VK Freight

Register and Privacy Statement

This is the Privacy Policy and Data Protection Statement of Veljekset Kimpanpää Oy in accordance with the EU General Data Protection Regulation (GDPR). Prepared on November 20, 2024. Last updated on November 20, 2024.

1. Data controller

Veljekset Kimpanpää Oy
Yrittäjäkatu 5
FI-38250 Sastamala
Finland

2. Contact person responsible for the register

Tatu Kimpanpää
+358 40 583 1188
tatu@vkfreight.fi

3. Name of the Register

Customer, Marketing, and Online Service User Register of the Company.

4. Legal Basis and Purpose of Processing Personal Data

Information is processed for the purposes of providing agreed-upon services, delivering services and products to the customer, developing products and services, billing, managing and improving the customer relationship, as well as for statistical purposes.
The information is also used for advertising, marketing, direct marketing, and targeting marketing efforts toward customers. The customer has the right to prohibit direct marketing targeted at them.
Information is not used for automated decision-making or profiling.

5. The data content of the register

The information to be recorded in the registry includes: the person’s name, position, company/organization, contact details (phone number, email address, address), other additional information provided by the customer through online forms, website addresses, social media service profiles/identifiers, details of ordered services and any changes to them, billing information, and other information related to the customer relationship and ordered services.

The IP addresses of website visitors and cookies necessary for the service functions are processed based on legitimate interest, for example, to ensure data security and to collect statistical data about website visitors, in cases where they can be considered personal data. Consent for third-party cookies is requested separately if necessary.

6. Regular sources of information

The information to be stored in the register is obtained from the customer through, for example, messages sent via web forms, email, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their information.

Information about contact persons at companies and other organizations may also be collected from public sources, such as websites, directory services, and other companies.

7. The regular disclosures of data and the transfer of data outside the EU or EEA.

Information may be transferred outside the European Union and the European Economic Area if the technical implementation of the service requested by the user requires it, or if it is otherwise necessary according to sections 2–5 of paragraph 23 of the Data Protection Act. Partners outside the EU are required to comply with EU data protection practices.

8. Principles of Registry Protection

The processing of the register is carried out with due diligence, and the data processed using information systems is properly protected. When register data is stored on internet servers, both the physical and digital security of the hardware is appropriately ensured. The data controller ensures that stored data, as well as access rights to servers and other information critical to the security of personal data, are handled confidentially and only by employees whose duties include such tasks.

9. The right of inspection and the right to request the correction of information.

Every individual registered in the database has the right to check the information stored about them and request the correction of any incorrect data or the completion of any incomplete information. If a person wishes to verify the information stored about them or request corrections, the request must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller will respond to the customer within the time frame set by the EU General Data Protection Regulation (generally within one month).

10. Other rights related to the processing of personal data

The person registered in the database has the right to request the deletion of their personal data from the registry (“right to be forgotten”). Registered individuals also have other rights under the EU General Data Protection Regulation (GDPR), such as the restriction of processing personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to verify their identity. The data controller will respond to the customer within the time frame set by the EU data protection regulation (generally within one month).