PRIVACY POLICY OF DINOLIFT OY 12.12.2017


1. DATA CONTROLLER

Dinolift Oy, (2031176-2), Raikkolantie 145, FIN-32210 Loimaa

Contact person: Karin Nars, karin.nars@dinolift.com, +358 50 594 2321


2. REASON AND LEGAL BASIS FOR DATA PROCESSING

We collect personal data for delivering our products and services, communicating with our customers, e-marketing, training, as well as sending newsletters and information, related to servicing and safety. The legal grounds for processing personal data are the consent received from the client, the trainee or the user (hereinafter also called as data subject) as well as the management of the customer relationship.

Providing personal data is a prerequisite for creation of a contractual relationship and/or a customer relationship. Without the necessary personal data, the controller cannot deliver the product and/or the service.

Customer register: Customers of Dinolift

Keeping the customer register enables us to send our customers information about DINO products and services, technical bulletins and other bulletins related to the machines or safety. Using the customer register also enables us to improve our services and/or our products by conducting customer satisfaction surveys. The customer satisfaction surveys are conducted either by email or by phone. The name and address of the company are used for delivering the machines or spare parts ordered for the machines and the related invoices. We obtain the customer data either from the order form or from the quote. Orders or quotes are received by phone, email or during an appointment.

Customer register: Potential customers of Dinolift

Keeping the register of potential customers enables Dinolift to send its customers useful information about the products and services of the company in newsletters. The information send to potential customers is based on the interest these have shown in Dinolift’s products or services by visiting the company’s website and submitting their email address.

DINO training register

The following personal data is collected from the trainee in connection with the training sessions on DINO products, either before (the background information required for planning of the training) and/or during the session. Personal data is collected to establish the level of expertise of the trainees in advance, and to enable delivering of the training certificates and the training material to the trainees. We may use the personal data for sending queries to persons, who have participated in the training courses to evaluate the content and quality of the training. We also send useful information, related to the technology of DINO, such as service instructions, technical bulletins or some other information, related to the maintenance of the product.

Extranet register

The extranet register contains important technical information such as, for example, spare part catalogues and user manuals for older machines, technical information, hydraulic and electric diagrams, pictures, maintenance instructions and other information, which may be important to the owner of the DINO machine or his/her representative (service personnel, fleet manager or other). Accessing the extranet requires login and the information is only visible to the logged in user.

Register of new DINO owners

The register of new DINO owners contains data of the new owner, listed in greater detail in the section below, in case the ownership of the lift has been transferred from one owner to another. The purpose of the collected data is to enable us to send the new owner technical bulletins concerning his/her machine, instructions for maintenance or any other instructions, which the new owner requires when servicing or maintaining his/her DINO lift. Personal data is also used for dispatching spare parts or other products or for performing services and sending invoices possibly resulting from these actions. The data on the new owner is added to the customer register.


3. DESCRIPTION OF DATA SUBJECTS AND PERSONAL DATA CATEGORIES

The following information is entered in the customer register:

  • Name, address and business ID of the enterprise
  • Name, customer number, telephone number and email address of the customer

The data of the candidates for the potential customer register is collected on the website.

Data to be collected:

  • Email address of the customer

The following data is collected from the DINO training register:

  • Name, company, email address
  • Training courses attended

The following data for the extranet register is collected on the website:

  • Name, telephone number, company and email address
  • Country

The data collected for the new DINO owner register:

  • Name of the customer/company
  • Address, telephone number (not mandatory) and email address
  • The model and serial number of the DINO machine, the date when the machine was put into operation by the new owner, operating hours, possibly also picture of the machine (for possible theft, not mandatory)

4. REGULAR DATA SOURCES

Customer register: Customers of Dinolift

We obtain data for the customer register from the order or the quote.

Customer register: Potential customers of Dinolift

We collect data of potential customers for the customer register on our website, in connection with subscription to a newsletter or through submission of the contact form.

DINO training register

We collect data for the DINO training register in connection with enrolling or participating in the course.

Extranet register

We collect data for the extranet register on our website in connection with logging in to the extranet.

Register of new DINO owners

We collect data for the new DINO owner register in connection with the purchase of a new DINO product.


5. REGULAR TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA

Dinolift will disclose personal data to a third party only with the consent of the customer.

Dinolift may also transfer personal data to subcontractors, who are acting on behalf of the company, and who have signed a contract with Dinolift, also outside the European Union or the European Economic Area, in accordance with the legislation, by requiring the subcontractors to follow the standard contractual clauses, approved by the EU or the US Privacy shield system.


6. STORAGE TIME OF PERSONAL DATA

Dinolift retains personal data in its customer register until it becomes aware that the customer relationship has expired and the rights and obligations associated with it have been completed. Subsequently, Dinolift may retain anonymised personal data, which cannot be combined with the data subject, discard the data, or transfer the data as permitted by law into the permanent direct marketing register. The company retains the data in the training register for 12 months after the end of the training course to identify those who have participated in the training during the past year. After that, the register will be deleted.


7. RIGHTS OF THE DATA SUBJECT RELATED TO PROCESSING OF PERSONAL DATA

The data subject may at any time withdraw his/her consent to electronic direct marketing or other purposes, which he/she has granted to Dinolift. The data subject may deny the use of his/her data for direct marketing purposes. The data subject has the right to check, which data on him/her has been stored in the Company’s register of personal data, and to receive a copy of the processed data. If the data subject finds incorrect information, he/she must, if possible, on own initiative, rectify, delete or supplement the incorrect data contained in the register, or notify Dinolift of any errors and provide correct information. In accordance with the Data Protection Regulation (25.5.2018), the data subject has the right to oppose or request restriction of processing his/her data and to appeal against the processing of such personal data to the supervisory authority.

In all matters, relating to the processing of personal data and the use of a person’s own rights, the data subject must contact the contact person mentioned in the Privacy Statement. If necessary, Dinolift may request the data subject to specify his/her request in writing and the identity of the data subject may be verified before any other action is taken.


8. DESCRIPTION OF TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

Any hard copies of the material are stored in a locked space, where only explicitly authorised persons are permitted to gain access.

Electronic material is protected by personal usernames and passwords, as well as by up-to-date, current security software and solutions. The firewall solution is enabled by default.

The low-level snapshot of our data systems is monitored through advanced software. Situational data collected from multiple sources is analyzed in real time in one place, and alarms are generated of suspicious observations.
Our website is SSL-protected. Backups are stored in the EU or EEA area. Backups are encrypted before the transfer. All connections to the servers are encrypted, and a SSH key pair is used for logging in.