Data file processing principles and data protection principles concerning Tammer Brands’ customer database

This personal data file sets out the principles for processing Tammer Brands’ association customers’ data. This personal data file sets out general rules, operating methods and data protection principles.

Version, author and reviewer details, and period of validity

Version 2016032300

Compiled by: Kyuu Eturautti
Reviewed by: Erika Haarla, Alpo Herrainsilta

Valid from: 10 May 2016

Controller data

Tammer Brands Oy
Viinikankatu 36
33800 Tampere, Finland

Tel.: +358 (0)3 2521 111
Email: ciso@tammerbrands.fi

Important contact persons:

– Data security and data protection matters, Data Security Manager Kyuu Eturautti

– Webstore and other electronic services, Erika Haarla

– Invoicing and accounts, Alpo Herrainsilta

Purpose of the data file

Tammer Brands` customer register is used at Tammer Brands as a basis for customer identification, marketing, sales, invoicing and other customer contact.

Data content and sources of data

Raw data content includes data received from the customer, such as a company’s background details, name and contact details, business ID, contact details for the contact person, invoicing data, language choice and other basic information. The customer is responsible for the accuracy of data and for updating the data as necessary.

Ongoing, automatically accumulating data content includes a history of completed offers, sales and contact.

Data obtained from third parties encompasses credit details and other corresponding services wherein third parties provide general corporate data services. Inspections may also be carried out from general public administration sources.

In addition to the primary customer database, customer data may also be linked to other Tammer Brands internal systems, such as the Tammerbrands24h.fi webstore, the TammerLink data transfer system, Tammer Brands Outlet`s customer database, various forms such as registration systems, and other Tammer Brands services. Where technically possible, we aim to only use one primary database in order for data to remain up-to-date in various systems.

Protection and principles of data handling

Primary data content is stored in Tammer Brands Oy’s own information systems, which are located on the company’s own premises. The logical data location is appropriately protected using modern access control systems. The data’s physical locations are protected using efficient access control and theft prevention systems. When using third-party services, only the amount of data absolutely required for the survey will be transferred, never full data files.

Data storage time, statistics and data transfer

Customer data will be primarily be stored in systems until further notice, for as long as the active customer relationship continues. Data can be removed from the system at the customer’s own request, due to a cessation in the customer’s business activities, merger or other company reorganisation, or if customer events stop for a long time. In such cases the customer data will be removed from active use with a marking. The final removal of data will not however be completed for as long as there are open account transactions, issues with liability in commerce such as the Product Liability Act (Tuotevastuulaki 694/1990) so require with reason, or if the removal of data would endanger the minimum storage period required by the Accounting Act (30.12.1997/1336).

A customer data entity may be used as statistical material in Tammer Brands` own operations for business development purposes.

Customer data can be used for the implementation of surveys aiming to develop business operations. Third-party survey systems may be used in the surveys. Responses to the surveys are voluntary. The third party implementing a survey is responsible for ensuring that contact details are only stored in their system for the time absolutely necessary for the implementation of the survey.

Customer data may be used for general marketing communications only by Tammer Brands` own marketing. Tammer Brands may use third party services in its customer communications, such as a printing house’s posting service or e-mail communications tools. Any third party is responsible for ensuring that contact details are only stored in their system temporarily for the time absolutely necessary for the implementation of the communications campaign. Data will not be disclosed to other parties for marketing purposes.

Customer data will not be disclosed outside of the European Economic Area, nor will it be disclosed to third parties with the exception of authorities with the relevant permissions. We also require corresponding practices from the third parties specified in this personal data file.

Making changes

Where changes affect the status of the storage or processing of customer data, customers must be informed by e-mail at least one month before changes to this personal data tiettietofile come into effect. If the change is caused by legislation or official regulations that have come into effect very rapidly, the period of notice between informing the customer and the change coming into effect could be shorter.

Changes which do not affect customers’ status or the processing of their data may be carried out without advance notice. Changes to e.g. Tammer Brands`contact details are considered to be such changes.

Feedback and disputes

We are glad to receive feedback and suggestions on how to develop customer data processing and our other activities.

Any possible disputes will be dealt with at the Tampere District Court.

Change of company name

This document has been updated on March 19th 2019 to reflect the new name of the company, Tammer Brands Oy, replacing the old name Tammer-Tukku oy. The data security principles have not been altered.