Privacy Policy

Data Controller

J-matic Oy (1962851-9) Hereinafter referred to as "the Company" in this policy.


Person responsible for data protection matters and/or contact person

Jarkko Laukkanen

+358407662537

jarkko.laukkanen@j-matic.com


Name of the personal data register

J-matic Oy customer and marketing register

This privacy policy applies to the processing of personal data related to our website, marketing, customer relationship management, and the products and services we offer.


Collected personal data and data sources

We collect personal data necessary for managing the customer relationship.


Data category (Examples of data content):

  • Identification and contact details (Customer's and/or representative's name and contact details.)
  • Information regarding products and services, their orders, and customer communication (Information about orders, order delivery times, and details related to contracts, billing, customer communication, and complaints.)
  • Information related to marketing (including direct marketing) and events, as well as consents and prohibitions given by the data subject (Contact details for marketing purposes, and information collected in connection with events and occasions. Consents and prohibitions regarding direct marketing.)
  • Information regarding the use of websites and other electronic services (IP address, electronic communication identification data, search and browsing data, browser and operating system information, and registration data.)


We collect personal data from the data subjects themselves, as well as from publicly available registers maintained by authorities and other external sources, such as the trade register or other similar public business registers. In addition, we collect information from those who have filled in contact forms and use it for the above-mentioned purposes related to maintaining the customer relationship.


Purpose and legal basis for processing personal data

Personal data is processed within the limits permitted by applicable legislation for the following purposes:

  • Delivery of products and services and entering into customer agreements (contractual relationship or its preparation)
  • customer relationship management (legitimate interest)
  • informing and advising about services (legitimate interest)
  • testing of online services (legitimate interest)
  • development of products and services (legitimate interest)
  • collection and analysis of user statistics (consent, legitimate interest)
  • improving the user experience of our website and other services (consent, legitimate interest)
  • billing, credit decisions, and debt collection (legitimate interest)
  • marketing communications (legitimate interest)
  • direct marketing, including electronic direct marketing and telemarketing, as well as planning and measuring the effectiveness of advertising and marketing, and combining and updating personal data for direct marketing purposes (legitimate interest, consent)
  • managing stakeholder relationships and subcontracting, as well as cooperation with service providers (legitimate interest, contractual relationship or its preparation)
  • internal reporting and other administrative measures (compliance with legal obligations)
  • handling warranty and defect liability matters, processing complaints, and managing court and authority proceedings (legitimate interest)
  • preventing and investigating misuse, and ensuring information security and the safety of persons and property (legitimate interest)
  • fulfilling other statutory obligations (e.g., accounting and tax-related activities) and reporting obligations.
  • When the processing of personal data is based on the consent given by the individual, the individual may withdraw their consent at any time by notifying the above-mentioned contact person.


The processing of personal data may be necessary for the implementation of the legitimate interests of the Company and the data subject's customer relationship. The Company has a legitimate interest in processing personal data for marketing, service, and customer analyses and service testing. Marketing purposes may also involve profiling. In such cases, the data subject has the right to object to the processing of personal data. When personal data is processed based on legitimate interest, we have assessed the benefits of the processing and potential harm to the data subject, and we have concluded that the rights and interests of the data subjects do not override the legitimate interest. We provide additional information about the processing of personal data based on legitimate interest upon request.


Processors of personal data

Only persons responsible for customer relationship management and marketing have access to personal data.


Recipients of personal data

Various service providers and other third parties, such as providers of technical solutions or server space, or accounting and financial management service providers, may also be used in the processing of personal data. We ensure that the required agreements under data protection legislation are in place with the parties we use for processing personal data.


Personal data may be disclosed to third parties in situations required by legislation or authorities, or for investigating misuse and ensuring security. In addition, personal data may need to be disclosed in connection with court proceedings or similar legal proceedings.

If the Company is involved in a merger, business acquisition, or other corporate arrangement, personal data may be disclosed to the parties involved in the arrangement or to those assisting in the arrangement.


We provide additional information about the recipients of personal data upon request.


Transfer of personal data outside the European Economic Area

Personal data is not transferred outside the European Union or the European Economic Area unless it is necessary for the technical implementation of the service. In possible situations of data disclosure and transfer, the level of data protection required by data protection legislation and other necessary safeguards are followed.


We provide additional information about the transfers of personal data and the safeguards used upon request.


Cookies

We use cookies and other similar technologies on our website. A cookie is a small text file that the browser stores on the user's device. Cookies contain an anonymous, unique identifier that allows us to identify and count the different browsers visiting our website. The purpose of using cookies and other similar technologies is to analyze and further develop our services to better serve users and to target advertising. Users can manage their consent through the cookie tool on our website.


Protection of personal data

We protect personal data with appropriate technical and organizational measures. Data is collected in databases that are protected by firewalls, passwords, and other technical security measures. The databases and their backups are located in locked and guarded facilities, and only certain pre-designated individuals have access to the data.


Retention period and deletion of personal data

Personal data is retained for as long as it is needed for the purpose for which it was collected and processed, or for the performance of a contract, or for as long as required by law and regulations. After this, personal data is appropriately destroyed.


Rights of the data subject

The data subject has the following rights:


  1. Right of access to personal data. The data subject has the right to receive confirmation of whether their personal data is being processed and other information regarding the processing of personal data in accordance with data protection legislation. The data subject has the right to obtain a copy of their personal data.
  2. The data subject may request rectification of data if the data is incomplete or inaccurate.
  3. The data subject may request deletion of data when there is no reason independent of the data subject's consent for processing as referred to in data protection legislation.
  4. The data subject has the right to restrict the processing of personal data if the accuracy or lawfulness of the data so requires, or in accordance with the right to object, the data subject requests that the processing of personal data be limited to data storage only. The data subject has the right to object to the processing of data for direct marketing purposes based on the Company's legitimate interest.
  5. The data subject may request the transfer of data to another data controller. The right to data portability applies, in principle, to personal data that the data subject has provided to the data controller in a structured and machine-readable format, and the processing of which is based on the data subject's consent or a contract, and/or where the processing is carried out automatically.
  6. Right to withdraw consent. If the processing of personal data is based on the consent given by the data subject, the data subject has the right to withdraw their consent to the processing of their personal data. Withdrawal of consent does not affect the processing carried out prior to the withdrawal.
  7. The data subject should send requests regarding their rights in writing or by email to the following contact details:


J-matic Oy

Inspection/other request regarding personal data

Jarkko Laukkanen

+358407662537

jarkko.laukkanen@j-matic.com


The identity of the person making the request may be verified before processing the request. The Company responds to requests within 1 month of the request being made, unless there are special reasons to extend the response time.


The data subject has the right to file a complaint with the competent data protection authority if the data subject considers that their personal data has been processed in violation of data protection legislation.


The contact details of the Finnish data protection authority can be found here.