This privacy policy outlines how CANformance Engineering Oy (3240615-2) processes
personal data, what types of personal data the company collects, the purposes for
which the data is used, and to whom the information may be disclosed. It also explains
how the data subject can influence the processing. This privacy policy is in
accordance with the General Data Protection Regulation (GDPR) of the European
Union.
We reserve the right to make changes and updates to the privacy policy.
- Contact information
Data Controller
CANformance Engineering Oy (3240615-2)
Contact Person
Kenneth Blomstedt
info@canformance.net - Processing and Purpose of Personal Data
2.1. Legal Basis for Processing Personal Data
We process your personal data in a lawful, fair, and transparent manner. We
collect and process information about you only when we have a legal basis for
doing so.
The processing of personal data is based on legal obligations. We collect and use
your information only if:
- you have given us consent to use the data for a specific purpose; and
- it is necessary for the performance of a contract to which you are a party, or for
taking pre-contractual measures at your request.
3. Purpose and Legal Basis for Processing Personal Data
3.1. We collect and process personal data for the following purposes:
- Customer relationships,
- Customer service,
- Contractual relationships,
- Production, maintenance, development, and quality assurance of products
and/or services, and - Processing product warranty information.
3.2. Personal data is collected from: - The individual or company themselves, who voluntarily provide information.
3.3. The company processes the following types of data: - Personal or company information,
- Contact information,
- Billing or payment details,
- Information related to customer relationships,
- Contractual information,
- Product and order information,
- Correspondence and communications; and
- Reclamations.
4. Disclosure of Data and Data Transfers
4.1. We adhere to diligence in the storage and processing of data, ensuring data
security through firewalls, passwords, and various generally accepted technical
methods. Manually maintained materials are kept in locked spaces with unauthorized
access prevented. Data storage and processing take place through service providers
known for their security. Information is carefully protected with restricted access rights
and is only processed for the purpose for which it was collected. All personal data is
treated confidentially.
4.2. As a general rule, we do not disclose or transfer data to third parties without explicit
consent. An exception may occur if there is an obligation related to legislation or an
authority, the legality of which is always assessed on a case-by-case basis. Another
exception may involve the transfer of information based on a contractual relationship
with service providers or subcontractors who may process data for the performance
of a service. In such cases, the proper and lawful processing of personal data is
ensured through contracts and, if necessary, confidentiality agreements.
4.3. We do not transfer your data outside the EU or EEA.
5. Data retention
5.1. Personal data is retained for 10 years. After the retention period expires, the
information will be deleted or anonymized within 2 months. Information may also be
deleted at the customer’s request after the termination of the relationship. We reserve
the right to specify either a shorter or longer retention period.
5.2. Personal data is not used for profiling or automated decision-making.
6. Data subject rights
6.1. The data subject has the right to access their own information and review it. They
can request the delivery of information in writing or electronically.
6.2. Correction and Deletion of Data
The data subject has the right to demand the correction of inaccurate information
and request the deletion of their data.
The data controller actively ensures the removal, correction, and completion of
incorrect, unnecessary, incomplete, or outdated personal data for the purpose of
processing.
6.3. Data Portability
The data subject has the right to request the transfer of their data to another data
controller. They can also request the restriction of the processing of their personal data
in certain situations.
6.4. Objection to Data Use
The data subject has the right to object to the use of their data for certain purposes.
They can prohibit the disclosure and processing of their data for direct marketing.
6.5. Withdrawal of Consent
If the processing of personal data is based on consent, the data subject has the right
to withdraw their consent at any time. This does not affect processing performed prior
to withdrawal.
6.6. Right to Lodge a Complaint
If the data subject believes that the processing of their personal data violates the
General Data Protection Regulation of the EU or national laws and regulations
governing data protection, the data subject has the right to lodge a complaint with
the supervisory authority.
6.7. Requests for Data Subject Rights
All requests related to data subject rights are made electronically and addressed to
the data protection officer. Identity is verified before providing the information.
Requests are processed within a reasonable time, as soon as possible after the
request and verification of identity. If the request cannot be fulfilled, the data subject
is notified in writing.