Description of file pertaining to section 10 of the Personal Data Act (523/1999)
Name: Ponsse Plc
Ponssentie 22, FI-74200 Vieremä, Finland
Tel. +358 20 768 800
2. Name of data file:
Ponsse Collection Webshop customer register
3. Purpose of processing personal data
The register is used for maintaining customer relationships and contact with customers, and for marketing. The register's information is used for Ponsse Plc's own direct marketing, unless the customer has prohibited direct marketing. Ponsse Plc uses this and other information gathered during the customer relationship to design products and services and to target their products to specific customers.
4. Content of the data file
1. The customer's contact information and order information: last name, first and middle names, the name of the company, business ID, street address, postal code, town/city, mobile number and email address. Possible prohibition of direct marketing. Possible permission for direct marketing. The user name of the customer registered on the Ponsse Collection Webshop.
2. Information about the customer's orders, deliveries and returns.
5. Regular sources of data
The contact and customer information of the register is acquired when the customer relationship is created and when the customer provides notices during its continuation. The customer relationship is created when the customer
1) creates a user name and password for the Webshop, or
2) orders products
A prohibition of direct marketing is saved if received from the customer. Permission for direct marketing is requested separately from the customer according to the Personal Data Act.
6. Regular transfer of personal data to a country outside the European Union or the European Economic Area
No information from the register is released. Information is not transferred outside Finland.
7. Principles of data security
Physical material is stored in a secure location, and access is restricted to authorized personnel only. Digital material: only the authorized employees of the controller and employees of commissioned companies are allowed to use or change the information in the customer register. Each user has their own user name and password for the system. User rights are limited by personal user rights and different user levels to access only the information necessary to complete the tasks of the specific user. The employees using the register are bound by a confidentiality requirement. The customer register and related equipment are situated in secure server rooms. The information is backed up regularly in case of malfunctions. The system is secured against outside intrusions by a firewall. The information is released to outsiders only according to a legal duty of notification, for example after a request from the customer themselves or a legal request from the authorities.