Privacy and Data Protection Policy

This is the Privacy and Data Protection Policy of Palin Granit Oy, compliant with the EU General Data Protection Regulation (GDPR). Updated on 27 January 2025.

1. Data Controller

Palin Granit Oy
Business ID: 0135710-8
Ratakatu 33
52100 Lappeenranta, Finland

2. Contact Person for Data Protection Matters

Maria Palin
Email: maria.palin@palingranit.fi
Phone: +358 40 7069866

3. Purpose and Legal Basis for Data Processing

The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) includes:

• The legitimate interest of the data controller, based on the customer relationship between the data subject and the data controller.

• The performance of a contract.

• Compliance with legal obligations.

The purpose of processing personal data is to maintain contact with customers, manage customer relationships, deliver services and products, conduct marketing and communication, and comply with legal obligations.
Personal data is not used for automated decision-making or profiling.

4. Processed Personal Data

The data stored in the register includes:

• Contact details: Name, position, company/organization, phone number, email address, and physical address.

• Customer relationship information: Details of ordered services and changes to them, billing information, and other information related to customer relationships and services.

• Technical data: IP address, social media profiles/accounts.

• Website visitors: IP addresses and cookies necessary for website functionality are processed based on legitimate interest, for purposes such as ensuring security and collecting visitor statistics. Consent is requested separately for third-party cookies when required.

5. Data Retention Period

Personal data is retained as long as necessary for the purposes of processing or as required by law.

6. Regular Data Sources

Data stored in the register is collected from the customer via email, phone, social media platforms, agreements, customer meetings, and other situations in which the customer provides their information.
Information about company and organizational representatives may also be collected from public sources such as websites, directory services, and other companies.

7. Regular Disclosures and Data Transfers

Personal data is not disclosed to third parties unless required for service delivery or by law.
Data is not transferred outside the EU or EEA without appropriate safeguards.

8. Principles of Register Protection

The processing of the register is conducted with care, and data processed via information systems is adequately protected. When data is stored on internet servers, the physical and digital security of the hardware is ensured appropriately.
The data controller ensures that stored information, server access rights, and other critical data are handled confidentially and only by employees whose duties require access to the data.

9. Right of Access and Rectification

Every individual in the register has the right to access their personal data and request the correction of incorrect or incomplete information. If an individual wishes to check their stored data or request corrections, the request must be submitted in writing to the data controller.
The data controller may request the requester to verify their identity. The data controller will respond within the time frame stipulated by the GDPR (usually within one month).

10. Other Rights Related to Data Processing

Individuals have the right to request the deletion of their personal data from the register ("right to be forgotten"). They also have other rights under the GDPR, such as the right to restrict data processing in certain situations.
Individuals have the right to object to the processing of their data and to withdraw their consent at any time. Requests must be submitted in writing to the data controller.
The data controller may request the requester to verify their identity. The data controller will respond within the time frame stipulated by the GDPR (usually within one month).

11. Cookies

Our website uses cookies to enhance the user experience. We also use analytics cookies to monitor website traffic and usage. Users can accept or decline cookies in their browser settings.

12. Changes to the Privacy Policy

This privacy policy may be updated as necessary. The updated privacy policy will be published on the website, and users will be informed if needed.