Privacy Policy

EU General Data Protection Regulation (679/2016)

1. DATA CONTROLLER

Hydoring Oy
Business ID: 1030412-0
Porakalliontie 2
21800 Kyrö
Tel: +358 20 765 6900

2. CONTACT DETAILS FOR MATTERS RELATED TO THE REGISTER

Person responsible for the register: IT Manager
Phone: +358 20 765 6939
Email: privacypolicy@hydoring.com

3. NAME OF THE REGISTER

Hydoring Oy’s register describing personal data processing activities

4. PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The primary legal basis for the processing of personal data is an agreement regarding a customer relationship between Hydoring Oy and a client organization or business partner, or another relevant connection based, for example, on the data subject’s consent.
Personal data may be processed for the following purposes by Hydoring Oy or its authorized partner:

  • Provision, delivery, production and development of Hydoring Oy’s services and products.
  • Managing and maintaining the customer relationship between Hydoring Oy and the customer, as well as implementing, developing and monitoring customer service and related communications and marketing.
  • Personal data may also be processed in connection with other measures related to the management of the customer relationship.
  • Personal data is also processed for the establishment and marketing of potential new customer relationships (e.g. data collected at trade fairs).
  • Personal data is also processed for the purposes of orders, invoicing, communications, transactions, and reporting, as well as for the development of Hydoring Oy’s business operations.
  • In addition, personal data is processed for recruitment purposes.

5. CONTENT OF THE REGISTER

The categories of persons whose data may be processed include contact persons of client organizations that are or have previously been customers of Hydoring Oy, contact persons of business partners, and individuals who have otherwise been in contact with Hydoring Oy.
The following data concerning the data subject may be stored:

  • Basic information such as first and last name, employer details, and job title.
  • Contact details such as email address and phone number.
  • Information related to communications between Hydoring Oy and the client organization, as well as any content produced by the data subject that may be recorded in connection with such communications.
  • Recruitment-related data, such as information contained in a CV and job application.
  • Other customer-related data, such as information collected from website usage that can be associated with the data subject, including the user’s browser, IP address, time of visit, pages visited, the website from which the user accessed the site, and the server through which the user accessed the website.
  • Any other information provided by the customer and any content produced by the customer (e.g. a contact request submitted via the website).

6. RETENTION PERIOD OF PERSONAL DATA

Hydoring Oy retains personal data in its systems until the legal basis for storing the personal data no longer exists. The retention periods comply with the legislation in force at any given time.
With regard to recruitment, personal data is retained for six months.

7. PROFILING

7.1 Use of cookies

We may collect information about the user’s device through cookies and other similar technologies, such as the browser’s local storage. A cookie is a small text file that the browser stores on the user’s device. Cookies often contain an anonymous, unique identifier that enables us to recognize and count the browsers visiting our website.

7.2 Data collection by third parties

Third parties refer to entities outside Hydoring Oy, such as advertisers, advertising networks, and providers of measurement and tracking services. These so-called third parties may place cookies on the user’s device when the user visits our services, for example to provide targeted advertising or to compile statistics on visitor numbers across different websites.
Since the user’s browser retrieves advertisements set by a third party from a server outside Hydoring Oy, these third parties may view, modify, or set their own cookies as if the user were visiting their websites directly. Through contractual arrangements, we aim to ensure that these third parties comply with the legislation in force at any given time as well as applicable industry self-regulatory guidelines.

Our services may include so-called social media plugins, such as the LinkedIn Like button. For example, LinkedIn social media plugin buttons may appear in certain parts of our services, but their content is delivered directly from LinkedIn. When a visitor accesses our service, the LinkedIn social media plugin recognizes whether the user is logged into LinkedIn, and the page may display customized content within the plugin as if the user were visiting LinkedIn.com. If the user is not logged into LinkedIn, the social media plugins will not display customized content.

LinkedIn may collect information about the visitor’s access in accordance with its privacy policy in force at any given time. LinkedIn does not disclose the data it collects to Hydoring Oy unless the user has given explicit consent for such disclosure.

The user may review the terms of the respective social media services on each service’s own website.

Our services may also contain links to websites other than those mentioned above, but we are not responsible for the privacy practices or content of such external websites. We recommend reviewing the privacy policies of each website individually.

8. REGULAR SOURCES OF INFORMATION

Data is primarily obtained from the data subject, through the client organization when establishing a customer relationship, or from business partners. Data is also obtained from events related to customer relationships and communications.

9. REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA

Personal data is not disclosed to external partners acting on behalf of Hydoring Oy.
Customer data is not transferred outside the European Union or the European Economic Area.

10. PRINCIPLES OF REGISTER PROTECTION

Any manual records are stored in a locked facility accessible only to specifically authorized persons. Only those employees of Hydoring Oy who are entitled to process personal data as part of their duties and who are bound by confidentiality obligations are authorized to use systems or digital materials containing personal data.
The data is stored in databases protected by firewalls, passwords, and other technical measures, including controlled granting and monitoring of access rights, the use of encryption technologies, and the provision of instructions to personnel involved in the processing of personal data.

11. RIGHTS OF THE DATA SUBJECT RELATED TO THE PROCESSING OF PERSONAL DATA

11.1 Right to object to the processing of personal data and to direct marketing

The data subject has the right, on grounds relating to their particular personal situation, to object to processing activities directed at them which Hydoring Oy applies to the data subject’s personal data, insofar as the processing is based on the customer relationship between Hydoring Oy and a client organization or business partner.
The data subject may submit a request to object in accordance with section 12 of this privacy policy. In connection with the request, the data subject must specify the particular situation on the basis of which they object to the processing. Hydoring Oy may refuse to comply with a request to object on grounds provided by law.

11.2 Right of access to data

The data subject has the right to verify what data concerning them has been stored in Hydoring Oy’s registers. A request for access must be submitted in accordance with section 12 of this privacy policy. The right of access may be denied on grounds provided by law.

11.3 Right to request rectification, erasure, or restriction of processing

A request for rectification of incorrect, unnecessary, incomplete, or outdated data must be submitted in accordance with section 12 of this privacy policy.
The data subject also has the right to request that Hydoring Oy restrict the processing of their personal data, for example in a situation where the data subject is awaiting a response from Hydoring Oy to a request concerning the rectification or erasure of their data.

11.4 Right of the data subject to data portability

Insofar as the data subject has personally provided data to Hydoring Oy’s registers that is processed on the basis of the data subject’s consent or assignment, the data subject has the right to receive such data in a commonly used machine-readable format and the right to transmit this data to another controller.

11.5 Right of the data subject to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the competent supervisory authority if Hydoring Oy has not complied with the applicable data protection regulations in its operations.

12. CONTACT DETAILS

In all matters related to this privacy policy and in situations concerning the exercise of the data subject’s rights, contact should be made with the person mentioned in section 2.
Hydoring Oy may, if necessary, request the data subject to clarify their request in writing, and the identity of the data subject may be verified if required before taking further action.

13. AMENDMENTS TO THE PRIVACY POLICY

We reserve the right to amend this privacy policy by notifying users in our services. Amendments may be based not only on changes in legislation but also on the development of our services and business operations. We recommend reviewing the contents of the privacy policy regularly.