Data protection

General privacy notice

Data protection is a part of GRK’s responsible business and we want to ensure that your personal data is processed in an appropriate manner, respecting your privacy. On this page you will find general information about the processing of your personal data. For more detailed information about the processing of your personal data, please click on the links at the bottom of the page to access the detailed privacy notices.

1. What personal data do we process about you??

We only process data about you that is necessary for the purposes for which it is collected. We verify the legal basis for processing your personal data before processing it. The categories of personal data and the legal basis for processing vary from one purpose to another, so please check the applicable privacy notice for further details regarding yourself.

2. To whom do we disclose your personal data and is it transferred to third countries?

In general, we do not disclose your personal data to third parties.

If we are required to disclose your data by applicable law or by an obligation imposed on us by a public authority, we will examine the request on a case-by-case basis to ensure that the disclosure of your data is lawful.
We may also disclose your data to a third party if we have agreed with you to do so.
Some service providers who have a contractual relationship with us may process your personal data on our behalf as part of the provision of their services, pursuant to a data processing agreement with each service provider as required by applicable data protection legislation.

We do not use your personal data for automated decision-making that would have legal or similar effects on you.

Your personal data may be transferred outside the European Union or the European Economic Area in accordance with and within the limits of data protection legislation.

We have ensured an adequate level of data protection in accordance with the requirements of the EU General Data Protection Regulation, including in situations where data is transferred outside the EU or EEA, by complying with the equivalence decisions adopted by the European Commission.
Where necessary, we use standard contractual clauses adopted by the European Commission or binding corporate rules, with additional safeguards in place.

3. How long do we retain your personal data?

We retain your personal data for as long as it is necessary for the purposes for which it is processed and as required by the applicable law.

Retention periods and methods vary between different purposes, so please check the rules that apply to you in the more detailed privacy notice.

4. How do we protect your personal data?

We only grant access to the representatives of the controller who are bound by the obligation of confidentiality and who have a legitimate need to process the data of the register for the exercise of their duties

We have provided our employees and service providers with binding written instructions and provisions on the processing of personal data and data protection, which they have undertaken to comply with.

The security of our information systems is adequately ensured, including through encryption and other technical safeguards.

We regularly review our personal data processing activities and the systems and devices used in them, including assessing the risks inherent in our personal data processing activities, for example when new technologies are introduced.

Our activities are designed to safeguard the confidentiality, availability and integrity of the personal data we process and to ensure that your rights are respected.

5. What rights do you have?

As a data subject, you have rights under data protection law which you can exercise, for example, by contacting tietosuoja@grk.fi. For instance, you have the following rights:

Right of access to data

You have the right to review what personal data we process about you. We may refuse to give you information if there is a legal ground for doing so. In principle, exercising this right is free of charge.

Right to request rectification, erasure or restriction of processing

You have the right to request us to correct inaccurate information about you. In addition, you may request us to erase data concerning you or to restrict processing on the grounds provided for by law.

Right to object

You have the right to object to the processing of your personal data where we process your personal data on the basis of a legitimate interest.

Consent to direct marketing

You can give us your consent or opt-out of direct marketing through various channels.

Right to data portability

If you have provided us with data that is processed on the basis of your consent or contract, you have the right to obtain the data yourself, in principle in machine-readable form, and to transfer this data to another controller.

Right to file a complaint to the supervisory authority

You have the right to file a complaint to the supervisory authority if you consider that we have not complied with the data protection legislation applicable to us. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman, whose contact details and instructions can be found at www.tietosuoja.fi.

6. Changes and questions

We may make changes to this privacy notice, so please check this notice regularly.

If you have any questions about our privacy practicies, please contact us for further information at tietosuoja@grk.fi.