Hyppää sisältöön



The Controller is obligated by the General Data Protection Regulation to clearly inform Data Subjects.
This statement fulfils the obligation to inform.

1. Controller

Oy Primapoli Ltd

Contact details:
Lehtimäentie 831, 63640 Ritola, Finland

Contact person:
Harri Vainionpää
Lehtimäentie 831, 63640 Ritola, Finland
+358 201 758 438

2. General

This Statement is an explanation of how Oy Primapoli Ltd (hereinafter the “Controller”) collects and process the personal data of their customers and partners and their contact persons.

3. Purpose and Legal Grounds for the Processing of Personal Data

Personal data are only processed for prespecified purposes, which are:

The legal grounds for the processing of personal data are:

Personal data will not be used for automatic decision-making. In order to perform targeted marketing, Data Subjects may be profiled on the basis of data such as geographical location or interests reported by the customer.

4. Personal Data Groups

The Controller processes the following personal data:

5. Regular Data Sources

Personal data are mainly collected from the Data Subject directly, the organisation they represent, or via cookies used on the Controller’s website, if the Data Subject has consented to the use of cookies. Personal data may also be collected from organisation websites, indexing services, and other public sources.

Providing personal data is not mandatory on the basis of law or contract. However, issuing certain personal data is a prerequisite for the signing of and complying with contracts between the Controller and their customer or partner, and in order to provide the Controller’s services.

6. Regular Data Disclosures

The Controller discloses the personal data they process to such third-party service providers, i.e. personal data processors, that they employ, who will process the data on behalf of the Controller in accordance with instructions issued by the Controller.

Such processors include:

7. Data Transfers Beyond the EU or EEA

Some data processors employed by the Controller may be situated outside of the EU or the EEA. In this case, the Controller will ensure the level of personal data protection, for example by making sure that the standard contractual clauses approved by the European Commission have been incorporated into the contract in place between the Controller and the processor.

8. Personal Data Retention Periods

The Controller will keep the personal data only for as long and to the extent as is required in order to complete the purposes described in section 3 above.

Personal data are usually stored according to the following criteria:

9. Cookies

The Controller uses cookies on the website. Cookies are typically small text files sent to the customer’s computer or other device and stored there. Cookies do not harm the user’s device or other files. The primary purpose of cookies is to improve and customise the visitor’s user experience of the website and to analyse and improve the functionality and contents of the website.

Some cookies are required for basic website functionality. This is why such cookies cannot be turned off. The data collected via cookies placed on the basis of the visitor’s consent can be used to analyse website traffic and to target marketing.

Cookies are used to collect data such as the following:

Cookies used on the website can be managed through the cookie notice shown on the site. Only required cookies will be used unless the visitor has consented to the use of other cookies as well. The Controller may not be able to provide the visitor with certain services, and the visitor may not be able to see certain parts of the website, unless all cookies are allowed.

10. Camera Surveillance

The Controller has a camera surveillance system in place at their factory and offices that records the feed in order to ensure personal safety, to protect property, to control the proper functioning of the production process, and to prevent and investigate incidents that may jeopardise such functioning. The legal grounds for the processing is the legitimate interest of the Controller.

The personal data processed in connection with the recording surveillance system include materials recorded in the surveilled area and the timestamps of the recorded feeds. The data are collected from the Data Subject personally. The personal data obtained via the camera surveillance are stored electronically, separate from other personal data.

The personal data are only processed by appointed persons who need the data to carry out their designated work tasks. As a starting point, the personal data collected via the camera system will only be processed in events of security incidents, and the collected data can be disclosed to criminal investigators for investigative purposes as specified in the Criminal Investigation Act (805/2011). No automated decision-making or profiling is used with the camera surveillance.

The personal data collected via the camera surveillance system will be automatically destroyed no later than one (1) month after data collection, unless it is necessary to keep the data to investigate a safety incident.

11.  Rights of the Data Subject

Data Subjects have the following rights, and any requests to exercise them should be addressed to polarlifehaus@polarlifehaus.com.

The Controller will notify the Data Subject of any measures implemented on the basis of the request, usually within one month of receiving the request. The Data Subject will also be notified if the Controller will not comply with the request for any reason.

Exercising rights is usually free of charge.

In order to safeguard the rights of the Data Subject, the Controller may have to ask the Data Subject for more information in order to be able to identify the Data Subject with sufficient precision.

Right of review

The Data Subject may ask the Controller whether any of their personal data are being processed. The Data Subject may ask the Controller for information about and access to the data being collected.

Right of rectification

The Data Subject may request rectification or supplementation of inaccurate, erroneous, or insufficient personal data.

Right to object

The Data Subject may object to the processing of their personal data if the processing based on the legitimate interest of the Controller. In this case, the Controller may no longer process the personal data in question, unless the Controller can show that there is a particularly important reason for the processing, which overrides the rights of the Data Subject.

Right to ban direct marketing and withdraw consent

The Data Subject may ban the use of their data for direct marketing. Data Subjects can remove themselves from our marketing list by visiting the link included in all marketing emails we send, or by submitting a request to polarlifehaus@polarlifehaus.com.

When the processing of personal data is based in consent, the Data Subject may withdraw their consent at any time.

Right of removal

The Data Subject may request the removal of their personal data, for example if the data are no longer necessary for the purposes for which they were originally collected. We will process the removal request and either delete the data or announce the reason why the data cannot be removed.

It should be considered that the Controller may be legally obligated or otherwise required to not delete information when asked to. The Controller must keep all accounting materials for the period (10 years) specified in the Accounting Act (1336/1997, chapter 2, §10). This is why any personal data included in accounting materials cannot be deleted until the legally mandated time period has passed.

Right to restrict processing

The Data Subject may demand the restriction of the processing of their personal data in certain cases, such as when the Data Subject has contested the correctness of their data. In this case, the processing will be limited until the Controller can verify the correctness of the data.

Restricting the processing of personal data means that the data may only be processed on very limited grounds specified in relevant data protection legislation.

Right to transfer the data from one system to another

Meeting certain prerequisites specified in the relevant data protection legislation, the Data Subject may ask that the Controller submit to the Data Subject any such personal data that the Data Subject has disclosed in order to have them moved to another controller.

Right of appeal

The Data Subject may complain to a data protection ombudsman in case they feel that we have violated valid data protection legislation in the course of our processing of personal data.

The contact details of the data protection ombudsman are: https://tietosuoja.fi/en/contact-information

12. Amending the Privacy Statement

The Controller reserves the right to update the Privacy Statement as the processing of the personal data by the Controller and/or applicable legislation changes.

The Controller recommends reviewing the Privacy Statement regularly. Data Subjects will be notified of significant changes to data processing practices via email.

The Statement has been last updated on 12.7.2023.