controller, where the processing is based on consent and carried out by automated means.

10. Automated Decision-Making

No automated decision-making is carried out based on the data.