Treatment of personal data
TREATMENT OF PERSONAL DATA
This page concerns the treatment of our customers’ personal data. Please read the page thoroughly in order to understand our practices concerning personal data and their treatment.
The register controller referred to in the EU General Data Protection Regulation (GDPR) is Byahjälp Finland Ltd (hereinafter ‘Byahjalp’) .
Byahjälp Finland Company Reg. No.: 2771790-9
Street address: Lötvägen 19, Vörå
Postal address: 66640 Maxmo
Telephone: +358 45 787 54081
Online service: www.byahjalp.com
TREATMENT OF DATA AT BYAHJALP
We handle personal data for many different purposes and in many different ways. In all treatment of personal data, we adhere to the appropriate protection procedures and the principles set out in the data protection legislation. Please refer to the following for details of how we handle different types of data. If we make significant changes to the data, we will notify you in an appropriate manner as detailed at the end of the text.
WHAT DATA DOES BYAHJALP COLLECT?
We collect information that is necessary in managing the customer relationship and in the purposes for which the data is used. All our handling of personal data is legally justified.
We collect and handle personal data of different classes, such as:
- Contact details, like your name, address, phone number, user name, customer number, password, and your photo, if necessary
- Contract and service data, like details of our services you use, the contract term and notice of termination, recorded customer service and sales calls, as well as other information concerning your contract
- Payment and consumption data, like details on the products you have purchased and services you use
- Financial and billing data, like your billing address, payment terms, credit card number and bank account details
- Work order information, like your communication with our customer service, orders for support work, complaints etc.
- Behaviour and consumption data, like your customer segment, reactions to offers made to you, and your habitual uses of our products, services and websites
- Device data, like the IP address, and other data obtained from cookies Permission data, like marketing permissions
WHAT ARE THE SOURCES OF PERSONAL DATA?
The personal data we handle come from various sources:
- From yourself, when you order our services, fill in contact forms or send us your personal details. On these occasions we notify you of the data we require and need in order to provide you with the service in question.
- From our relationship to you as customer, processing of work orders or behaviour data.
- From public sources, like public address registers or third parties with which we collaborate, such as credit data providers, debt collection services, installation partners and marketing partners.
FOR WHAT PURPOSE ARE PERSONAL DATA USED?
Personal data are only used for predetermined purposes. We use personal data for the following purposes:
- Management of customer relations and customer satisfaction surveys. Byahjalp needs personal data in order to maintain the customer relationship and for customer service provided by phone, email and our digital channels. We communicate with our customers about the customer relationship by email, phone and our digital channels.
- Management of contracts and products, service delivery and maintenance. Byahjalp must make a contract with all its customers in order to fulfill our contractual obligations to the customers. Therefore, we collect personal data for drawing up and management of contracts and delivering products and services. We keep our customers informed, for example by issuing notices related to contracts. We update our customers’ data and collect information on their behavior and related services, so that we can offer our customers the best possible solutions.
- Billing and debt collection. We use personal data so we can bill our customers for our products, goods and services. We prepare the bills based on customer details, contract details and information on goods or services delivered. We process the payments made by customers, respond to requests for changes, and archive bills and contracts.
- Sales, marketing and development of products and services. We use customers’ email addresses for notices, newsletters and marketing messages; we may inform our customers of our customer benefits, services and their use, new products and other current topics. With potential new customers, we use personal data obtained from e.g. events, competitions, questionnaires and other activities on our website. We utilise phone recordings in improving the quality of our sales and customer service, as well as securing the rights of contract parties.
- Internal reporting and reporting to authorities
WHAT IS THE LEGAL BASIS OF HANDLING PERSONAL DATA?
We handle our customers’ personal data on a number of legal bases:
- Your consent given expressly and freely. If our handling of personal data is based on your consent, you may withdraw your consent at any time.
- Handling personal data is necessary to fulfill a contract made between us or for drawing up such a contract.
- Data handling is necessary to fulfill our legal obligation (for example, the law requires us to keep data for a certain period) and/or to define or implement legal provisions or complaints, or in Byahjalp’s defence against them.
- Data handling is necessary for purposes related to our legitimate interests or those of third parties, taking into account the benefits, basic rights and freedoms of the registered (i.e. balance of benefits). Our legitimate interests in such data handling are:
- Maintenance of accurate, meaningful and uniform archives and functions
- Development, improvement and sale of our products and services, together with nurturing good customer relations, for example by making use of customer feedback and surveys
- Carrying out cost-effective and meaningful business activities
- Ensuring appropriate management of customer relations, for example in handling guarantees or deposits and authorizations.
- Provision of relevant and effective direct marketing for present customers, such as profiling and segmentation for marketing purposes (see further information below)
- Obtaining payment for products and services delivered, for example in debt collection
- Provision of effective customer support and case management, such as recording of phone calls to ensure customer service quality and to confirm orders.
HOW LONG DOES BYAHJALP KEEP PERSONAL DATA?
We keep personal data only for a period that is necessary, depending on the data type and their purpose. Storage periods may vary depending on their classification.
As a general rule, personal data are stored for the duration of the customer relationship and ten years after it ended.
Byahjalp regularly resets and reassesses the storage periods for the personal data of different data types in its possession. When personal data are no longer required, Byahjalp deletes them of renders them unidentifiable as soon as possible.
WHO HANDLES PERSONAL DATA?
Byahjalp may handle the personal data in accordance with the privacy protection legislation currently in force. We may pass personal data to authorised employees or co-operation companies and other instances, if it is necessary in terms of their intended use.
Personal data are only accessible to employees who need the data to carry out their duties, so they are never available to all employees.
We also use third party information processors to help us in handling personal data. When a third party handles personal data on our behalf, we always make contractual arrangements to ensure that the data are always handled securely and in accordance with privacy protection legislation and best practices in data processing.
In principle, we will never sell your personal data, trade in them or pass on the permission to use them to third parties.
Third parties handling personal data classified:
- Service providers like printing services, debt collection services, co-operation partners, credit information providers and consulting service providers
- IT service providers, cloud services
- Sales and marketing partners In addition, personal data may be passed to the authorities.
HOW DO WE PROTECT PERSONAL DATA?
We implement the necessary technical and organisational measures to ensure and prove that our personal data handling complies with the data protection legislation.
Some of the measures we apply to protect personal data:
- Controlling user rights so that only authorised persons have access to personal data
- Using firewalls
- Making data unidentifiable (pseudonymisation)
- Personnel given detailed instruction and training on protection of personal data
- Diligent assessment in selecting our service providers that handle personal data on Byahjalp’s behalf
HOW DO WE USE CUSTOMER DATA FOR MARKETING PURPOSES?
We deem it important that our customers perceive our marketing as interesting and useful. Using personal data for marketing purposes is necessary for our legitimate interests in developing, improving and sale of our products and services, as well as maintaining good customer relations.
Our customers have the option of rejecting and refusing all Byahjalp’s marketing messages through the various channels.
For example, we conduct market analyses, collect statistics and evaluate and develop our services and products, and inform you about them. You may receive monthly newsletters or general information on e.g. customer benefits, unless you specifically refuse to allow such messages. We may also send you targeted benefits and offers based on your purchases, services/products you have used and/or your communication behaviour. The aim of such targeted offers is to improve your customer experience and to provide you with relevant offers on products and services we believe would interest you. In order to target our offers and customer communications, we need to split customers into various groups (by segmentation or profiling) based on their interaction with us.
HOW DO WE USE OUR CUSTOMER’S DATA IN DECISION-MAKING?
We may make decisions concerning our customers using automated decision-making, for example by carrying out automated credit checks when making contracts and during the contract term. This may affect the customer’s access to our services.
We use automated decisions to ensure that our decision-making and business processes are efficient, digital, predictable and secure in legal terms. As a rule, we provide our customers with more detailed and precise information about such automated decision-making processes in conjunction with launching an application or decision-making.
If an automated decision is not required for a contract, we ask you in advance to consent to automated decision-making. If we have made a decision concerning you purely on the basis of automated processing (e.g. by automated profiling) and it affects your ability to use our services or has other significant impacts on you, you may request that the relevant decision is not applied to you unless we are able to prove to you that the decision in question is necessary for making a contract between Byahjalp and yourself, or for implementing it.
HOW DO WE TREAT PERSONAL DATA OBTAINED FROM IP ADDRESSES, COOKIES AND SIMILAR TECHNOLOGIES?
When you use our services or visit our websites, Byahjalp may utilise cookies and other monitoring techniques to gather data about your devices.
Cookies are small text files used by us to identify and count browsers and devices visiting our websites. Byahjalp or third parties may use such data for marketing purposes.
DOES BYAHJALP PASS ON PERSONAL DATA TO THIRD COUNTRIES?
As a rule, Byahjalp does not pass on personal data outside the European Union or European Economic Area (EEA). However, if we do transfer personal data outside the EU or EEC, we apply appropriate protection measures in accordance with current data protection legislation, such as model contractual clauses approved by the European Commission.
WHAT ARE OUR CUSTOMERS’ RIGHTS CONCERNING PERSONAL DATA?
Our customers have a number of rights guaranteed by legislation:
- Right to your own data. You have the right to find out whether we handle your personal data, and if we do, to receive a copy of the personal data used by Byahjalp plus additional information on their treatment by our company.
- Right to data transferability. You have the right to data transfer, meaning that in certain circumstances you may have the right to have your personal data transferred to another register controller.
- Right to amend. You have the right to correct or amend any incorrect data.
- Right to delete. You have the right to have your data deleted if they are no longer needed for the purposes for which they were processed; you withdraw your consent to some form of treatment resulting in Byahjalp no longer being legally justified to handle the data; your data have been used illegally; or handling your data is unnecessary to fulfill the applicable statutory requirements, in order that legal claims may be defined, implemented or defended, and/or for the purposes of archiving, research or statistics.
- Right to withdraw consent. If you have granted a specific consent for certain type of use, you may always cancel your consent.
- Right to object to use of personal data. When data usage is based on the legitimate interest of Byahjalp or a third party, you have the right to object at any time to your personal data being used. If Byahjalp is unable to provide justifiable reasons for their use, Byahjalp will stop handling your personal data.
- Right to object to direct marketing. You have the right to object at any time to your personal data being used for direct marketing purposes. In this case, we will stop using your personal data for such purposes.
- Right to restrict data usage. You have the right to restrict the use of your data while we investigate and check your request.
- Right to refuse being subjected to automated decisions. If we have made a decision concerning you wholly based on an automated procedure and this decision has financial consequences or ones with otherwise significant impacts, you may request that we review the decision using a fresh and individual assessment. This applies if we are unable to prove that an automated decision is necessary for making a contract between us or implementing one.
- Right of complaint to oversight authority. You have the right to complain to the data protection authority or other competent regulatory authority, if you believe that we are handling your personal data in contravention to current data protection legislation.
Contact details for using your rights:
Byahjalp Finland Ltd / Customer Service
Postal address: Lötvägen 19, 66640 MAXMO
Customer Service tel. +358 45 787 54081
Office of the Data Protection Ombudsman Postal address: PL 800 00521 Helsinki
Street address: Ratapihantie 9, 6th floor 00520 Helsinki
Switchboard: 029 56 66700
Email: [email protected]
CHANGES TO TREATMENT OF PERSONAL DATA
Byahjalp reserves the right to make changes regarding its treatment of personal data. We will give notice of any changes on our website. Changes may be necessary for reasons of developing our services or e.g. changes in relevant laws.