Privacy Policy – Joensuu Biocoal

This is the EU General Data Protection Regulation (GDPR) compliant register and privacy policy of Joensuu Biocoal Oy. Drafted on March 1, 2022. Last updated on March 1, 2022.

1. Data Controller

Joensuu Biocoal Oy (3153997-3), Kasarmikatu 21 B, 00130 Helsinki, Finland

2. Contact Person for the Register

Iiro Tiilikainen, iiro.tiilikainen@taaleri.com, +358 44 491 5922

3. Name of the Register

The stakeholder and online service user register of Joensuu Biocoal Oy.

4. Purpose and Legal Basis for Processing Personal Data

The purpose of processing personal data is to maintain contact with stakeholders, manage stakeholder relations, and retain customer information for managing customer relationships.

The legal basis for processing personal data is the legitimate interest of the data controller to process data and communicate with contact persons from stakeholder and customer groups. Personal data is collected only from the registered individuals themselves and from public sources such as corporate websites, social media platforms, or other similar registers, in accordance with data protection legislation.

No automated decision-making or profiling is conducted with the data.

5. Register Information

The information stored in the register includes:

Name, address, email address, and phone number
Information related to stakeholder membership and customer relationships, such as details of investments, contracts, and use of services

6. Regular Data Sources

The information stored in the register is obtained from customers via messages submitted through web forms, email, phone, contracts, customer meetings, and other situations where the customer provides their information. Information about corporate or organisational contact persons may also be collected from public sources such as websites, directory services, and other companies.

7. Regular Data Disclosures and Transfers Outside the EU or EEA

Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer.

However, the data controller may use third-party services for data processing, such as IT services, ensuring lawful data processing through contract arrangements and by instructing third parties on data handling. The third parties involved may vary. These third parties only process data on behalf of and as directed by the data controller.

Some of the services used by the data controller for processing personal data may operate outside the European Union or the European Economic Area. In such cases, data transfers will comply with data protection legislation, for example, by using the European Commission's standard contractual clauses when transferring data to data processors.

Personal data may be disclosed to authorities within the limits permitted and required by applicable legislation.

8. Principles of Data Security

Care is taken in handling the register, and data processed through information systems is appropriately protected. When stored on internet servers, the physical and digital security of the hardware is duly managed. The data controller ensures that stored data, server access rights, and other critical information related to the security of personal data are handled confidentially and only by employees whose job descriptions include handling such information.

9. Retention Period for Personal Data

Personal data is retained for as long as necessary to fulfil the purpose for which it was collected, as outlined in this privacy policy. The retention of personal data includes a review of inactive data, and unnecessary data is regularly deleted.

10. Rights of Data Subjects Regarding Personal Data Processing

Right to Rectification

The data controller ensures the quality of personal data processed as far as possible. The data controller corrects, deletes, or completes incorrect or unnecessary personal data either on its own initiative or at the request of the data subject.

Right to Restrict Processing

The data subject has the right to request that the data controller restrict processing, for example, if the data subject disputes the accuracy of the personal data. In such a case, processing will be restricted for the time it takes to verify the data's accuracy.

Right to Request Data Deletion or Object to Processing

The data subject has the right to request the deletion of their personal data or to object to its processing when the processing is based on legitimate interest.

Right to File a Complaint with a Supervisory Authority

The data subject may file a complaint about the processing of personal data with the supervisory authority, which in Finland is the Data Protection Ombudsman.

–––––

Joensuu Biocoal Oy Privacy Policy. Register maintained by Joensuu Biocoal Oy, Project Manager Iiro Tiilikainen, iiro.tiilikainen@taaleri.com

Register and Privacy Policy