Privacy Policy

This privacy policy tells you what kind of personal data we may collect about you when you order our products or services or when you contact our company, A&R Works Oy Ab, and for what kinds of purposes we may use such data. By using our service, you accept the processing of your data in accordance with this privacy policy.

This privacy policy also includes the description of file data pursuant to Sections 10 and 24 of the Personal Data Act (523/1999) and the EU General Data Protection Regulation (GDPR).

CONTROLLER
A&R Works Oy Ab
Emalikatu 2, 04440 JÄRVENPÄÄ.
Tel +358 207 432 330, Business ID: 0684750-1
Contact person for register affairs: Anders Granberg, .

PURPOSE OF PERSONAL DATA PROCESSING
Customer relationship management and maintenance. This may mean, for example, replying to contact requests, developing services or entering an order.

REGISTER DATA CONTENT
Contact information: Name of company, name of person, title, address details, phone numbers and email addresses, as well as any additional information provided by the customer.

REGISTER PROTECTION
The register is protected from outsider access and it is also protected by personal user names and passwords. The register is used by A&R Works Oy Ab personnel members, whose duties entail making use of the register and who are subject to a non-disclosure agreement. There is no manual register.

REGULAR DISCLOSURE OF DATA
For purposes of direct marketing in accordance with Section 19 of the Personal Data Act. A&R Works Oy Ab and the other companies belonging to the same group (Star Works Group Oy Ab) have the right to access the register data for justified purposes in accordance with Section 8 of the Personal Data Act and other applicable legislation.

Additionally, we disclose data (the customer’s name, contact person, telephone number, e-mail address and delivery address) to the following:

Transport firms for the delivery of orders,
Clients for special pricing, product queries, installations or delivery data.
The parties mentioned above have undertaken to comply with the requirements of the data protection regulations.

REGULAR DATA SOURCES
Customer data is regularly obtained from the customers themselves when the customer relationship is born and while it lasts.

COOKIES AND OUR COMPANY HOME PAGES
Our company home pages and the online shop use cookies. A cookie is a small text file, which the website sends to the user’s computer. Cookies are normally used to save user-specific settings. This data cannot be linked to any personal data and, being anonymous, it cannot be used to identify the user. You can avoid cookies by modifying your browser software settings and prohibiting the use of cookies, but in that case our pages will not work properly.

DATA TRANSFERS BEYOND THE EU
If we store personal data beyond the EU or the European Economic Area, we make use of service providers that are Privacy Shield certified and committed to complying with the EU Data Protection Regulation. Such service providers include Microsoft and Google among others. We do not regularly disclose personal data to any third party.

AUTOMATED DECISION-MAKING AND PROFILING
We do not use the data for any automated decision-making or profiling.

RIGHTS OF THE DATA SUBJECT
The data subject has the rights specified below and any request to exercise these should be made to the following address:

A&R Works Oy Ab
Anders Granberg
Emalikatu 2
04440 Järvenpää

The person requesting registered data should prove their identity in conjunction with submitting the written request.

Right to Inspect
The data subject can review the personal data we have saved.

Right to Correct the Data
The data subject can request the correction of incorrect or inadequate data.

Right to Object
The data subject can object to the processing of personal data if the subject finds that this data has been processed unlawfully.

Prohibition of Direct Marketing
The data subject has the right to prohibit the use of the data for direct marketing.

Right to Erasure
The data subject has the right to request the erasure of the data if processing it is not necessary. We will process the erasure request, after which we will either erase the data or notify you about a justified reason why the data cannot be erased. It must be taken into account that the controller may have a statutory right or some other right to refrain from erasing the requested data. The controller is obligated to keep the accounting records for the time (10 years) specified in the Accounting Act (Chapter 2, Section 10). Due to this, no records related to accounting can be erased before the expiry of that period.

Revocation of Consent
If the processing of the data subject’s personal data is based only on consent and not, for example, on customership, the data subject can revoke its consent. The data subject can file a complaint about the decision to the data protection ombudsman. The data subject has the right to demand that we restrict the processing of the disputed data until the matter is resolved. The data subject has the right to file a complaint to the data protection ombudsman if the subject finds that we are violating the current data protection legislation while processing personal data.

Data protection ombudsman’s contact details: www.tietosuoja.fi/fi/index/yhteystiedot