Privacy policy – customer and marketing register

1. Who processes your data?

Your data is processed by AINS Group, formed of:

  • AINS Group
  • A-Insinöörit Suunnittelu Oy
  • A-Insinöörit Rakennuttaminen Oy
  • A-Insinöörit Civil Oy
  • Prodeco Oy Lappi

 The group’s parent company acts as the data controller:

AINS Group
Bertel Jungin aukio 9
02600 Espoo Finland

Contact person:

Päivi Hillner
tel. +358 40 577 1473
email: paivi.hillner@ains.fi

 2. Whose data do we process?

  • Data pertaining to our customers
  • Data pertaining to potential customers
  • Data pertaining to visitors reading our website

 3. What data do we process?

We process only data that you provide yourself. The register contains the following information:

  • Name
  • Telephone number
  • Email address
  • Employer
  • Job title / role
  • Information on areas of interest and profiling information
  • Usage information, such as information on the use of the services – e.g., browsing details, search information, and cookies
  • Customer feedback and contact messages
  • Direct-marketing prohibitions
  • Any other information required for fulfilling the purpose of the register

 4. Where do we receive data from?

Personal data is collected mainly from data subjects during personal or digital interaction, in conjunction with signing an agreement, and via the ains.fi website by means of the newsletter subscription feature. In addition, we receive updates to our customer information from the companies’ websites.

5. The purpose of and grounds for the processing of personal data

We process your personal data in order to maintain, manage, and develop our customer relationship and to conduct analyses and compile statistics related to it.

Additionally, the register’s data is used by the data controller and companies that belong to the same group for the purposes of marketing (including direct marketing), organisation of customer competitions, profiling, the collection of customer feedback, market research, and organisation of customer events. The data may also be used to design and develop the business operations and services of the data controller and other companies that belong to the group.

The grounds for data processing are the data controller’s legitimate interests or an agreement pursuant to the General Data Protection Regulation (GDPR), (EU) 2016/679.

6. How long will we process your data?

We will continue to process your data throughout the duration of the customer agreement for the management of which the data is required. After this, your data will be used for marketing and other above-mentioned purposes. We delete your data at your request or when it is no longer required for our purposes.

You can unsubscribe from our newsletter via the link included in each of our newsletters.

7. Your rights

You have the rights listed below. To exercise these rights, you must contact us by visiting one of our offices in person or by submitting a signed request by email to gdpr@ains.fi. Be prepared to verify your identity. The request must contain your name, personal identity code, street address, and telephone number, along with information on the data that you want to receive. We always send our reply to an address verified from the population register system.

Inspection right and right to rectification

You have the right to view the personal data pertaining to you. If you notice erroneous data or that data is missing, you can request us to rectify or complete the information.

Right to object

You have the right to restrict the processing of your data if you believe that the processing is unlawful or that we do not have the right to process your data.

Direct-marketing prohibition

You have the right to prohibit the use of your data for direct marketing. We never sell or otherwise disclose your data to a third party to enable it to target direct marketing without separate and specific permission from you.

Right to erasure

If you believe that the processing of some of the data concerning you is not required for our tasks, you have the right to request us to delete the data in question. We handle your request and then either delete your data or notify you of our grounds for not doing so. If you disagree with our decision, you have the right to lodge a complaint with the data protection ombudsman. Additionally, you have the right to restrict the processing of the data in question while the complaint is being processed.

Right to lodge a complaint

You have a right to lodge a complaint with the data protection ombudsman if you think that we violate applicable data protection legislation in our data processing.

8. Disclosure of data

As a rule, we do not disclose data to parties outside AINS Group for marketing purposes.

However, to realise a marketing campaign, we may selectively disclose your data to a third party. In such a case, the ownership of the data is not transferred to the third party and said party does not have the right to use your data for a purpose other than the agreed assignment.

We always ensure that our service providers comply with legislation on data protection. We regularly make use of the following service providers:

  • Silverbucket Oy (2-3713011): Kuninkaankatu 30 A, 33200 Tampere, Finland – electronic CRM service
  • Koodiviidakko Oy (1939962-1): Fredrikinkatu 61 A, 00210 Helsinki, Finland – electronic Postiviidakko newsletter service
  • Differo Oy (2310632-6): Åkerlundinkatu 2 A, 33100 Tampere, Finland – management of the Postiviidakko newsletter service
  • Elisa Oyj (0116510-6): P.O. Box 1, 00061 Elisa – Elisa Chat service

 9. Transfer of personal data outside the EU

We do not transfer your data outside the EU, and we also ensure that our service providers do not transfer your data outside the EEA without written consent from you. An exception to this principle is the Google Analytics service, which is described in the section pertaining to cookies.

10. Data-register protection policy

We process your data in line with good processing practices in collaboration with our service provider as described below.

Silverbucket Oy, CRM system

  • We ensure that access rights to the service are granted to only the persons responsible for the service who require it for their duties.
  • By signing an agreement with the service provider, we ensure that:
    o   The service provider processes data by using operative, administrative, physical, and technical measures that are in line with good data protection practices.
    o   The service provider’s hardware on which the data file is located is protected by a firewall and other necessary technical means (including protection against malware and other attacks).
    o   The service provider keeps a record of its data-processing operations and limits access to data to those employees who have received the required authorisation and training and who require the data for a specific purpose.
    o   A databank has been prepared for us and is kept separate from the service provider’s other customer-data databanks.
    o   This databank is backed up daily in two separate physical locations.
    o   Maintenance and end-user connections may be created only via an encrypted connection.
    o   Details of the protection procedures are described in the service provider’s privacy policy and the agreement signed by AINS Group and the service provider.

Koodiviidakko Oy, Postiviidakko newsletter service
Differo Oy, management of the Postiviidakko newsletter service
Elisa Oyj, Elisa Chat service

  • We ensure that access rights to the services are granted only to the persons responsible for the services who require them for their duties and to the service providers’ contact persons.
  • By signing an agreement with the service providers, we ensure that:
    o   The service provider processes data by using operative, administrative, physical, and technical measures that are in line with good data protection practices.
    o   The service provider’s hardware on which the data file is located is protected by a firewall and other necessary technical means (including protection against malware and other attacks).
    o   The service provider keeps a record of its data-processing operations and limits access to data to those employees who have received the required authorisation and training and who require the data for a specific purpose.
    o   Details of the protection procedures are described in each service provider’s privacy policy and the agreements signed between AINS Group and the service providers.

11. Cookies

We use cookies on our website. A cookie is a small text file sent to, and stored on, the user’s computer. Cookies cannot harm your computer or files. With the use of cookies, our goal is to improve and customise your user experience on our website and to analyse and improve the usability and content of our website.

Cookies are also used for collecting anonymous statistical data about the usage volumes and trends for AINS Group’s website and newsletter by means of monitoring and analytics tools. We do not connect this statistical data to your personal data. With the help of this feedback, we aim to constantly improve the content of our website and newsletter.

Cookies are used to collect the following information:

  • Youur IP address
  • The time of your visit
  • The pages you visit and the time you spend reading each page
  • Your browser
  • Your arrival address, domain, and server

If you do not want us to collect data about your visit to our website by means of cookies, you can block the cookies (most web browsers allow the cookie feature to be disabled). Please note that in this case our website may not function properly.

12. Google Analytics

We collect statistics for the Google Analytics service from our website with a view to monitoring and developing our website and planning our marketing. Your personal data cannot be linked to this data. As a rule, we transfer and store the browsing data collected with cookies to Google servers located in the US.

Further information on Google’s analytics monitoring is available on the company’s privacy policy page: https://policies.google.com/privacy?hl=fi

You can prevent the Google Analytics monitoring by downloading a separate tool: http://tools.google.com/dlpage/gaoptout