Privacy policy
Controller
The Warming Surfaces Company Oy (the ”Company”)
Business ID: 3324358-6
Address: Marmoritie 3 A 2, 90620 Oulu, Finland
Contact info: info@warmingsurfaces.com
General
This Privacy Policy outlines how we collect, use, and protect personal data of data subject’s and what
practices are followed when processing the data subjects’ personal data.
In compliance with arts. 13 and 14 of European Regulation 2016/679 (“GDPR”) we hereby inform you that the Company, in its capacity as Controller, electronically processes its data subject’s data to respond to the data subject’s request to send the newsletter and relative registration on the mailing list concerning direct marketing, newsletters or regarding the Controller’s events and initiatives, in full compliance with the principles of lawfulness, fairness and with legal provisions.
The Company processes personal data only for the purposes described in this policy and where we have a legal basis for doing so. Please note that by subscribing the data subject consents to the processing of their personal data and agrees that the Company collects the personal data in its registers.
Processing of Personal Data
Purposes:
- Managing customer relationships;
- Managing investor relationships;
- Direct marketing such as sending newsletters;
- Targeting and personalizing marketing content;
- Analytics and market research;
- Investor communications;
- Compliance with legal obligations;
- Claims and legal procedures;
The legal basis for the data processing for direct marketing purposes is consent or legitimate interest. We
may rely on our legitimate interests as the legal basis for processing your personal data for direct marketing
purposes if we have a genuine and legitimate interest in promoting our products or services, and if we believe
that our marketing materials would be of interest to you. We will ensure that your rights and interests are not
overridden by our legitimate interests. Personal data can be processed and used for the marketing purposes
of the Company and its partners in accordance with the GDPR. Based on the subscription, the Company has
the right to process the data subject’s data.
The Company processes some or all of the following personal data of the data subject:
- Name;
- Address;
- Primary country of residence;
- Company / employer (if any);
- Phone number; and
- E-mail address.
​
The register only contains information provided by the data subject when subscribing to our newsletters,
registering for our mailing lists or events on our website or in other connection.
​
Disclosure
The Company may disclose the data subject's data, within the limits allowed by the GDPR, also to a third
party or another data controller, if this has been separately agreed with the data subject. These third parties
are, for example, the authorized service providers and partners and subcontractors that the Company uses.
Information can be transferred to the Company's own direct marketing registers, unless the data subject has prohibited it. The Company takes measures to ensure adequate protection of the data subject’s personal data regardless of the processing location.
The Company can hand over information stored in the register to third parties such as service providers. In
these situations, the Company has made appropriate agreements with the third parties and thus ensured the
appropriate processing of personal data.
The Company may be obliged to hand over data subject’s data if this is required by applicable law or
regulation or a request from a judicial or administrative authority.
The Company uses certain service providers and tools on our website, whose service providers may be
located (or have access to the personal data from) outside the EU or the European Economic Area (EEA). In
these cases, we take care of the necessary protective measures as required by the applicable legislation.
Personal data will only be transferred to countries that the European Commission has assessed in its decision
as providing an adequate level of data protection. More information:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en)
When the service provider operates in a country that does not belong to the aforementioned countries,
separate contractual clauses approved by the European Commission apply, which contractually protect
personal data at the same level as within the EEA area. We will also implement necessary technical,
organisational, or contractual supplementary measures to ensure that personal data has the same protection
as in EU/EEA. More information:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en.
​
Storage Period
Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimization,
pursuant to art. 5 of the GDPR, the data subject’s personal data shall be stored for as long as it is necessary to
achieve the purposes for which it was collected, unless a longer retention period is required by law. The
length of time we retain your personal data will depend on the purposes for which it was collected, the nature
of the data, and any legal or regulatory obligations that apply to us. For direct marketing purposes, we will
retain your personal data for as long as you remain subscribed to our mailing list or until you opt-out of
receiving our marketing materials. If you unsubscribe from our mailing list or opt-out of receiving our
marketing materials, we will securely and permanently delete or anonymize your personal data within a
reasonable timeframe. However, we may retain a record of your opt-out request to ensure that we do not
contact you for marketing purposes in the future.
Purpose of the Register
The register is used for
- Marketing and sales of services and products of the Company;
- Customer management and communication, analysis and development of the customer
relationship, investor relations, and for statistical purposes.
​
Protection of the Register
The Company's register is only stored electronically. The Company uses administrative, organizational,
technical and physical measures (including encryption and firewalls) to protect the data it collects and
processes. All information security breaches are reported as soon as possible as required by the applicable
legislation to the relevant authorities and, if required by the data protection legislation. The register is used
only by those persons whose job description includes the use of the register. Each person handling the
register has a personal username and password for the system. Access rights to the register are granted and
monitored by the Company's data protection officer.
Rights of the Data Subject
Right to Access
The registered data subject has the right to check the information about the data subject, stored in the
register. The inspection request is free of charge once a year and must be made in writing, signed and
delivered to the Company's data protection officer.
Right to Rectify
If the data subject’s information contains errors or is incomplete, the data subject has the right to demand
that the incorrect information be corrected or that the incomplete information be supplemented.
Right to Delete
The registered data subject also has the right to demand the deletion of personal information subject to the
retention obligation in terms of official supervision. The data subject’s data will be deleted if there is no
longer a legal basis for the processing.
​
Changes to Data Protection
The Company reserves the rights to possible changes regarding data protection measures and this statement.
Automatic Decision Making
The Company does not use the data subject,s data for automatic decision-making such as profiling.
Using Data for other Purposes
The Company does not use the data subject's data for purposes other than those stated in this statement. The
Company informs the data subject of the new purposes of use and the basis for their processing. If necessary,
The Company will ask the data subject for consent to the processing of personal data for new purposes.
Cookies
The Company's website uses cookies. [Please read more about cookies in our Cookie Policy here.]
Data Protection Officer
Jani-Mikael Kuusisto the Company's Data Protection Officer, provides more information on the processing of personal data by the Company and the use of the Customer's rights based on the GDPR. You can contact us by email: info@warmingsurfaces.com