On this page, you will find the register descriptions of the customer and marketing register in accordance with the Privacy Policy.
1a Controller
Controller name: Insinööritoimisto Comatec Oy (Business ID: 0946936-6)
Address: Kalevankatu 7 C, 33100 Tampere, Finland
Other contact information: Tel. +358 29 000 2000
2 Contact person
Controller name: Janne Lammela, Chief Information Officer
Address: Kalevantie 7 C, 33100 Tampere, Finland
Other contact information: Tel: +358 40 621 3156, email: janne.lammela@comatec.fi
3 Register name
This privacy statement describes how Comatec Group, Insinööritoimisto Comatec Oy and its subsidiaries (hereinafter referred to as “Comatec” or “the controller”) process personal data. This privacy statement is applied to all processing of personal data, whether data is processed in connection with maintaining Comatec’s website, tending to customer relationships, or the products and services Comatec offers.
4 Purpose and basis of processing personal data
The purposes (and legal grounds, given in brackets) for processing personal data are as follows:
When processing data on the basis of legitimate interest, Comatec assesses the potential advantages and disadvantages the processing may cause to the data subject and ensures that the rights and interests of the data subject do not override the legitimate interest. Upon request, Comatec will provide more information on how information is processed based on legitimate interest.
5 Content of the register
The register may contain the following data or information that is necessary for identifying data subjects, as well as other data or information regarding contact persons of customer organisations necessary for fulfilling the purpose of the register:
6 Regular sources of information
Data and information on the data subjects is collected from customer organisations, potential customer organisations or stakeholders themselves when a data subject purchases or orders Comatec’s products or services for themselves or on behalf of the organisation they represent, in connection with other communication by telephone, using the internet or via email in connection with marketing activities, such as events. Sometimes information may also be collected from Posti’s address information system, contact lists of telephone companies and other corresponding private or public registers.
7 Regular disclosure of data
Personal data may be transferred with the controller between companies belonging to the group in accordance with the applicable data protection legislation and for the purposes described in this privacy statement.
Various service providers and other third parties, such as providers of technical solutions, server space or accounting and financial services, may also be contracted to process personal data. Group companies may also process personal data on each other’s behalf.
Comatec ensures that all processing parties sign relevant agreements as required by the applicable data protection legislation.
Personal data may be disclosed to third parties if so required by law or by a public authority, or in situations where disclosure is necessary to prevent or investigate any misconduct or ensure security. Personal data may also be disclosed to third parties in connection with trials or other legal proceedings. If an invoice is left unpaid, individual data may be disclosed to debt collection companies.
If the controller or a company belonging to the same group as the controller is involved in a merger, asset purchase or other business arrangement, personal data may be disclosed to other parties of the arrangement or parties that provide assistance for the purposes of the arrangement.
Additional information on the recipients of personal data can be provided upon request.
8 Transfer of data outside the EU or EEA
Data is not regularly transferred or disclosed outside the European Union or the European Economic Area. However, service providers involved in the processing of personal data may be established outside the European Union or the European Economic Area and may therefore transfer personal data to third-party countries.
When data is transferred outside the EU or the EEA, Comatec will ensure that it is adequately protected. This is done by agreeing on matters related to the processing of personal data in accordance with the applicable data protection legislation, e.g. using standard contractual clauses approved by the European Commission or other measures based on the adequacy decision given by the European Commission, among other things.
Comatec will provide additional information on the transfer of personal data and associated data protection mechanisms upon request.
9 Retention of personal data
Comatec will only retain personal data for as long as is necessary to fulfil the purposes set out in this privacy statement. In addition to this, data will always be retained for the period required by law (e.g. legislation regarding accounting or reporting obligations), or any period of time required for the purposes of ongoing litigation or a similar dispute resolution process. As a general rule, Comatec will retain customer data for a period of 10 years after the latest sale or other form of contact with the customer. After this, the personal data will be either deleted or anonymised without unreasonable delay.
Additional information on the retention of personal data is provided upon request.
10 Automated decision-making and profiling
Comatec does not use automated decision-making, nor does it profile its customers.
11 Data protection principles
Manual data
Comatec does not collect manual data on its customer organisations, potential customer organisations or other stakeholders.
Electronic data
Only employees who are permitted to process the data as a part of their duties are permitted to use the register. Personal data stored in an electronic form is protected on an adequate level with firewalls and other technical measures, such as usernames and passwords.
12 Rights of the data subject
Additional information on the rights of data subjects can be found in the marketing privacy statement below.
1a Controller
Controller name: Insinööritoimisto Comatec Oy (Business ID: 0946936-6)
Address: Kalevankatu 7 C, 33100 Tampere, Finland
Other contact information: Tel. +358 29 000 2000
2 Contact person
Controller name: Janne Lammela, Chief Information Officer
Address: Kalevantie 7 C, 33100 Tampere, Finland
Other contact information: Tel: +358 40 621 3156, email: janne.lammela@comatec.fi
3 Register name
This privacy statement describes how Comatec Group, Insinööritoimisto Comatec Oy and its subsidiaries (hereinafter referred to as “Comatec” or “the controller”) process personal data in connection with marketing and stakeholder activities.
4 Purpose and basis of processing personal data
Group of data subjects | Data used to | Basis for data processing |
Newsletter subscribers | Deliver newsletters and provide information on services, for marketing purposes and for generating statistics regarding newsletters. | Legitimate interest |
Contact persons for customer organisations (including potential customers) | Deliver newsletters, for generating statistics regarding newsletters, for customer satisfaction surveys and other surveys, as well as communicating information regarding services and for marketing purposes. | Legitimate interest |
Stakeholders | Communicate information on issues related to Comatec or Comatec’s services, for marketing purposes, as well as for surveys and for generating statistics regarding communications. | Legitimate interest |
Event participants | Communicating information related to events organised by Comatec, as well as for the technical organisation of these events. The data is also used for communicating information regarding services, for conducting surveys, and for generating marketing-related and communication-related statistics. | Legitimate interest |
5 Content of the register
The register may contain the following data or information that is necessary for identifying data subjects, as well as other data or information necessary for fulfilling the purpose of the register, including but not limited to the following:
6 Regular sources of information
Data and information on the data subjects is collected from customer organisations, potential customer organisations or stakeholders themselves when a data subject purchases or orders Comatec’s products or services for themselves or on behalf of the organisation they represent, in connection with other communication by telephone, using the internet or via email in connection with marketing activities, such as events. Sometimes information may also be collected from Posti’s address information system, contact lists of telephone companies and other corresponding private or public registers.
7 Regular disclosure of data
Personal data may be transferred with the controller between companies belonging to the group in accordance with the applicable data protection legislation and for the purposes described in this privacy statement.
Various service providers and other third parties, such as providers of technical solutions or server space, may also be contracted to process personal data. Data may be transferred to an external service provider for the purposes of conducting customer and market surveys or other similar surveys on behalf of Insinööritoimisto Comatec Oy and its subsidiaries, for example. Group companies may also process personal data on each other’s behalf.
Comatec ensures that all processing parties sign relevant agreements as required by the applicable data protection legislation.
Additional information on the recipients of personal data can be provided upon request.
8 Transfer of data outside the EU or EEA
Data is not regularly transferred or disclosed outside the European Union or the European Economic Area. However, service providers involved in the processing of personal data may be established outside the European Union or the European Economic Area and may therefore transfer personal data to third-party countries.
When data is transferred outside the EU or the EEA, Comatec will ensure that it is adequately protected. This is done by agreeing on matters related to the processing of personal data in accordance with the applicable data protection legislation, e.g. using standard contractual clauses approved by the European Commission or other measures based on the adequacy decision given by the European Commission, among other things.
Comatec will provide additional information on the transfer of personal data and associated data protection mechanisms upon request.
9 Retention of personal data
Comatec will only retain personal data for as long as is necessary to fulfil the purposes set out in this privacy statement. In addition to this, data will always be retained for the period required by law (e.g. legislation regarding accounting or reporting obligations), or any period of time required for the purposes of ongoing litigation or a similar dispute resolution process. As a general rule, Comatec will retain marketing-related data for 10 years after the latest sale or other form of contact with the customer. After this, the personal data will be either deleted or anonymised without unreasonable delay.
Additional information on the retention of personal data is provided upon request.
10 Automated decision-making and profiling
Comatec does not use automated decision-making, nor does it profile its customers.
9 Data protection principles
Manual data
Comatec does not collect manual data on its customer organisations, potential customer organisations or other stakeholders.
Electronic data
Electronic files are stored on a server that is kept in a locked room, accessible only to designated persons who are authorised to access the room for the purpose of fulfilling their professional duties. Only persons who need the data to fulfil their professional duties are permitted to access the data stored in the system. The infrastructure is protected with firewalls and other adequate technical security measures, such as usernames and passwords.
10 Rights of the data subject
Data protection legislation awards all data subjects certain rights with respect to their own personal data. However, these rights are applied depending on the purpose for and context in which the personal data is used.
Exercising data subjects’ rights
If you have any questions regarding the processing of your personal data, do not hesitate to contact us.
If you wish to make a request regarding your rights as a data subject, you can do so by letter or email using the contact details provided in this privacy statement.
Please be aware that we may require you to verify your identity before processing your request. All requests are answered without undue delay. Generally, you can expect an answer within a month of submitting a request and verifying your identity. If for any reason we cannot comply with your request, we will notify you of this separately.
11 Right to lodge a complaint with a supervisory authority
If a data subject considers their rights to have been breached or their personal data to have been processed in breach of applicable data processing legislation, they are entitled to lodge a complaint with a supervisory authority.
The contact details of the Finnish data protection authority can be found here.