PRIVACY POLICY – Greenled Oy

Updated 25 May 2018

Greenled provides comprehensive lighting solutions for businesses and the public sector. To serve our customers, we also collect relevant information from our customers’ contacts. We take privacy and data protection seriously and comply with the applicable data protection legislation when processing personal data. This Privacy Policy tells you what information we collect and how we use and protect the data that we collect. It also tells you how you can influence the ways in which your personal data is used.

SUMMARY

Greenled’s marketing and customer records contain information about our customers’ contact persons. The data collected in the records consists of the contact information submitted by the customers or contact persons themselves and user data collected automatically. The processing of data is based on consent or on legitimate interests related to a customer relationship or potential customer relationship. The data is used for the delivery of products and services, customer accounts management, and advertising and marketing for businesses and other entities. Based on his or her duties, a data subject may be sent direct marketing addressed to the company or other entity unless the data subject has forbidden it. Data will not be disclosed to third parties but it may be transferred to trusted service providers for processing.

Please read this Privacy Policy. If you have any questions about our data protection procedures or if you want to use your data protection rights, contact us by email, phone or letter.

Controller:

Greenled Oy (Y-2311958-1)
Oritkarintie 4
90400 Oulu, Finland

Contact details:

Juho Niemonen
Tel. +358 20 125 5832
Email: juho.niemonen@greenled.fi

1. The data we collect about you

We may collect information about you when you order our products, visit our website or office or otherwise interact with our staff. We may also obtain contact information through various event organisers and corporate websites. We do not collect sensitive information about you. The data we collect can be divided into two categories based on the data source: (a) the information provided by you or your employer, and (b) the information we collect automatically. We may combine and mix the information that we collect automatically with the information that you provide.

Information provided by you

We may collect job-related personal data that you provide, such as your name, phone number, email address, employer and job title. In order to manage customer accounts, we may collect information about the nature of the job, projects and project roles, line of business and country. We may also collect other information provided by you. Additionally, we keep track of whether you have consented to direct marketing through the electronic means referred to in the legislation or whether you have denied direct marketing.

Information collected automatically

We may use a variety of methods to automatically collect data from your computer or mobile device when you visit our website. The automatic methods may comprise cookies, web beacons and other technologies. Data collected automatically may include your IP address, your location, the operating system of your computer or mobile device, the browser you are using, the type and settings of your mobile device, as well as your activity with regard to our services, such as the pages you visit on our website. Most of the data that is automatically collected in view of the use of our website is only stored temporarily. To prevent automatic cookie-based data collection, turn cookies off in your browser settings. Please see our more detailed cookie policy here.

2. For what purposes do we use your personal data?

We may use your personal data for managing customer accounts, communicating with you, processing orders, delivering products and services, analytical and statistical purposes, as well as for targeted advertising and marketing.

The processing of personal data is primarily based on Greenled’s customer relationship with the company or other organisation with which you work and our legitimate interest in managing customer accounts and targeting our marketing. We may also process your information on the basis of your consent.

3. Who processes your personal data?

Your personal data is processed by employees of Greenled whose duties are associated with marketing, sales, installation or administration. Our staff is trained in safe data processing and each group of employees processes data only insofar as it is necessary to carry out their respective duties.

We may also transfer your personal data to be processed by trusted service providers. Such service providers provide us with services such as data processing and other information technology services, campaign and analytics services as well as opinion poll and market research services. We do not allow service providers to use or transfer your personal data for any purpose other than to provide services on our behalf. All our agreements with service providers take into account the requirements of the EU General Data Protection Regulation and other applicable laws.

4. Will your personal data be transferred outside the EU or EEA?

Your personal data will be processed mainly within the European Union. In direct marketing and communications, however, we also use the services of US-based MailChimp and, in that case, your personal data will be transferred outside the European Union. To secure and protect your privacy and your rights, MailChimp has applied for the EU–US Privacy Shield Certification and is committed to abiding by the EU General Data Protection Regulation. For more details, please see: https://mailchimp.com/legal/privacy/.

5. Will your personal data be disclosed to third parties?

We will not sell your personal data and will only disclose your data as described in this Privacy Policy. Disclosure of data is subject to the applicable data protection legislation.

If, for strategic or other business reasons, we decide to sell or transfer our business in whole or in part, we may, as part of such sale or transfer, pass on data that we have collected and maintained, including customer information containing your personal data, to anyone who is a party to the sale or transfer of the business.

Additionally, we may disclose your personal data if we consider it necessary because of an applicable law, regulation or an authority’s request.

6. How is the security of your personal data provided?

We keep your data in electronic records and have taken appropriate steps to safeguard your personal data. The personal data is protected against unauthorised access and accidental or unlawful destruction, alteration, disclosure, transfer or other illegal processing. Using the data records, as well as editing and processing the data requires user authentication and a secure connection. The use of data records is only allowed for designated persons who are responsible for system administration or customer account management.

7. For how long will we keep your personal data?

We will retain your personal data only for as long as it may be deemed necessary for the purposes described in this Privacy Policy unless the retention of such data for a longer period is required or permitted by law. We will erase your data from our records when you cease to be our customer or when your duties otherwise change so that the processing of your personal data is no longer justified.

8. What rights do you have?

You have the right to audit your data, the right to demand that inaccurate information be rectified, erased or completed. You have the right to rely on any of your rights guaranteed by data protection legislation, such as the right to restrict or object processing, as well as the right to transmit the data from one system to another. In order to ensure reliable identification, we may in certain cases require that the requests concerning the use of your rights be presented personally at our office or in a letter signed personally by you and including your identification details. We respond to audit requests in writing.

You also have the right to prohibit the use of your data for direct mail, distance selling or other direct marketing. If you have given us permission to send you marketing communications, you may later prohibit such communications in accordance with the instructions we include in the messages.

We always strive to resolve any issues concerning the processing of personal data directly with the data subject, respecting all the rights of the data subject. However, if you are dissatisfied with our processing of your personal data, you have the right to file an investigation with the relevant Data Protection Authority.

9. Changes to the Privacy Policy

We may update this Privacy Policy and our data protection procedures from time to time. If the changes are significant, we will notify you on our website or by other means, such as by email. We hope you read this statement regularly so that you have the most recent information about our data protection practices.