• There are no suggestions because the search field is empty.

Privacy policy statement 

General 

Privacy is important to us all. We are therefore committed to protecting the privacy of our customers, personnel and partners. Although our business is selling products and services to corporate customers, we must also collect and process personal data. 
 
We process the personal data of our personnel, suppliers and customers, including potential and former customers, in accordance with this privacy policy statement and applicable regulations, and we ask that you read this privacy policy statement with care. We may update the privacy policy statement as our operations develop or regulations change, so we advise you to review the policy statement from time to time. 

Joint data controllers 

The processing of personal data described in this privacy policy statement is undertaken by the following companies as joint data controllers: 
 
Sarlin Oy Ab (business ID 0612683-5), Kaivokselantie 3, 01610 Vantaa, Finland

Sarlin Oy Ab is responsible for the information technology aspects of the personal data file described herein and acts as a single point of contact for data protection enquiries. 

Who can I contact about data protection? 

Contact person: Jiri Viholainen 

Tel. +358 10 550 4232, jiri.viholainen@sarlin.com 

What is the purpose and basis of personal data collection? 

We collect, store and process the personal data of our customers, suppliers and personnel for certain predetermined purposes. We always ensure that we have a legal basis for processing personal data. 

What we use personal data for and why we process it: 

Offering, providing and supplying our products and services. We collect and process personal data to meet our contractual obligations and otherwise offer, provide and supply products and services. In this case, the legal basis for personal data processing is primarily the need to fulfil and prepare our contracts as well as the company’s legitimate interest. 

Identifying customers and preventing wrongdoing. We process personal data to identify and know our customers and their representatives, including verification of the representative’s powers, and to prevent wrongdoing and fraudulent behaviour. In this case, the legal basis for personal data processing is the need to fulfil and prepare our contracts as well as the company’s legitimate interest. 

Marketing and customer communication. Our marketing includes direct marketing by email, our customer magazine, and other electronic communications to subscribers, for example – this means processing the personal data of company employees for marketing and communication purposes as well. In this case, the legal basis for personal data processing is primarily our legitimate interest. However, everyone has the right to forbid direct marketing. As required by law, we only send direct marketing messages in certain situations and only after the person has given their consent to the marketing. 

Invoicing, debt collection, and managing claims and customer feedback. We process personal data during customer relationships for invoicing, debt collection, offering and delivering support and maintenance services, and managing claims and customer feedback. Because we sell products and systems with potentially lengthy life cycles, we need customer contact information for this purpose as well. In this case, the legal basis for personal data processing is primarily the need to fulfil our contracts and partially our legitimate interest. 

Developing our business. We may also process personal data to develop our business, products and services. For example, we prepare forecasts, statistics and analyses of our customer groups. For this purpose, we also use customer feedback and the results of our customer surveys and studies. In this case, the legal basis for personal data processing is our legitimate interest. 

Fulfilling legal obligations. We may process personal data to meet legal obligations (for example, statutory obligations regarding accounting, taxation and employment contracts). 

Personnel management. We collect personal data about our personnel primarily for management purposes such as fulfilling the obligations of our employment contracts, including pay, and other employment-based rights and obligations, as well as the fulfilment of legal obligations related to employment relationships. In this case, the legal basis for personal data processing is the fulfilment of our contract and the fulfilment of statutory obligations related to the employment relationship, potentially also consent. We process the personal data of job applicants based on their consent. The personal data of employees is also processed based on consent in situations where the data source is not the employee and the personal data may not be processed directly by law. 

What personal data do you collect and where is it collected from? 

In practice, we only collect personal data about the contact persons of our customers and suppliers, as well as our personnel. 

The personal data related to our customers and suppliers is primarily collected from the person in question. Data is also created and collected during customer relationships, but these mostly concern the business, not people. 

We collect data at the start of a customer, order, or prospective buyer relationship in a personal meeting, by email, or by using an electronic form on the data controller’s website. After the start of the customer, order or prospective buyer relationship, we collect data by automated electronic identification using the data controller’s email messages. The data of potential customers are collected from the customer with their consent during their visit to the website or during other personal or digital interactions. 

 Typically, we collect the following data directly from the data subject or from their actions: 

  • Personal name and contact information (telephone number and email address).
  • Company name, contact information and identifiers such as business ID.
  • Job title or job description at the company (including department or function).
  • Customer category and interests indicated by the data subject (used for marketing purposes).
  • Marketing consent and prohibitions.
  • Data related to the customer relationship (including solicitation of new customers) such as the status and level of the customer relationship, services ordered and their delivery status, customer relationship start and end date, offer history, correspondence, and invoicing.
  • Data collected from communications such as messages to customer service, replies to enquiries, survey responses, and recorded conversations. We also record customer calls to verify the service transaction and secure legal protection of the customer and ourselves. These recordings may also be used for training purposes, to improve service quality and to prevent abuse.
  • Marketing data such as targeting identifiers, campaign data and related tracking data, and newsletter opening and reading data.
  • Electronic identifier data such as IP addresses and website use tracking data. 

Personal data (name, position, company and contact information) may also be retrieved from publicly available company data sources (YTJ and TIEKE, for example), if necessary. Publicly available online sources may be used instead if the above are insufficient. 

We primarily collect the personal data of our personnel from the persons themselves. We may also process data about our personnel that is generated during the employment relationship. We collect the personal data of job applicants directly from the applicant or from others (former employers and colleagues, for example) with the applicant’s consent. 

For personnel, we primarily collect and process the following data: 

  • Name
  • Necessary tax information
  • Personal identity code
  • Necessary pay information
  • Contact information
  • Trades union membership fee information
  • Health data relevant for the employment relationship’s obligations and rights
  • Location data for service vehicle users based on GPS tracking (by vehicle; vehicles may be operated by multiple users)
  • Education, training and qualifications
  • Permits necessary for the work 

Who can process my data? Is my data disclosed to others? 

As a rule, personal data is processed by our employees in the course of their duties. 

We may also outsource the processing of personal data, such as the information systems (cloud storage services and other online services) used to store and process personal data, because personal data, much like other data, is primarily stored electronically. 

We use subcontractors for the following in particular: website development, hosting and administration; CRM and ERP system administration; group-level IT support services; payroll and working time management; and marketing. We may use other subcontractors on a case-by-case basis, such as recruitment and HR consultants, legal advisers, and debt collection agencies. Such subcontractors are often considered data processors in relation to Sarlin, so we make the appropriate subcontracting agreements, among other things, to secure the confidentiality of personal data and to only allow the lawful processing of the personal data and only for our benefit. 

We may also disclose data if required by law or requested by a competent authority. In addition, we may disclose your data as part of a corporate or asset acquisition or similar corporate transaction. 

Sarlin purchases online advertising from Facebook and Google, for example. These companies never receive the personal data of data subjects from Sarlin, and this type of advertising is not direct advertising but based on cookies. Sarlin will never sell or otherwise disclose personal data for the marketing purposes of third parties. 

Do you release personal data outside the EU? 

As a rule, we do not transfer or disclose personal data outside the European Union (EU) or the European Economic Area (EEA). If personal data is transferred outside the EEA to a country not approved by the European Commission as having sufficient data protection, we ensure the lawfulness of the personal data transfer by using a suitable protection method such as standard contractual clauses (SCC) adopted by the European Commission. 

How long do you keep my personal data? 

We only store personal data for as long as necessary for its purpose of use or as required by an agreement or law. The retention period of personal data may vary according to the purpose of use and the specific situation. Personal data may also be removed upon the data subject withdrawing their consent or requesting the deletion of their data (absent any legal basis for further processing), the termination of the contractual relationship (absent any legal basis for further processing), or in the case of outdated or erroneous data. The applicable legislation may require long-term data storage (for example, accounting, taxation and employment contract regulations). We may also update the data, if necessary – for example, the data subject may request the correction of erroneous data or the data may need to be updated during information system updates. 

All form data sent from the Sarlin.com website is deleted automatically after five (5) years from the date of submission. We delete unneeded personal data from our customer and marketing registers every five (5) years. Data subjects can remove themselves from the email marketing mailing list by using the unsubscribe link included in every marketing email. 
 
We delete the personal data of employees after 10 years have passed from the termination of their employment relationship. We keep job applications for 12 months after the end of recruitment. 

How do you protect personal data? 

Personal data is almost exclusively stored in an electronic format and protected according to common industry standards. We limit access to personal data with user access rights, which may be limited according to the personal data to be processed, the systems used, and the user’s role. Personal data disclosures are monitored by a contact person and access rights are only granted to Sarlin employees. 

We store any physical materials in locked containers within our offices. Third parties cannot enter these areas without supervision. Independent access is only permitted and made possible for people who have a valid written contract of employment with Sarlin. Any third parties may only access these areas under supervision. 

All persons who process personal data are obligated to secrecy and non-disclosure. 

Do I have to give my personal data and what are the consequences if I refuse? 

In many cases, giving us your personal data is voluntary. The disclosure and processing of personal data is mandatory in cases where we have to verify the authority and competence of the people who make agreements on behalf of our corporate customers. Therefore, personal data must be disclosed in customer and supplier relationships to the extent necessary for us to enforce and execute our contracts. For employees, we need sufficient personal data to meet our statutory obligations and the obligations arising from the employment contract. 

Does your website use cookies? What are cookies? 

We use cookies on our website to offer the best possible user experience to visitors. Cookies are small text files stored by a server on the user’s terminal device. Cookies let us know how visitors use our website. We may use cookies to develop our services and website, analyse website use, and target and optimise marketing. Website users may consent to or forbid the use of cookies from their browser settings. Most browsers will allow cookies automatically. Please note that restricting the use of cookies may limit the functionality of our website. 

For more information on the cookies we use, please see our cookie policy statement. 

What are my rights? 

Right to withdraw consent 
If we process your personal data based on your consent, you have the right to withdraw your consent at any time by using the contact information at the start of this privacy policy statement.

Right to access data 
You have the right to be informed of whether we process your personal data and which of your personal data we are processing. In addition, you have the right to supplementary information about the basis for the processing of your personal data. 

Right to rectify data 
You have the right to request the correction of errors and outdated or otherwise defective personal data.

Right to refuse direct marketing 
You have the right to prohibit the use of your personal data for direct marketing by using the unsubscribe link in the newsletter or by notifying us of the prohibition by using the contact information at the start of this privacy policy statement.

Right to object to processing 
If the basis for processing your personal data is public interest or our legitimate interest, you have the right to object to the processing of your personal data in so far as its processing cannot be justified by any material cause that would supersede your right or necessitate the processing for the purpose of pursuing a legal claim. Please note that such an objection may prevent us from serving you further.

Right to restrict processing 
In certain situations, you have the right to request that we restrict the processing of your personal data.

Right to data portability 
If we have processed your personal data based on your consent or to fulfill a contract, you have the right to receive the data you have submitted to us electronically in a commonly used format for transfer to a different service provider.

How can I exercise my rights? 

To exercise any of the rights described above, you can contact us by using the contact information at the start of this privacy policy statement. We will ask you to prove your identity. Your identity can be verified with a personally signed request, for example, or by presenting an identity document or its copy, in which case you should remove your personal identity code and any other data that we do not need to verify your identity. 

If you find the processing of your personal data to be unlawful, you may also file a complaint with the competent supervisory authority (Office of the Data Protection Ombudsman, https://tietosuoja.fi/en/contact-information). 

Does this privacy policy statement change? 

We may update this privacy policy statement as our operations develop or our data protection principles change. Updates may also be required due to changes in legislation. Any amendments will take effect immediately once we have published the updated privacy policy statement. We ask that you review the content of this privacy policy statement periodically.