Up

Jun 25, 2024

 

Privacy Notice: Avant Tecno Oy

General Data Protection Regulation (EU 2016/679), drawn up on the 28th of May 2018, last amended on the 28th of February 2024 

 

Data Controller

Avant Tecno Oy
Business ID: 0844210-2
Ylötie 1, 33470 Ylöjärvi, Finland
Tel. +358 3 347 8800

[email protected]

 

General

This privacy notice describes how Avant Tecno Oy (hereinafter the “Controller”) processes the personal data of its clients and potential clients or their contact persons (hereinafter a “data subject”).

Should you have any questions regarding the processing of your personal data, please contact the Controller.

 

Purposes and Legal Bases for Processing

The Controller processes personal data for the following purposes:

  • managing and developing customer service
  • conducting and developing business activities
  • managing customer relationships, including customer communications and invoicing
  • direct marketing
  • conducting, developing, targeting and monitoring marketing, communication and sales activities
  • enabling and developing the functionality of the website as well as analyzing the visitors and functionality of the website

 

The legal bases (pursuant to the GDPR) for processing personal data are the following:

  • when managing and maintaining customer relationships with consumer clients, the performance of a contract
  • when managing and maintaining customer relationships with business clients and conducting sales and marketing activities, the Controller’s legitimate interest (the operation and development of business activities)
  • when using cookies necessary for the function of the website, the Controller’s legitimate interest (the transmission of a message in the communication network and ensuring information security)
  • when using non-essential cookies and managing possible newsletter subscriptions, the data subject’s consent
  • when processing personal data contained in accounting materials, compliance with a legal obligation (the Finnish Accounting Act, 1336/1997)

Personal data is not used for automated decision making or profiling.

 

Categories of Personal Data

The Controller collects and processes the following categories of personal data:

  • first and last name
  • email address
  • postal address
  • telephone number
  • other information relating to customer relationships, such as products and services purchased from the Controller and billing information
  • information collected by cookies used on the website, such as IP address

 

Sources of Personal Data

Personal data is collected mainly from the data subject themselves or from the organization they represent in connection with entering into a customer relationship and agreement or another transaction. Personal data may also be collected from public sources, such as providers offering contact databases, database updates and other similar services.

Providing personal data is not required by law or contract. However, providing certain personal data is required in order for the Controller to enter into an agreement with the data subject or the organization they represent and to fulfil said agreement as well as in order for the Controller to offer their services.

 

Storage of Personal Data

Personal data is stored only as long as and to the extent that it is necessary and processed by the Controller for the aforementioned purposes.

In general, personal data is stored for the duration of the customer relationship. If the Controller becomes aware of changes relating to the contact persons of business customers, for example, the data will be updated accordingly.

To comply with its obligations pursuant to the Finnish Accounting Act (1336/1997), the personal data contained in accounting materials is stored for ten (10) years from the end of the financial year to which said accounting materials apply.

Personal data collected by the cookies used on the website is stored as described in the cookie banner displayed on the website.

 

Disclosure and Transfer of Personal Data outside the EU or the European Economic Area

When necessary, the Controller may disclose personal data to its importers or resellers e.g. in order to respond to contact requests. Personal data may also be processed jointly by the Controller, its importers and resellers in the Avant Partner Portal -service as described in the portal’s privacy statement.

The Controller also discloses personal data to external services providers, i.e. data processors, who process personal data on behalf of the Controller and pursuant to its instructions. Such data processors are e.g. accountants and providers of software used by the Controller. The Controller requires that the data processors comply with applicable data protection legislation and take appropriate measures to protect personal data. Data processors are not entitled to use personal data disclosed by the Controller for their own purposes.

Some of the aforementioned data processors or their sub-processors are located outside of the EU or the EEA. In such cases, the Controller ensures the level of data protection by ensuring that the European Commission has adopted a decision concerning the level of data protection offered by the target country (an adequacy decision), or, for example, by requiring that the data processor accepts the Standard Contractual Clauses approved by the European Commission to be part of the data processing agreement between the Controller and the processer.

 

Rights of the Data Subject

General

The data subject may exercise their rights described herein this section by contacting the Controller via email at [email protected].

The Controller will inform the data subject of the actions taken based on the request generally within one month of receiving the request. The data subject will also be informed if the Controller will not, for any reason, fulfil the request.

Exercising these rights is generally free of charge.

In order to fulfil the data subject’s rights, the Controller may have to request information from the data subject in order to identify them in a sufficient manner.

Right of Access

The data subject may ask for confirmation on whether the Controller is processing personal data that concerns them. The data subject may ask the Controller for information concerning said personal data and access it.

Right to Rectification

The data subject may request that inaccurate, incorrect or incomplete personal data concerning them is rectified or supplemented.

Right to Erasure

The data subject may request the erasure of their personal data for example if said personal data is no longer required for the purposes for which it was gathered. The Controller is not in all situations able to erase personal data if there is a legal obligation or other lawful basis to store the data.

Right to Restrict Processing

The data subject has the right to restrict the processing of their personal data in certain situations defined in data protection legislation, for example if they have contested the accuracy of their personal data and the accuracy is being reviewed.

The restriction of processing means that the personal data may only be processed on very limited grounds defined in data protection legislation.

Right to Object

The data subject may object the processing of their personal data if the processing is based on the legitimate interest of the Controller. In such cases, the Controller may no longer process personal data unless it can demonstrate that there are compelling legitimate grounds for the processing which override the rights of the data subject.

Right to Withdraw Consent

If the processing of personal data is based on consent, the data subject may withdraw their consent at any time.

Right to Data Portability

The data subject may, under certain conditions set out in data protection legislation, request that the Controller provide them with the personal data they themselves have provided to the Controller and transfer this data to another controller.

Right to Lodge a Complaint with a Supervisory Authority

The data subject may lodge a complaint with a national supervisory authority if, in the opinion of the data subject, the Controller does not process personal data accordingly or fulfil the rights of the data subject sufficiently. A notification to the Finnish Data Protection Ombudsman may be sent at: https://tietosuoja.fi/en/notification-to-the-data-protection-ombudsman

 

Amendments to the Privacy Notice

The Controller shall amend this privacy notice upon changes in the processing of personal data and/or applicable legislation.

The Controller recommends that data subjects familiarize themselves with this privacy notice regularly. Data subjects will be notified of substantial changes in the processing of personal data.