Privacy statement

This is Glowway Oy’s Privacy Statement in accordance with the EU’s General Data Protection Regulation (GDPR) 22.08.2021.

1. Controller

Glowway Oy (2139695-6)

Ohdakkeentie 2 A

06100 Porvoo 

2. Contact person for register matters

Anna Suopohja

tel: 0103287833 

3. Name of the register

Glowway Oy Ltd. Customer register.

4. Basis and purpose of processing personal data

The purpose of the personal data is to take care of, maintain, develop, analyze and keep statistics of customer relationships between Glowway Oy Ltd. and its customers. Furthermore, the data may be used for marketing purposes e.g., distance sales (including newsletter subscriptions). The data may also be used for planning and developing Glowway´s business operations and services. The processing of personal data is based on Glowway´s privileged interest, agreement, or other substantive connection.

5. Data contents of the register

The register contains the following personal data

  • First and last name; title, company
  • Telephone number; E-mail address
  • Information about personal interests e.g. Glowway products and services relevant to the customer’s interests
  • Direct marketing restrictions and consents
  • Usage data, e.g. information regarding the use of services, such as browsing and search information
  • Cookie and usage information
  • Any other data necessary for the purpose of the register.

6. Regular sources of data

The information collected in the register is obtained from the customer e.g. messages sent via web forms, websites, e-mail, telephone, via social media services, contracts, customer requests and other situations in which a customer discloses their information. Contact information for companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.

7. Regular disclosures of data and transfer of data outside the EU or the EEA

We do not transfer personal information outside the European Union or the European Economic Area without additional permission.

Our partners and subcontractors may only process the personal data in the register for the purpose of performing customer relationship management or maintenance tasks performed on our behalf. Our partners include e.g.

• Information and communication system suppliers

• Financial management, payment instrument and payment service providers

• Logistics services

8. Principles of protecting the register and storage time of the data

The personal data processed are stored in our information systems, which are accessible only to persons who need such data in order to perform their work tasks. Access to the data requires permissions and a password. The register shall be handled with due care and the information processed by the information systems shall be adequately protected.

The level of security is checked regularly. Up-to-date antivirus software is installed on all Glowway Oy’s computers and devices. Data connections outside Glowway Oy are protected by the fire wall and other technical security measures.

9. Right of access and the right to have data corrected

Every person in the register has the right to check the information stored in the register and to demand the correction of any incorrect information or the completion of incomplete information.

If a person wishes to check the data stored about him or to request a correction, the request must be sent in writing to the contact person of the register. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).

A person in the register has the right to request the removal of his or her personal data from the register (”the right to be forgotten”). Data subjects also have other rights under the EU’s general data protection regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month).

The data subject has the right to prohibit the controller from processing personal data about him or her for marketing purposes, such as direct mail activities. Such prohibition may be given at any time to the contact person mentioned in point 2.

10. Principles of retention of personal data

The period of retention of personal data is based on the fact that personal data are retained for as long as it is justified by their purpose, taking into account the retention periods to be complied with by law, such as the Consumer Protection, Accounting and Advance Collection Act.