Componenta Corporation (“Componenta” or “controller”) is committed to protecting your privacy and will process your personal data in compliance with the applicable data protection legislation and good data processing practice.
In this privacy statement, we tell you about the processing of personal data at Componenta in general and provide you with information on how we collect, process and protect your personal data in the course of our operations.
This privacy statement concerns filing systems of the following persons (data subjects):
Componenta has separate privacy statements for its employee and jobseeker registers.The rights described in this privacy statement are based on the data protection laws of the European Union.
If you have any questions or requests regarding this privacy statement or the personal data Componenta holds concerning you, please contact:
Componenta Corporation (business identity code: 1635451-6)
Tel. +358 10 403 00
Contact person/Data Protection Team: firstname.lastname@example.org
The Componenta Group comprises the following companies: Componenta Corporation (1635451-6), Componenta Castings Oy (0114490-3), Componenta Manufacturing Oy (2507356-4), Karkkilan Valimokiinteistö Oy (0618348-5), Pietarsaaren Vanha Valimo Oy (0791516-6), Oy Högfors-Ruukki Ab (0871292-6).
We only collect and process personal data insofar as this is necessary for our business operations for purposes such as offering and developing our products and services. We collect and process your personal data for purposes such as the following:
Customer register and supplier & partner register:
Website visitor register:
preparation and execution of a lease
Insiders and persons closely associated with them who belong to the company’s insider registers/lists
compliance with the provisions of Regulation (EU) No 596/2014 of the European Parliament and of the Council on market abuse (MAR) concerning insiders and persons closely associated with them
The processing of personal data by Componenta may be based on a contractual relationship, statutory obligation (e.g. accounting obligation or provisions of the MAR), Componenta’s legitimate interest or the data subject’s consent. Componenta will request the data subject’s consent for the processing of personal data when the applicable laws require this.
The main legal bases for processing for different data subject groups are presented below.
Personal data included in the customer and supplier & partner registers
The legal basis for the processing of data contained in the registers is primarily the execution of a contract to which the data subject or the company represented by them is a party, or execution of actions preceding the conclusion of a contract at the data subject’s request. When the processing is based on a contract, the processing of personal data is necessary for the provision of a product or service. For example, products or services cannot be produced or provided without the contact information of the contact person of the company concerned.
The processing of the personal data contained in the registers is also necessary to exercise the legitimate interests of the controller or a third party. Legitimate interest means processing essential for the controller’s operations and which the data subject may reasonably expect to be part of the controller’s operations. The processing of personal data may not in this instance necessarily be justified based on a statutory obligation or contract, but the processing of personal data may be justified based on “legitimate interest”. In this case, the processing of personal data based on legitimate interest must always be evaluated beforehand so that the activity based on legitimate interest will not cause significant harm to the rights and freedoms of data subjects. As a controller, Componenta processes data based on legitimate interest for purposes such as processing and analysing feedback, developing products and services, and investigating cases of misconduct or defects. If a data subject submits their personal data to the Componenta website to make a contact request, the personal data will be processed based on legitimate interest.
Website visitor register (including giving feedback on the website)
The principal legal basis for the processing of personal data related to website visits collected via the website is the afore-described Componenta’s legitimate interest. If the feedback given on the website relates to Componenta’s other registers, such as the customer or tenant register, the further processing of the feedback is included in the other registers discussed in this section. The recruitment page has a separate privacy statement for jobseekers which is applied in recruitment in lieu of this privacy statement.
The legal basis for the processing of personal data related to leases is the contract and its preparation.
The legal basis for the processing of personal data contained in insider registers is the statutory obligation (MAR provisions).
The purpose of the processing defines the kind of data we collect in each situation and for what purpose. We only process your personal data mentioned below on legal grounds for pre-defined purposes.
Personal data pertaining to companies’ contact persons is primarily collected from the data subjects themselves or from the company the data subject represents. Data is collected in connection with a request for tender, order or contract, for example, or during the execution of a contract. Data is also collected in connection with meetings.
Data is collected by phone, email, electronic/printable forms (for example, when feedback is given) or another hardcopy document. In customer service situations, communications between a data subject and Componenta such as emails can be recorded for developing customer service and for verifying its content.
Furthermore, we obtain personal data from public and private filing systems, such as the company and credit register maintained by Asiakastieto.
You can also submit your personal data in connection with customer feedback if you wish.
In certain situations, we also collect data from other external sources with the data subject’s express consent or to the extent permitted by law, such as data on potential customers for sales contact purposes.
Visitors to the website disclose their data themselves when they visit the website, or their data is collected when a person uses the website.
Componenta only collects and processes such personal data that is necessary for the aforementioned purposes. Listed below are the data subject groups and the groups of personal data collected on them.
Representatives of customers, suppliers and partners (including former and potential ones)
Tenant’s contact person and/or tenant
Insiders or persons closely associated with them
Componenta may use third parties such as service providers to collect, store and process personal data on our behalf (for purposes such as technical maintenance or execution of marketing). Such service providers are only allowed to process your personal data to the extent necessary for them to provide the pervice we have requested from them. As a rule, they are not allowed to use your personal data for the benefit of their own business.
To protect your privacy, we require that all our service providers keep the personal data we provide them confidential and sufficiently secured. They are also required to abide by data processing agreements and the applicable data protection legislation.
Your personal data may be disclosed to the following parties:
Additionally, we may transfer personal data in the following cases:
Due to technical and practical requirements, some of the personal data may be processed by subcontractors located outside the European Union or European Economic Area or at the subcontractors' servers outside the European Union or European Economic Area.
When data is transferred outside the EU or EEA, Componenta ensures an adequate level of protection as required under law by, among other things, utilising the standard contractual clauses for the transfer of personal data to third countries approved by the EU Commission.
We haveappropriate technical and organisational data security measures in place to protect personal data against loss, abuse or other similar unlawful access.
Manual material containing personal data is stored in locked facilities to which only the individuals concerned have access. Such material will be appropriately disposed of as data security waste.
Digital material is password-protected. Additionally, they are subject to Componenta’s or its subsidiaries’ or subcontractors’ general principles concerning data contained in information systems, such as firewalls and other appropriate technical and organisational safeguards. The access control system is used to ensure that only the separately designated employees of Componenta or its subsidiaries or subcontractors have access to the users’ personal data contained in the filing system data.
We will retain your personal data for as long as required for the purposes of processing, as long as the law requires us to do so, or until we receive a deletion request.
After this, the data will either be destroyed or made unidentifiable by irreversibly modifying it into a form from which an individual person can no longer be identified.
As a rule, personal data related to contracts (such as those concerning a customer, supplier, partner or tenancy relationship) will be retained until the expiry of the contract and potential warranty (or complaint) period. Additionally, Componenta is liable to retain any personal data related to accounting materials for 10 years after the end of the financial year. Vouchers and receipts can already be disposed of 6 years after the end of the financial year.
Data on potential (including former) customer, suppliers, partners and tenants will be retained for a maximum of 3 years from the date when the data was collected, provided that the contacts made have not resulted in tenders or other cooperation. The currentness of personal data is checked regularly. In connection with this, any unnecessary data will be deleted.
Contact details related to feedback will be retained until the feedback has been processed unless it is retained as part of the details of a specific contractual relationship, in which case its retention period will be determined based on the contractual relationship concerned (see above). In future, data can be retained in the form of anonymous statistical and archival data.
Data on individuals included in insider registers will be retained as provided by law. If you need further information, contact Componenta.
Concerning website technical identification data and cookies, see the “Cookies” section below.
Data will not be used for automatic decision making or profiling.
Strictly necessary cookies used on Componenta’s website are technical by their nature and they are required for the website to work. Strictly necessary cookies may not be declined, and these cookies do not store any personally identifiable information.
By means of the website’s statistical and performance related cookies data is collected for statistical and analytical purposes, such as maintaining statistics regarding the use of the website, conducting surveys to improve the website and/or Componenta’s other products and services, determining which parts of the website are the most popular, and optimising the use of the website. Statistical cookies may be set by Componenta or by third party providers. Componenta may use tools supplied by providers of analysis services, such as Google Analytics.
Data collected by means of cookies may be your IP address, operating system and browser type, for example. This information usually includes data from which information pertaining to a specific user cannot be directly identified. The IP address will not be stored in the reports and statistics. The IP address will be retained in the website administrator’s server log data for 52 weeks.
Expiration of the cookies is dependent on cookie type or cookie manager. Componenta uses session cookies, which expire once the user closes the browser. In addition, we use persistent cookies which remain on the user’s device for a specified period of time or until the user removes them.You may accept or decline cookies via cookies policy settings for example on notice window at the bottom of the webpage. You may also decline other than strictly necessary cookies by using your browser settings. Some browsers allow you to choose separately permitted and blocked cookies and this should be checked from browser’s settings or manual. Please note that if you choose to decline cookies, some parts of the site may not function properly.
Links to third-party websites
The Componenta website may contain links to third-party websites. Componenta is not responsible for the privacy practices or content of any such third-party website. Since this privacy statement only pertains to this website, we recommend that you read the privacy statements of the other websites if you intend to use them.
As a data subject, you may exercise the rights listed below and/or express any concern you may have on the use of your personal data by contacting Componenta. The contact details are provided in the section entitled "Controller and contact information". You may submit your duly signed request in writing or come personally on-site to review your data at an agreed time. We will answer your request within one (1) month at the latest.
Right of access
The data subject has a statutory right to access their data and check which personal data has been recorded concerning them.
Right to rectification
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them.
Right to object to the processing of personal data
The data subject has the right to object to the processing of personal data if they feel that personal data has been processed unlawfully.
Right to restriction of processing
The data subject has the right to restrict processing if the criteria required under law are met. The controller will assess the opportunities for restricting the processing on a case-by-case basis.
Right to erasure (“right to be forgotten”)
The data subject has the right to request that their data be erased if its processing is not necessary. The request for erasing data will be processed, after which data will be erased, or the data subject will be provided with justification for why data cannot be erased.
It should be noted that the controller may have a statutory or other right not to erase the data requested to be erased. The controller is obliged to retain accounting materials for the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, material related to accounting cannot be erased prior to the expiry of this period.
Right to transfer personal data from one system to another
The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller if the processing is based on consent or on a contract, and the processing is carried out by automated means.
Withdrawal of consent
If the processing of personal data concerning the data subject is solely based on consent and not, for example, on a customer relationship, the data subject may withdraw their consent.
Direct marketing ban
The data subject has the right to deny the use of their data for direct marketing purposes.
The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they feel that our processing of their personal data violates the current data protection laws.
Contact details of the Data Protection Ombudsman: https://tietosuoja.fi/en/contact-information
Componenta regularly develops its products and services, and therefore reserves the right to make changes to this privacy statement. Changes to the content of the privacy statement may also be due to changes in legislation. We will separately inform data subjects of any significant changes, such as a change in the purpose of the processing of personal data. Otherwise, the changes will only be updated in this privacy statement. We recommend that you revisit this privacy statement occasionally to review potential changes.