This is D-Hydro Oy’s Privacy Policy in compliance with the European Union’s General Data Protection Regulation (GDPR).
Drawn on 30.6.2021. Last edit on 30.6.2021.

1. Registrar

D-Hydro Oy, Wahlforssinkatu 10, 80100 Joensuu, Finland

2. The corresponding contact for the register

Teemu Romppanen, teemu.romppanen@dhydro.com, +358 50 411 6090

3. The name of the register

Customer and Marketing Register

4. The legal basis and intent for processing personal data

The legal basis for personal data processing in compliance with the European Union’s General Data Protection Regulation is

• the person’s consent (documented, voluntary, individualized, conscious, and unambiguous)
• a contract, where the registered is a party to
• registrar’s justified interest (e.g. customer relationship prior to the contract, employment relationship, membership.)

The intent for personal data processing is to contact customers, managing customer relationships, and marketing.

The information will not be used for automated decision making or profiling.

5. The register’s data content

Data which is stored in the register: person’s name, status, company/organization, contact details (phone number, email address, address), websites’ addresses, network’s IP-address, social media accounts/profiles, data about ordered services and changes in them, billing data, other data associated to the customer relationship and ordered services.

Data will be stored until a request of removal is made.

Website visitors’ IP-addresses and essential cookies to the services’ functioning are processed in the basis of justified interest. Amongst other things, this is to ensure data security and to collect statistical data from website visitors in cases where they can be seen as personal data. When needed, consent will be requested separately for cookies used by third parties.

6. Regular data sources

Data stored in the register will be collected from the customer through email, phone, social media services, contracts, customer meetings, messages sent from web forms, and through other circumstances where a customer discloses their information.

Companies’ and other organizations’ contacts’ data may also be collected from public sources such as websites, directory services and other companies.

7. Regular disclosure of information and data transmission outside of the EU or the ETA

Data will not be disclosed regularly to other entities. Data may be published to the extent of what has been agreed with the customer.

Data may be transferred by the registrar outside the EU or the ETA. Data will not be transferred to the United States without the consent of the registered parties.

Our website uses Google Analytics and Facebook Pixel which help us develop the website’s operation. Only the website visitors’ IP-addresses will be given to Google and Facebook. We cannot connect the data to individual users of Google’s or Facebook’s services.

8. The principles of data protection

Caution will be used when handling the register and the processed data will be protected properly with data systems. When registered data will be stored in internet servers, their hardware’s physical and digital security will be taken care of properly. The registrar ensures that the stored data, and the server’s access rights as well as other critical information for personal data’s security will be handled confidentially and only by employees whose job description it fits.

9. The right of inspection and data correction

Every person on the register has the right to inspect their data stored on the register and the right to demand the correction of incorrect data or the completion of incomplete data. If a person wants to inspect their data or to demand its correction, they must send a written request to the registrar. The registrar may ask the requesting person to prove their identity when needed. The registrar answers all customers within a timeframe in compliance with the EU’s General Data Protection Regulation (in general within a month).

10. Other rights associated with personal data processing

A person in the register has the right to ask for their personal data to be removed from the register (“the right to be forgotten”). Similarly, the registered have other EU’s General Data Protection Regulation rights such as the restriction to collect data in certain situations. The registrar may ask the requesting person to prove their identity when needed. The registrar answers all customers within a timeframe in compliance with the EU’s General Data Protection Regulation (in general within a month).

This content has been published with the following condition: CC Attribution License.

The original sample is made by Harto Pönkä / Innowise in Finnish on 20.2.2018 (edited on 29.3.2021)