This is Olmar Finland Oy’s register and data protection statement in
accordance with the Personal Data Act (Sections 10 and 24) and the EU’s
General Data Protection Regulation (GDPR). Prepared on 24 March 2023.
Latest change 24.3.2023.
1. Register holder
Olmar Finland Oy, Mäntyluoto, 28880 Pori
Business ID 3303348-2
Email address: firstname.lastname@example.org
2. Data protection officer
Sami Äijälä, email@example.com, +358 50 363 7781
3. Name of the register
Olmar Finland Oy marketing, customer and online service user register.
4. Legal basis and purpose of processing personal data
The legal basis for the processing of personal data under the EU General Data
Protection Regulation is as follows:
– consent (documented, voluntary, individual, informed and unambiguous) of
– an agreement to which the data subject is one party
– the management of a public task, or
– the legitimate interest of the Data Protection Officer (e.g. customer
relationship, employment relationship, membership).
The purpose of processing personal data is to communicate with customers and
stakeholders, maintain customer relations, to save job applications, access
permit applications and safety induction training, and to market the company
and its services.
The information will not be used for automated decision-making or profiling.
5. Data content of the register
Information stored in the register consists of: data subject’s name,
company/organization, date of birth, vehicle registration number, contact details
(phone number, e-mail address, address), website addresses, IP address of the
network connection and information submitted through an open job application.
6. Regulation-compliant sources of information
The data to be stored in the register is obtained from the customer via the online
forms sent by the customer and the newsletter subscription in which the
customer provides his data.
7. Regulation-compliant disclosure and transfer of data outside the
EU or EEA
In accordance with the regulation, the data will not be disclosed to parties other
than Olmar Finland Oy for internal use.
Data will not be transferred by the data controller outside the EU or EEA.
8. Data protection policies of the register
The register will be handled with care and data processed using information
systems will be protected appropriately. When register data is stored on Internet
servers, the physical and digital data security of the equipment will be ensured
adequately. The Data Protection Officer will ensure that the stored data and
server user rights and other critical data related to protection of personal data
are handled confidentially and only by employees to whose job description it
9. Right of inspection and the right to demand rectification of data
Every person in the register has the right to check their personal data stored in
the register and to demand the rectification of any incorrect information or the
completion of incomplete data. If a person wishes to check or demand
rectification of stored data, the request must be made in writing to the Data
Protection Officer. If necessary, the Data Protection Officer may ask the
requester to prove their identity. The Data Protection Officer will respond to the
customer within the time limit set out in the EU Data Protection Regulation
(usually within one month).
10. Other rights related to the processing of personal data
A person in the register has the right to request that personal data concerning
them be deleted from the register (the ‘right to be forgotten’). The data subject
also has other rights under the EU General Data Protection Regulation, such as
the right to restrict the processing of personal data in certain situations.
Requests must be sent in writing to the Data Protection Officer. If necessary, the
Data Protection Officer may ask the requester to prove his identity. The Data
Protection Officer will respond to the customer within the time limit set out in the
EU Data Protection Regulation (usually within one month).