Name: Treston Oy
Business ID code: 2419359-9
Address: Sorakatu 1
Post office: Turku, Finland
Phone number: +358 10 4469 11
E-mail address: gdpr(a)treston.com
2. Data subjects
Customers (contact persons), potential customers, users of website forms
3. Purpose of the data register
The collected personal data is used to maintain, manage and develop customer relationships and potential customer relationships, to implement agreements, process orders, develop business operations and for marketing purposes.
4. Purpose of the processing of personal data
The legitimate interests of the controller.
5. Data register content
We strive to only collect data which is relevant with regard to the purpose of use. The following data may be stored in the data register to help in handling communications, managing customer relationships or targeting marketing efforts: Name, employer, company's business, address, e-mail address, phone number, role/title, IP address, operating system used by the data subject, browser and referral URL, source of information, customer's area of interest, sales office, vendor contact, representative contact, retailer, marketing campaign history, Treston website traffic history, sales operation history, answers to the customer satisfaction enquiry and reclamations.
6. Retention period of personal data
Personal data is stored for as long as it is needed in order to implement an agreement made with a customer or to develop customer services. In principle, personal data is used for marketing purposes for a duration of five (5) years. Personal interest shown in marketing messages might extend the retention period.
You can unsubscribe from our e-mail marketing list by using the unsubscribe link at the bottom of every marketing e-mail message we send, or by sending a notification to unsubscribe to email@example.com.
7. Regular sources of information
Personal data in the register is collected from the data subject during website visits or in conjunction with other personal or digital interaction, from various registers to the extent permitted by law, and by using a marketing automation tool. Information is also collected using the Google Analytics and Yandex Metrica tool.
8. Regular disclosure of data and transfer of information outside the European Union or the European Economic Area
Treston Oy's subsidiaries in Finland, Sweden, France, Germany, the United States and Great Britain have specified persons who have access to the Group's joint customer relationship management system, as well as to the marketing automation system.
Part of the external service or software providers used by the company may store data outside the European Economic Area.
In principle, Treston does not disclose personal data of the data subject to third parties, except where required by the processing of an order, invitation to tender, or an enquiry. In such cases, the data may be shared with, for example, a transportation or logistics company, a finance company, our retailer or another service provider.
In cases where the data subject uses a browser-based 3D design program customised by Treston to serve the needs of our retailer and/or distributor, the personal data of the data subject shall be disclosed to the relevant retail dealer whose contact information is available in the design program, and the local distributor. Our retailer and distributor network in different countries.
Certain data, such as web browsing history, can be selectively disclosed to a targeted third-party marketing campaign commissioned by the controller, or to a channel partner. In such cases, the ownership of data will not be transferred from the controller to a third party, nor does the third party have the right to use the data for any wider use outside of the assigned commission.
Our aim to ensure that our service providers comply with data protection legislation and that they have joined the so-called Privacy Shield Program (https://www.privacyshield.gov/list) between the EU and the United States. The purpose of this framework is to ensure the secure processing of the personal data of Europeans in the United States. In principle, we utilise the following service providers: Microsoft, Salesforce, Act-On, MojiMoji, Karhu Helsinki, Netigate, Fluido, Leadoo, Loopia Group, Iptor and Turun Tietokeskus.
9. Data register security
The secure processing of your personal data is important to us. We use the following protective measures to ensure the security of your data.
Accessing our system requires a user name and password. The system is also protected by firewalls and other technical methods.
The right to access and use the data contained in the register and stored in the system is only granted to specific, pre-defined employees who need the data to perform their duties.
Use of the register is protected by user-specific codes, passwords and access rights.
In case of severe security breaches, we will inform the security officer and the persons involved within 72 hours.
10. Rights of the data subject
The right to access
The data subject has the right to inspect the personal data concerning him or her that has been stored in the personal data register. An access request in writing titled “Request for access to personal data register”, should be sent to: firstname.lastname@example.org. We will deliver the information personally to the data subject in our local office, after securing their identity, within 1 month of the request. The right to access is free of charge when submitted once a year.
The right to rectify, delete, restrict and transfer
A data subject is entitled to request the rectification or deletion of incorrect or outdated data or the transfer of data provided by him or her from one system to another. In accordance with the EU General Data Protection Regulation, Articles 18 and 21, a data subject also has the right to restrict or object to the processing of his or her personal data.
The data subject has the right to withdraw a previously given consent for data processing or to submit a complaint to the supervisory authority on issues related to the processing of his or her personal data.
Direct marketing ban
At any time, the data subject has the right to prohibit the use of personal data concerning him or her for direct-marketing purposes. We never sell personal data to other parties in order to enable them to target direct marketing to data subjects. We disclose personal data to our retailer network when, on the basis of the data subject’s country of origin or a service used, such as the 3D design program, we are able to serve the data subject to the best of our abilities via our retailer network.
Right of appeal
You have the right to lodge a complaint with the data protection officer if you feel that in processing your personal data we are in breach of applicable data protection legislation.
If a person visiting our website does not want us to obtain the above information provided by cookies, most browsers allow the cookie function to be switched off. This can usually be done via the browser settings.
However, it is worth remembering that cookies may be necessary for the proper functioning of some of the websites we maintain and the services we offer.
For more information on browser-based targeting of advertising at www.youronlinechoices.com.