Privacy Policy

1. Data Controller
Bevenic Group Oy / Bevenic Oy

Majurikatu 11
FI-70800 Kuopio

Contact details of the Data Protection Officer:
tietosuoja@bevenic.com

2. Data Subjects
Customers and potential customers of Bevenic Group Oy and Bevenic Oy who have requested further information and/or an offer for our services. Website users. Visitors to Our Premises.

3. Purposes and legal basis for processing personal data
Customer personal data is processed for managing customer relationships and assignments (including communication and customer service), invoicing and debt collection, service development, customer surveys, and reporting. In addition, data may be processed for B2B marketing of products and services and for other measures necessary for managing the customer relationship. If a customer representative visits Bevenic’s premises, personal data may also be processed for the purpose of managing the visit, ensuring security, implementing access control, and handling practical arrangements related to the visit.

Mandatory data and consequences of not providing data.
To establish a customer relationship and manage assignments, we generally need at least the company customer’s contact person’s name, contact details (such as email address and/or telephone number), and role/position in the organization. If this information is not provided, we may not be able to establish the customer relationship, agree on an assignment, deliver the service, respond to requests, or manage invoicing and related obligations. Receiving marketing communications is voluntary, and direct marketing can be prohibited at any time.

We process personal data on the basis of a contract with the customer in order to perform the contract or take steps prior to entering into the contract. We may also process personal data for customer relationship management and marketing on the basis of our legitimate interest arising from the customer relationship.

Legitimate interest and B2B marketing.
We process personal data of contact persons of corporate customers and potential corporate customers on the basis of legitimate interest in order to maintain and manage customer relationships (for example communication, customer service, and practical administration of orders and assignments) and to develop our services and operations (for example processing feedback, quality monitoring, and reporting). We may also send marketing communications to contact persons in their work role regarding our products and services (for example news, event invitations, expert content, and offers) by email and through similar channels.

Marketing is primarily targeted on the basis of company and contact person information (such as industry, role/position, and previous dealings) and technical communication metrics (such as message openings and link clicks), if available.

We protect data by, among other things, limiting access rights, minimizing data, limiting retention periods, and applying information security measures.

The data subject has the right to object to processing based on legitimate interest on grounds relating to their particular situation, and always the right to object to direct marketing and related targeting by contacting tietosuoja@bevenic.com or using the unsubscribe/opt-out function included in the message.

4. Categories of personal data processed, data content and data sources
We only collect personal data that is relevant and necessary for the purposes described in this Privacy Policy.

5. Personal data categories and data content
Personal data category and examples of data content

Personal data category Examples of data content
Contact information Name and contact details of the contact person for the customer.
Customer-related details Role and job title of the person, organisational structure of the customer.
Website usage IP address and behaviour of website users
Visit information Visitor’s name, organization, contact details, time of visit, place or host of the visit and login and access data related to the visitor management system.
Other voluntary information* Information voluntarily provided by the data subject

*Voluntary information that is not necessary to provide.

6. Data sources
Customer data is regularly obtained from the customers themselves. In addition, data is collected from publicly available information concerning companies. Personal data related to visits may be obtained from the visitor themselves, Bevenic’s contact person, and the visitor management system used by Bevenic.

7. Retention of personal data
We will retain personal data for as long as necessary to fulfill the purposes specified in this Privacy Policy, unless there is a legal obligation to retain personal data for a longer period (e.g. responsibilities and obligations relating to specific legislation, accounting obligations or reporting obligations). We may also retain personal data for longer periods if we need the information to resolve a dispute or to prepare, present or defend a legal claim.

The information will be reviewed every two years. When the personal data is no longer needed as defined above, the data will be deleted or made anonymous within a reasonable period of time.

8. Recipients of personal data
The data will not be disclosed for marketing purposes outside Bevenic Group Oy. Personal data may be disclosed or transferred to other companies belonging to the same group, subject to the conditions of data protection legislation, where there is a legitimate basis for the disclosure or transfer. Group companies may process personal data for the purposes specified in this Privacy Policy.

We use external service providers and subcontractors to process personal data, who act as processors of personal data. For example, service providers providing IT systems, visitor management system and other services are involved in the processing of personal data. Details of the recipients of personal data will be provided on request.

9. Transfer of personal data outside the European Economic Area
As a general rule, we process data within the EU and EEA. If personal data is transferred outside the EU or EEA to a country for which the European Commission has not issued an adequacy decision, we will ensure the lawfulness of the transfer of personal data through an appropriate safeguard mechanism or by using the European Commission’s standard contractual clauses. Further information on the safeguards used will be provided upon request.

10. Security of processing of personal data
We process personal data in a manner that aims to ensure appropriate security and data protection in all circumstances, including protection against unauthorized processing and accidental loss, destruction or damage.

The processing of personal data is subject to appropriate technical and organisational safeguards to ensure this, including the use of firewalls, encryption techniques, secure equipment rooms, appropriate access control and access management.

In accordance with this Privacy Policy, we may also use external service providers to process personal data, in which case we will ensure that we have the necessary contracts in place to comply with data protection legislation.

11. Data subject rights
Data subjects have rights guaranteed by data protection legislation. Please note, however, that the application of these rights in each individual situation depends on the purpose and context of the processing of personal data. We do not carry out automated decision-making within the meaning of Article 22 GDPR.

12. Right of access
The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed. If they are processed, the data subject has the right of access and the right to obtain a copy of the personal data upon request, in accordance with the limits of data protection legislation.

13. Right to rectification and erasure
The data subject has the right to request the correction of inaccurate or incorrect data. In addition, the data subject has the right, within the limits of data protection legislation, to request the erasure of his or her data.

We will also delete, correct and complete on our own initiative any personal data that we discover to be inaccurate, unnecessary, incomplete or outdated for the purposes of processing.

14. Right to data portability and to restriction and object to processing Where applicable, the data subject has the right to receive the data in a structured, commonly used, and machine-readable format and transmit it to another controller. The data subject may also request restriction of processing in the situations defined by law and object to processing based on legitimate interest, including profiling. However, the data subject always has the right to object to direct marketing and related profiling.

What you can object to and how to make an objection.
You may object to processing based on legitimate interest on grounds relating to your particular situation, such as (i) processing related to managing the customer relationship and communications, (ii) the development of services and operations, quality monitoring and reporting, and (iii) the targeting of marketing and related profiling, insofar as such processing is based on legitimate interest. You always have the right to object to direct marketing and profiling related to direct marketing without giving any reasons.

Objections can be made by emailing tietosuoja@bevenic.com and stating the name, organization, the processing objected to, and, where necessary, a brief description of the particular situation.

15. Right to withdraw consent
Where the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw his or her consent. Such withdrawal shall have no effect on the processing previously carried out.

16. Exercise of rights
Requests concerning data subjects’ rights are made in writing or electronically (contact details in section 2 of the Privacy Statement). The identity of the person concerned will be verified before the data are provided. The request will be answered within a reasonable time and, where possible, within one month of the request and the verification of identity. If the data subject’s request cannot be complied with, the data subject will be informed in writing of the refusal.

17. Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a data protection authority if the data subject considers that his or her personal data have been processed in breach of the applicable legal provisions. The contact details of the Finnish Data Protection Authority can be found here.

18. Changes to the Privacy Policy
We may need to amend and update this Privacy Policy as necessary due to changes in practices or data protection legislation. Please check back regularly for the latest version.

Subscribe to newsletter