Privacy Policy

This is the privacy policy of Marttilan puu ja metalli, prepared in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR) (last updated on July 5, 2025).

  1. Data Controller

Marttilan puu ja metalli
Yli-Kariojan tie 50
92700 KESTILÄ
Business ID: FI28080137

  1. Contact person responsible for the register

Jorma Marttila, tel. +358 400 155 922, jorma@mart.fi

  1. Name of the register

Marketing and Customer Register of Marttilan puu ja metalli

  1. Legal basis and purpose of processing personal data

The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is the individual’s consent or legitimate interest. The primary purpose of processing personal data is to manage customer relationships: order processing, delivery, customer service, and marketing.

  1. Data Contained in the Registry

The data stored in the registry includes the individual’s name, contact information (phone number, email address, mailing address), order details, billing information, and other information related to the customer relationship.

  1. Regular Sources of Data

The data stored in the register is obtained from messages sent by the customer via order forms, email, telephone, social media services, contracts, customer meetings, and other situations in which the customer provides their data.

  1. Regular disclosure of data and transfer of data outside the EU or EEA

Data is not regularly disclosed to third parties. Data may be published to the extent agreed upon with the customer.

Data may be processed in cloud services located outside the EU or EEA. In such cases, a level of data protection that meets the requirements of the General Data Protection Regulation (GDPR) is ensured.

  1. Principles of Data Protection

Data is processed with due care, and information processed using information systems is appropriately protected. When data is stored on Internet servers, the physical and digital security of the hardware is ensured as appropriate. The data controller ensures that stored data, as well as server access rights and other information critical to the security of personal data, is handled confidentially and is processed only by those employees whose job description includes such duties.

  1. Right of Access and Right to Request Correction of Data

Every individual listed in the registry has the right to review their data stored in the registry and to request the correction of any inaccurate data or the completion of any incomplete data. If a person wishes to review the data stored about them or request a correction, the request must be submitted in writing to the data controller. If necessary, the data controller may ask the person making the request to verify their identity. The data controller will respond to the customer within the timeframe specified in the EU General Data Protection Regulation (generally within one month).

  1. Other rights related to the processing of personal data

A data subject listed in the registry has the right to request that their personal data be deleted from the registry. Data subjects also have other rights under the EU General Data Protection Regulation. Requests must be submitted in writing to the data controller. If necessary, the data controller may ask the person making the request to verify their identity. The data controller will respond to the customer within the timeframe specified in the EU General Data Protection Regulation (generally within one month).