This data protection statement applies to Tyllis Ab Oy and the realisation of electronic services.
In this data protection statement, we go through why we process your personal data and what your rights are in the processing of your personal data when you visit our websites, contact us and use our products.
We respect your privacy and undertake to protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Data Protection Act.
This privacy statement was most recently updated on 17.7.2023.
1. Personal Data Controller
Tyllis Oy Ab (hereinafter “we”, “us” or “Tyllis”)
Corporate ID number: 2209092-4
Street name: Niittykatu 4
Postal address: 67100 Kokkola, Finland
Phone number:
+358 (0)6 832 34 00
Website:
https://www.tyllis.fi/
The contact person for the personal data controller is Göran Tylli (goran.tylli@tyllis.fi).
2. Name of the register
Tyllis’ customer and user register (hereinafter “Register”).
3. Purpose of processing personal data and scope of processing
We collect, store and process personal data in our Register only for the purposes that we have defined in advance and we always ensure that we have a legal basis for storing and processing personal data.
The personal data in our Register is primarily used to offer products, customer communication, business planning and development, management, the maintenance and development of customer relationships and the improvement of user experiences. Regarding the improvement of user experiences, this primarily refers to the maintenance and development of the webpages in order to ensure that the webpages are functional (more information about cookies can be found later in the document).
The processing of personal data is carried out on the basis of your consent, completion of an order and thus the conclusion of a contract, compliance with legal obligations (such as bookkeeping and taxation) and our legitimate interests.
When it comes to marketing our products or other information about our company, the processing of personal data is based on our legitimate interest to promote our business and nurture customer relationships.
The processing of personal data is based on our legitimate interest to nurture customer relationships and gain new customers.
In connection with contact requests via, for example, various social media channels such as Facebook and Instagram as well as via email and text messages, we undertake not to process any sensitive data through these various social media channels.
When you, as a user of different channels on social media, have accepted the terms of use for the respective channel and use the channel in question, you are the data controller. We are not responsible for your personal data as a registered user of one or more channels on social media and thus do not commit to protecting such information.
4. Data we collect
On our website, we may need to collect personal data when certain features are to be used. We process the following categories of personal data in our Register for the purposes referred to in paragraph 3 above:
Request for quotation and job application form
In order to send data via a form on the website, you must consent to the data you provide being processed in accordance with what is written in this document. Consent is given by ticking the box that links to this Privacy Policy/Data Protection Statement.
When you visit our website, an encrypted connection (HTTPS) is created between the website and the visitor’s browser. This means that any data submitted via a form, for example, cannot be read by any unauthorised person when this data is transferred from the browser to the website.
Cookies
Our website and the third-party services we use store cookies in your browser, provided that you choose to accept this. You can view the data on the website even if you declined the storage of cookies, but some features may not work as intended. Most browsers accept cookies automatically. Go to the Help menu in your browser for instructions on how to disable cookies.
Google Analytics
Here you can read about the cookies that Google stores in your browser. Google Analytics is only active if the user has given permission for us to store cookies in the browser.
LinkedIn Insight Tag
Here you can read about the cookies that LinkedIn stores in your browser. LinkedIn Insight Tag is only active if the user has given permission for us to store cookies in the browser.
Meta Pixel
Here you can read about the cookies that Meta stores in your browser. Meta Pixel is only active if the user has given permission for us to store cookies in the browser.
Visitor statistics
Provided that the visitor has given us permission to do so, we collect anonymous data to help us understand how the website is used. This also enables us to improve our services. This data is collected using Google Analytics, LinkedIn Insight Tag and Meta Pixel. You can read more about this at the bottom of the page.
Other
A large part of the data in our Register consists of data that the registered subjects themselves provide via orders or via e-mail and the like in connection with the customer relationship.
Please note that what determines what personal data is processed, and the scope of this processing, is your status, for example whether you act as a customer or a website visitor.
5. Who we share the collected data with
Request for quotation and job application form
The data provided via the request for quotation, or the application form is not shared with any third party. A very small number of people have been trusted to read and process the data that visitors submit through the website.
When a user sends data, the submitted data is transported over an encrypted connection between the browser and the website (HTTPS). The website then encrypts the data and stores it. The stored data from the website can only be read by those entrusted with a login and an additional password for decryption.
Google Analytics
We use Google Analytics to store statistics on our visitors. Google Analytics creates a profile of the visitor by collecting anonymous data, such as the browser used and the type of hardware used.
When you visit the website, information is transferred to Google, which processes the information as an independent data controller. Data about website visitors is transferred to Google, which processes the data as a data controller for its own purposes. Google may also combine the data with its other information about the visitor. For indirect identification, Google uses the visitor’s unique identifier (IP address) to identify users, but it is also possible to link this IP address directly to a natural person, for example when logging into a Google account.
Please note that when you are logged into a Google account, Google collects even more unique identifiers about you, such as identifiers that identify your device, information about the browser or application you use, advertising identifiers for Android or IOS mobile users, language choice, your network of friends and your most popular YouTube videos.
Google uses data collected about website visitors for at least the following purposes:
- positioning (country, city, business or community-owned network)
- visitor behaviour on the website
- visitors’ interests on the website
- retargeting and advertising.
To carry out retargeting, Google supplements your IP address with information based on its use, on the basis of which Google classifies the user according to, among other things, location, address and age. You can find Google’s privacy policy and terms of use at https://policies.google.com/privacy.
Blocking cookies: The customer has the option to block the use of cookies by changing their browser settings. Blocking the use of cookies may affect the functioning of our services.
Clearing cookies: The registered user can clear cookies from the browser settings. By clearing cookies periodically, the user changes the set of data used to form a profile of the user. However, clearing cookies does not stop the data collection completely, but rather resets the profile based on previous behavioural data.
LinkedIn Insight Tag
We use LinkedIn Insight Tag to store statistics on our visitors and to target our marketing.
No personally identifiable information is collected by LinkedIn Insight Tag.
Read LinkedIn’s Privacy Policy to learn how they use the data we share with them.
Meta Pixel
We use Meta Pixel to keep statistics on our visitors and to target our marketing.
No personally identifiable information is collected by Meta Pixel.
Read Meta’s Privacy Policy and Terms of Service to learn how they use the data we share with them.
Google reCAPTCHA
We use Google reCAPTCHA to assess if our visitors are people. This is to avoid robots sending spam via our forms. This means that Google’s Privacy Policy and Terms of Service apply.
Other
Any transfer of your personal data to third parties is based on written agreements that ensure that your personal data is protected. We disclose personal data to authorities in accordance with the legal obligations imposed on us.
We do not process personal data outside the EU/EEA area.
6. This is how long we store collected data
Data collected through the contact forms is stored for at least one (1) year. In other cases, your data is saved for as long as it is needed for the purpose for which it was collected or as required by law. It is, therefore, not always possible to define the storage period in advance.
However, we may be obliged to retain some of our customers’ personal data in order to comply with the Accounting Act or other mandatory legislation even after the customer or user relationship or any other basis for processing personal data has ended.
7. The users have full control over their data
The users have full control over their data. This means, for example, that you have the right at any time to request a statement of what data we possess regarding the user. You also have the right to request that the data be deleted.
As a starting point, there is no cost attached to exercising the rights you have as a data subject. However, we reserve the right to charge a reasonable fee if the request is repetitive in nature or manifestly unfounded or unreasonable.
If you wish to exercise your rights as a data subject, please contact Göran Tylli (goran.tylli@tyllis.fi).
8. How we protect collected data
By taking organisational and technical measures, we ensure we ensure that all your data is safe, protected from unauthorised processing and not destroyed, deleted, altered or unlawfully transferred. The software that powers the site is continually updated to address security vulnerabilities that are revealed over time. The traffic between the visitor’s browser and our server is encrypted.
Persons who process personal data are obligated to maintain professional secrecy and confidentiality. Your personal data is not stored on the website.
9. Contact
Enquiries relating to this data protection statement/privacy policy may be sent to the person named at the beginning of this document.
Contact details of the supervisory authority:
Tietosuojavaltuutetun toimisto (Information Commissioner’s Office)
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki, Finland
Switchboard: 029 566 6700
Registry Office: 029 566 6768