Terramare is committed to protecting the privacy of its customers, stakeholders and users of its services and to complying with data protection legislation and good data protection practices.
This privacy statement concerns the personal data of the contact persons of Terramare’s customers, service providers and other stakeholders and of visitors to Terramare’s website.
A privacy statement related to job applications is available in the Vacancies section
Contact person in matters concerning the register
Legal basis and purpose of processing
Personal data of representatives of customers and stakeholders
The personal data of representatives of customers and stakeholders is processed to promote business, maintain and develop customer and partner relationships, provide services to customers, fulfil contractual obligations, manage contracts and invoicing, implement partner communications and market services.
The legal basis of the processing of personal data is the implementation of agreements and legitimate interest in conducting and developing business and in the marketing of services. The basis of processing personal data contained in accounting material is statutory obligation. With regard to electronic direct marketing, the basis of processing is the consent of the data subjects.
Information sent by contact form
Visitors to our website may contact us using the website contact form. The form asks for visitors’ contact information so that we can obtain the information required to process their contact requests and respond to them.
Visitors’ personal information is only used to receive, process and respond to proposal, feedback and contact requests. The basis of processing of personal data received via the contact form is legitimate interest to develop services and serve customers and website visitors. Visitors’ information is not used for any other purpose, unless they have given their express consent to this.
If visitors have given your express consent to the processing of their personal data for a specific purpose, they may withdraw their consent at any time via the link included in each email they receive from us. They may also withdraw their consent by informing us of this by email to the address email@example.com.
What data do we process?
With regard to representatives of customers and stakeholders, we process the following data:
- Basic information, such as the name of the contact person, job title and the organisation the person represents
- Company-related information, such as the company’s field of business, information on whether the company has RALA Competence (Construction Quality Association) and in the contracts in which the company has participated
- Contact information, such as postal address, email address and telephone number
- Information related to customer or partner relationship, such as services ordered or provided, information contained in a contract, and invoicing and payment information
- Communications-related information, such as correspondence with the contact person of a customer or service provider
With regard to the contact form, we process the following data:
- Contact information, such as postal address, email address and telephone number
- Communications-related information, such as information written in the free-form field of the contact form and the information contained in the reply
Cookies are used to collect statistics on visitors to the website, such as from which website the visitor reached Terramare’s website and which parts of the website have been viewed. In addition, cookies are used to collect network identification information, such as the IP address of the device and which browser and operating system have been used.
Recipients of personal data
Personal data are not disclosed to third parties unless so required by mandatory legislation.
Terramare uses in its activities service providers that may process personal data based on an assignment on Terramare’s behalf. Such service providers include, for example, marketing services providers and IT services providers that handle the technical maintenance of systems and servers. Service providers are bound by a non-disclosure obligation and they have no right to disclose data to third parties or to use data for a purpose other than in the execution of Terramare’s assignment. Terramare has attended to data protection with its service providers, for example by preparing processing agreements on the processing of personal data.
Personal data are processed, as a rule, within the EU/EEA. However, the IT management systems used by Terramare may allow a service provider to access the data from outside the EU/EEA, for example to provide technical support. If personal data are processed outside the EU/EEA, Terramare puts in place appropriate safeguards to protect the data.
Regular sources of information
Personal data are mainly obtained from the data subjects themselves. In addition, data may be obtained and updated from public sources, such as trade registers, authorities and contact information service providers.
Personal data storage period
Personal data are not stored for longer than necessary for their purpose. As a rule, personal data related to contractual relationships are stored for around two years after the end of the agreement or contract, unless there is a need for a longer processing time, for example due to issues related to warranty obligations. The storage period for personal data related to warranty obligations may, depending on the duration of the warranty, be 10 years from the completion of the contract. Personal data related to payment transactions and invoicing are processed as part of Terramare’s accounting material for the period set out in the Accounting Act, which is six years from the end of the calendar year during which the financial year ends.
Data related to feedback and contact requests are stored, as a rule, for around one month from the contact or until the issue related to the contact has been processed.
Information security and protection of personal data
The principles of personal data storage are set out in the Group’s information security guidelines. Personal data are processed confidentially and processors are bound by professional secrecy. Only those employees whose job description so requires are entitled to access systems and materials containing personal data. Terramare has in place measures to ensure that no personal data about data subjects that are inappropriate, out of date or incorrect for the purposes of processing are stored in the personal data file system.
Personal data processed by Terramare is protected by appropriate technical and organisational measures. Terramare has in place security measures to protect against viruses and malware. The security measures are updated regularly.
The data are processed in databases that are protected by firewalls, passwords and other technical means. Each user has their own system username and password, on the basis of which all log-ins to systems can be authenticated. The databases and their backups are located in locked premises and can only be accessed by designated individuals. Materials containing personal data are destroyed in a reliable way.
Rights of data subjects
Data subjects have the right to inspect the data concerning them and to request the correction of incorrect or inaccurate data or the deletion of their personal data if there are legal justifications for this. If processing of personal data is based on consent, the data subjects have the right to withdraw their consent.
If data subjects have themselves submitted data to Terramare that are processed on the basis of consent or agreement, the data subjects have the right to receive such information in a machine-readable format and the right to transfer these data to another controller.
Data subjects have the right, under the General Data Protection Regulation, to request a restriction on the processing of their personal data and the right to file a complaint about the processing of personal data with the supervisory authority. The supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja(at)om.fi).
For specific personal reasons, data subjects have the right to object to the processing of personal data concerning them where the basis of processing is the legitimate interest of the controller. In connection with such requests, data subjects must specify the particular situation on the basis of which they object to the processing. The controller may refuse to execute the request only on grounds provided for in law. Data subjects also have the right to object to the processing of their personal data for direct marketing purposes, including profiling related to this.
Terramare does not carry out profiling, or make decisions based on automated decision-making, on the basis of the personal data it processes.
Contacts regarding the processing of personal data and changes to the privacy statement
Enquiries and requests regarding the personal data processing described in this privacy statement may be sent to the address firstname.lastname@example.org. We will respond to enquiries and requests without delay and no later than the time limit set out in the General Data Protection Regulation.
Terramare may update this privacy statement, if necessary. The date of the most recent update is marked at the beginning of the privacy statement. We hope you will regularly view the up-to-date data protection information on our website.