PRIVACY POLICY OF DINOLIFT OY 

most recent update from 14.12.2020

1. DATA CONTROLLER 

Dinolift Oy, (2031176-2), Raikkolantie 145, FIN-32210 Loimaa

Please send any remarks concerning this privacy statement or other privacy-related issues to privacy@dinolift.com

2. REASON AND LEGAL BASIS FOR DATA PROCESSING

We collect personal data for delivering our products and services, communicating with our customers, e-marketing, training, as well as sending newsletters and information, related to servicing and safety. The legal grounds for processing personal data are the consent received from the client, the trainee or the user (hereinafter also called as data subject) as well as the management of the customer relationship and the contract relationship. 

Providing personal data is a prerequisite for creation of a contractual relationship and/or a customer relationship. Without the necessary personal data, the controller cannot deliver the product and/or the service.

Customer Register: Customers of Dinolift

Keeping the Customer Register enables us to send our customers information about DINO products and services, technical bulletins, or other bulletins related to the machines or safety. Using the customer register also enables us to improve our services and/or our products by conducting customer satisfaction surveys. The customer satisfaction surveys are conducted either by email or by phone. The name and address of the company are used for delivering the machines or spare parts ordered for the machines and the related invoices. We obtain the customer data either from the order form or from the quote. Orders or quotes are received by phone, email or during an appointment.

Customer register: Potential customers of Dinolift

Keeping the register of potential customers enables Dinolift to send its customers useful information about the products and services of the company in newsletters.  The information send to potential customers is based on the interest these have shown in Dinolift’s products or services by visiting the company’s website and submitting their email address. 

DINO training register

The following personal data is collected from the trainee in connection with the training sessions on DINO products, either before (the background information required for planning of the training) and/or during the session. Personal data is collected to establish the level of expertise of the trainees in advance, and to enable delivering of the training certificates and the training material to the trainees. We may use the personal data for sending queries to persons, who have participated in the training courses to evaluate the content and quality of the training. We also send useful information, related to the technology of DINO, such as service instructions, technical bulletins or some other information, related to the maintenance and/or care of the product.

Extranet register

The extranet register contains important technical information such as, for example, spare part catalogues and user manuals for older machines, technical information, hydraulic and electric diagrams, pictures, maintenance instructions and other information, which may be important to the owner of the DINO machine or his/her representative (service personnel, fleet manager or other). Accessing the extranet requires login and the information is only visible to the logged in user.

Register of new DINO owners

The register of new DINO owners contains data of the new owner, listed in greater detail in the section below, in case the ownership of the lift has been transferred from one owner to another. The purpose of the collected data is to enable us to send the new owner technical bulletins concerning his/her machine, instructions for maintenance or any other instructions, which the new owner requires when servicing or maintaining his/her DINO lift. Personal data is also used for dispatching spare parts or other products or for performing services and sending invoices possibly resulting from these actions. The data on the new owner is added to the customer register.

3. RECIPIENTS AND CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA

The following information is entered in the customer register:

  • Name, address and business ID of the enterprise, responsible persons and possible credit information 
  • Name, customer number, telephone number and email address of the customer, information about customer relationship (contracts, orders, correspondence, etc.) and possible electronic direct marketing ban
  • any other information necessary for managing the customer relationship, collected separately with the consent of the data subject.

The data of the candidates for the potential customer register is collected on the website. 

Data to be collected:

  • Name, telephone number and email address of the customer
  • Company name, country and domain

The following data is collected in the DINO training register:

  • Name, company, email address
  • Training courses attended

The following data for the extranet register is collected on the website:

  • Name, telephone number, company, email address, IP-address
  • Country
  • Date of registration

The data collected for the new DINO owner register:

  • Name of the customer/company                                        
  • Address, telephone number (not mandatory) and email address 
  • The model and serial number of the DINO machine, the date when the machine was put into operation by the new owner, operating hours, possibly also picture of the machine (for possible theft, not mandatory)   

We use cookies and similar technologies on our website and social media channels to build up and develop the website, to improve and analyse the user experience, and to target marketing in the services provided by us or our partners. The cookies allow us to collect information such as, for example, from which page the visitor enters our website, which pages of the site he/she is browsing, at what time does this happen and which browser is he/she using and what is the IP address of his/her computer. Please visit Dinolift’s Cookie Policy for more information on our cookie processing practice. 

We use profiling to identify personal profiles and online behaviour of the visitors, for example, in targeting our marketing and developing our services. 

4. SOURCE OF THE DATA

Customer register: Customers of Dinolift

We obtain data for the customer register from the order or the quote, from authorities, credit information agencies, providers of contact information services and other similar reliable sources. 

In addition, personal data may be collected and updated for the purposes described in this privacy statement also from publicly available sources and on the basis of information received from authorities or other third parties, within the limits of applicable law. This data is updated manually. 

Customer register: Potential customers of Dinolift

We collect data of potential customers for the customer register on our website, in connection with subscription to a newsletter or the DINO blog, from the contact form, or from the authorities, credit information agencies, providers of contact information services and other similar trusted sources. 

In addition, personal data may be collected and updated for the purposes described in this privacy statement also from publicly available sources and on the basis of information received from authorities or other third parties, within the limits of applicable law. This data is updated manually.

DINO training register

We collect data for the DINO training register in connection with enrolling or participating in the course.

Extranet register

We collect data for the extranet register on our website in connection with logging in to the extranet.

Register of new DINO owners

We collect data for the new DINO owner register in connection with the purchase of a new DINO product.

5. TRANSFER OF DATA OUTSIDE TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION

Dinolift may transfer the personal data of the data subjects to third parties, including, for example, DINO dealers or DINO service partners, as well as the financial or legal counsels of the company, for a justified reason. Otherwise, Dinolift will not transfer the data to outside parties, unless required by law or obliged by an authority order.

Dinolift may also transfer personal data to subcontractors, who are acting on behalf of the company, and who have signed a contract with Dinolift (aka processors) also outside the European Union or the European Economic Area, in accordance with the legislation, by requiring the subcontractors to follow, for example, the standard contractual clauses, approved by the EU. Dinolift has outsourced a part of its IT services and the maintenance of its customer and marketing system to external service providers and personal data may be stored on servers administered by these partners.

6. PERIOD OF STORAGE OF DATA 

Dinolift retains personal data in its customer register until it becomes aware that the customer relationship has expired and the rights and obligations associated with it have been completed. Subsequently, Dinolift may retain anonymised personal data, which cannot be combined with the data subject, discard the data, or transfer the data as permitted by law into the permanent direct marketing register. The company retains the data in the training register for 12 months after the end of the training course to identify those who have participated in the training during the past year. After that, the register will be deleted.

7. RIGHTS RELATED TO DATA PROCESSING 

The data subject may at any time withdraw his/her consent to electronic direct marketing or other purposes, which he/she has granted to Dinolift. The data subject may deny the use of his/her data for direct marketing purposes.  The data subject has the right to check, which data on him/her has been stored in Dinolift’s register of personal data, and to receive a copy of the processed data. If the data subject finds incorrect information, he/she must, if possible, on own initiative, rectify, delete or supplement the incorrect data contained in the register, if this is possible, or notify Dinolift of any errors and provide correct information. In accordance with the Data Protection Regulation (25.5.2018), the data subject has the right to oppose or request restriction of processing his/her data and to appeal against the processing of such personal data to the supervisory authority.

In all matters, relating to the processing of personal data and the use of a person’s own rights, the data subject must contact the contact person mentioned in the Privacy Statement.  If necessary, Dinolift may request the data subject to specify his/her request in writing and if necessary, the identity of the data subject may be verified before any further action is taken.    

8. TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

Any hard copies of the material are stored in a locked space, where only explicitly authorised persons are permitted to gain access. 

Electronic material is protected by personal usernames and passwords, as well as by up-to-date, current security software and solutions. The firewall solution is enabled by default.

The low-level snapshot of our data systems is monitored through advanced software. Situational data collected from multiple sources is analysed in real time in one place, and alarms are generated of suspicious observations. 

Our website is SSL-protected. Backups are stored in the EU or EEA area. Backups are encrypted before the transfer. All connections to the servers are encrypted, and a SSH key pair is used for logging in.