Privacy Policy

1. Data controller

Profiilikeskus Oy
Business ID: 3278071-8
Teppolantie 4, FI-90440 Kempele
puh. +358 8 5634 700

Profiilikeskus acts as the data controller for the personal data you provide to us as our customer when purchasing and using our products and services. As the data controller, Profiilikeskus is responsible for all personal data you provide and its processing. Privacy is about trust, and protecting your privacy and personal data is of utmost importance to Profiilikeskus. Therefore, we collect your personal data only to the extent necessary to provide you with high-quality products and services. The methods and purposes of processing your personal data are described in more detail in this privacy policy.

2. Contact person for data protection matters

Ulla Linna, email: etunimi.sukunimi@nullprofiilikeskus.fi

3. Register name

Profiilikeskus Oy customer register

4. Purpose of processing personal data

Profiilikeskus processes customers’ personal data primarily for providing products and services, fulfilling service obligations, and managing customer relationships. In addition, Profiilikeskus may process personal data for customer surveys, such as satisfaction surveys, and for direct marketing purposes within the limits allowed by law, unless the data subject has prohibited the use of their data for direct marketing.

The legal basis for processing personal data is either the performance of a contract between Profiilikeskus and the data subject, Profiilikeskus’s legitimate interest, or the consent given by the data subject. Processing is necessary so that Profiilikeskus can fulfil the contract made with you. Legitimate interest applies, for example, when data is processed for administrative purposes or to prevent and investigate misuse.

Processing of identification data is necessary to verify personal purchasing rights and the correctness of personal transactions.

5. Content of the register

Customer basic information:

  • First and last name
  • Street address, postal code, and city (no hidden or confidential address data is collected; the provider is responsible for accuracy)
  • Email address and phone number
  • Date of birth and personal identity code for account setup

Data possibly recorded due to customer relationship:

  • Purchases by location, total amount, product group, and product
  • Data collected for customer relationship development
  • Information about services and products that may interest the customer
  • Other information voluntarily provided by the customer

Data possibly recorded based on customer request:

  • Direct marketing opt-out
  • Opt-out from marketing surveys

6. Regular sources of data

Profiilikeskus collects data directly from the customer when making or receiving offers or orders, and when the customer interacts with Profiilikeskus via online services or other electronic channels.

7. Transfer of personal data

Profiilikeskus may transfer personal data to third parties for the purposes described in this policy, as specified below. Contractual arrangements ensure that data is processed only for the defined purposes.

Processors of personal data may include subcontractors, transport service providers, payment and fraud prevention service providers, and credit information companies.

Data may also be transferred to technical service providers as part of system implementation. Processing obligations are defined in agreements between the parties.

Data may be disclosed to authorities only when required by law.

Data may also be used or disclosed if required by law, regulation, or legal request, or for defence against legal claims.

8. Data security principles

Paper records are stored in locked premises at Profiilikeskus locations.

Digital data is stored in a database accessible only to designated personnel who require access for their duties and who are bound by confidentiality obligations.

IT systems are located in a secure data center with restricted access and firewall protection.

Access to systems is limited to authorised personnel using personal usernames and passwords within the internal network.

9. Retention and deletion of data

Retention time depends on the type of data and its purpose. Personal data is stored only as long as necessary for fulfilling the purpose of processing or as required by law or contractual obligations.

For example, accounting data must be retained for up to 10 years under accounting legislation.

When data is no longer needed, it is deleted from systems or irreversibly anonymised.

10. Rights of the data subject

Under the EU General Data Protection Regulation (GDPR), data subjects have several rights:

  • Right of access: The right to know whether data is processed and to access it.
  • Right to rectification: The right to correct inaccurate or incomplete data (some data cannot be retroactively changed).
  • Right to erasure: The right to request deletion when there is no legal basis for processing or retention obligations have ended.
  • Right to restriction of processing: In certain cases, the right to limit processing.
  • Right to data portability: The right to receive data in a structured, commonly used format and transfer it to another controller.
  • Right to object to direct marketing: The right to prohibit processing for marketing purposes and withdraw consent at any time.

Requests can be made via customer service listed in section 1. Profiilikeskus will respond without undue delay, generally within one month.

11. Final provisions

Profiilikeskus reserves the right to update and modify this privacy policy. Unless otherwise required by mandatory legislation, changes may not be individually notified, so users are advised to review this policy periodically.