Privacy and cookie practices

This statement describes how Pirkanmaan kierrätys ja työtoiminta ry processes the personal data of its customers and partners. This processing takes place in the manner required by the EU's General Data Protection Regulation (GDPR) and other data protection legislation. This statement was last updated on 11 January 2023.

Pirkanmaan kierrätys ja työtoiminta ry

Business ID: 2412683-9

Address: Vihiojantie 2, 33800 Tampere

Email: info@pirkanmaankierratys.fi

Phone: 045 882 4066

Executive Director Mauri Hakala

mauri.hakala@pirkanmaankierratys.fi

Delivery and customer register of Pirkanmaan kierrätys ja työtoiminta ry

We collect only such personal data as is necessary for carrying out our activities, developing services, managing customer relationships, developing the website, managing stakeholder relationships, delivering goods, and recruiting new employees.

For private customers, the processing of personal data is based on the person's informed and unambiguous consent (contacting the data controller, ordering a goods pickup) and the data controller's legitimate interest (customer relationship). The purpose of using the personal data is communication with customers and fulfilling the contractual obligations of the customer relationship. The data controller has the right to carry out marketing on the basis of legitimate interest.

For business customers and partners, the processing of personal data is based on a contract, the person's unambiguous consent, and the data controller's legitimate interest. The purpose of using the personal data is communication with business customers and partners, maintaining customer and cooperation relationships, and fulfilling contractual obligations. The data controller has the right to carry out marketing on the basis of legitimate interest.

For private customers, the data that may be stored in the register includes: the person's name, address, phone number and email address, electronic communication identifiers (e.g. the IP address of the network connection), as well as information about ordered products or services and other necessary information related to the customer relationship and the ordered products or services.

For business customers and partners, the data that may be stored in the register includes: the person's name, title or position, organization, work-related contact details (phone number, email address, address, social media username), the address of a work-related website, electronic communication identifiers (e.g. the IP address of the network connection), as well as information about ordered products or services, billing information, and other necessary information related to the customer or cooperation relationship and the ordered products or services.

Personal data is collected in accordance with this privacy statement and is in no situation used, altered, or transferred in any way other than as stated in this privacy statement. The data is not used for automated decision-making or profiling.

The data stored in the register is obtained from the customer themselves, e.g. from messages sent via web forms, by email, by phone, through social media services, from customer service situations, customer meetings, and other ordinary situations related to the customer and cooperation relationship.​

We use cookies on this site. Cookies are small files that the browser stores on the user's device for collecting data and maintaining the connection. With cookies, we collect information about how users use our site and where they came to our site from. The data collected about the use of the website is anonymous, and personal data is not combined with browsing data. With cookies, we can improve our site by analyzing its functionality and usability. Users can, if they wish, block the use of cookies by changing their browser settings. This may, however, affect the usability of the website.

Website visitor numbers and other general anonymous data are tracked using web analytics (Google Analytics) and cookies. If you want to block the use of Analytics in your browser, you can install the Google Analytics browser extension. You can get more information about how Google uses data at policies.google.com/technologies/partner-sites. Any third-party add-on services that may be on the pages (e.g. ads, YouTube videos, Google statistics, or Facebook plugins) may store data used to identify the user. If you want to prevent them from tracking your movements online, you can disable so-called third-party cookies in your browser settings.

Information stored in the register is not regularly disclosed to third parties, nor is it transferred outside the EU or the EEA. Some of the personal data in the registermay be located on Google's servers outside the EU or the EEA due to the necessity of technical implementation. You can read about Google's privacy policies at policies.google.com/privacy/.

If personal data is transferred outside the EU or the EEA, it is done in accordance with the provisions of the data protection regulation in order to maintain an equivalent level of privacy protection, using authority-approved standard contractual clauses and processor agreements where necessary, and by requiring compliance with appropriate technical and other data protection measures.

However, information stored in the register may be disclosed in the manner specified by legislation for lawful purposes to domestic authorities, if a competent authority requires the controller to disclose specifically identified information from the register.

Personal data in electronic form is protected by means generally accepted in the industry, using technical and administrative measures such as passwords and firewalls. Materials containing personal data from the register that are not in electronic form are located in premises to which access by unauthorized persons is prevented. Access rights to servers and databases are held only by persons who need the data in question to perform their work duties.

The transfer of data that takes place on the website in connection with ordering transport is carried out using the Secure Sockets Layer (SSL) protocol. This is an encrypted connection that ensures the encryption of the data being transferred. You can check the security of the connection by clicking the lock icon in the address bar. If personal data containing a personal identity code is transferred by email within the association, it is done in a protected manner.

Only a service provider belonging to the controller's staff, or one involved in data processing acting on its behalf, has access to the personal data processed in the register in accordance with the granted access rights and in accordance with the data protection legislation in force. 

If data is processed by a subcontractor in accordance with an agreement made with the controller, the contractual terms ensure the arrangement of appropriate protective measures and confirm that the processing of personal data meets the requirements of the data protection legislation.

The data subject has the right to inspect the data stored about them in the register. The inspection request must be precise and specified, and it must be submitted in writing and signed to the controller's contact person, whose contact details are recorded in section 2 above. The person making the inspection request must be able to prove their identity reliably. The controller responds to the customer within the time prescribed in the EU data protection regulation.

The data subject has the right to demand the rectification of incorrect data concerning them, the completion of incomplete data, or the deletion of their data from the register (”right to be forgotten”). Requests concerning this matter must be submitted in writing to the controller's contact person. The person making the request must be able to prove their identity reliably. The controller responds to the customer within the time prescribed in the EU data protection regulation.

The data subject has the right to demand the restriction of the processing of their personal data in the manner specified by the EU data protection regulation. The data subject has the right to object to the processing of their data, automated decision-making and profiling. The data subject has the right to lodge a complaint about the processing of personal data with the competent supervisory authority, if the controller has not complied with the applicable data protection regulations in its activities. The controller responds to the customer within the time prescribed in the EU data protection regulation.

The controller deletes a personal customer's data from the register when there is no longer a business or other comparable basis for the processing or retention of the data, or if the person concerned, on the basis of law, requires the controller to delete the data concerning them. Personal data is destroyed appropriately, taking data protection into account.

However, data is not deleted if the law provides otherwise, or a competent authority has initiated a process that requires the controller to retain the data, or if some other party has applied to a competent court for a protective order for the data.

Personal data may also be retained longer than this in the event that the association's contractual obligations toward third parties require a longer retention period.

The personal data of business customers and cooperation partners is retained for as long as it is necessary for invoicing or cooperation.​

The privacy policy is updated as needed, e.g. as our services develop and as legislation changes. You can always find the latest version of this policy on our website pirkanmaankierratys.fi.