Registry and privacy statement

This is Lametal Oy’s registry and privacy statement in accordance with the EU General Data Protection Regulation (GDPR). Created: September 1, 2022. Modified: September 1, 2022.

1. Data controller

Lametal Oy
Kaskenviertäjäntie 2
73100 Lapinlahti, Finland

2. Contact person responsible for the registry

Lassi Mehtonen
Chief Executive Officer
+358 44 758 6100
lassi.mehtonen@stark.fi

3. Registry name

Lametal Oy’s customer, marketing and stakeholder registry.

4. Legal basis and purpose of processing personal data

Company’s customer relationship management. Collected personal data can be used for marketing purposes to the extent allowed and required by the Personal Data Act. No data will be disclosed.

The data is not used for automated decision-making or profiling.

5. Registry data content

  • Name
  • Address
  • E-mail address
  • Phone number
  • Information regarding orders and requests for additional information

The web site visitors’ IP addresses and cookies necessary for the functionality of the service are processed based on legitimate interest to, for example, ensure data privacy and for the purpose of collecting site visitor statistics in cases where said data can be considered personal data. For third party cookies, consent is requested separately if required.

6. Regular sources of information

Information stored in the registry is received from customers by means of, for example, messages via web forms, email, phone, social media services, agreements, customer meetings and other situations where a customer discloses information.

Information of contacts of businesses and other organizations may also be collected from public sources, including web sites, directory services and other companies.

7. Regular disclosure of data and transfer of data outside the EU or EEA

No data will be regularly disclosed to other parties. Data can be published to the extent agreed upon with the customer.

8. Registry protection principles

The registry is processed with care, and all data processed with data systems are appropriately protected. When registry data is stored on online servers, the physical and digital security of the hardware is properly addressed. The data controller ensures that stored data, server access, and other information critical to the security of personal data is handled in confidence and only by employees whose job description requires handling said data.

9. Right of inspection and right to demand rectification

Every person in the registry has the right to review their personal data stored in the registry and demand rectification of any inaccuracies or omissions in their data. Should a person want to review or demand correction to their stored personal data, a personally signed written request should be submitted to the data controller. If necessary, the data controller may ask the requester for proof of their identity. The data controller shall respond to the customer within the time period set by EU’s General Data Protection Regulation (generally within one month).

10. Other rights related to processing of personal data

Any person in the registry has the right to request erasure of their personal data from the registry (“right to be forgotten”). The data subject is also entitled to all other rights declared in the EU’s General Data Protection Regulation, such as the right to restrict processing of their data in certain situations. Any requests should be submitted to the data controller in writing. If necessary, the data controller may ask the requester for proof of their identity. The data controller shall respond to the customer within the time period set by EU’s General Data Protection Regulation (generally within one month).