Data protection

Lahti Region Development LADEC Ltd (0855115-7)
Niemenkatu 73, FI-15140 LAHTI
+358 44 702 2700 | info@ladec.fi
Service hours: Weekdays 8am–4pm

Data protection officer and contact information:
Riina Kivekäs
Niemenkatu 73, FI-15140 LAHTI
+358 40 588 8417 | riina.kivekas(at)ladec.fi
 

Any requests concerning the rights of data subjects must be sent in writing or by e-mail to the following addresses:

Lahti Region Development LADEC Ltd
Inspection/other request concerning personal data / Riina Kivekäs
Niemenkatu 73
FI-15140 LAHTI
riina.kivekas(at)ladec.fi 

Lahti Region Development LADEC Ltd collects personal data in order to maintain relations with customers and interest groups, develop services, conduct analyses and survey customer experiences.

The data is also used to communicate about services and events as well as to market the Lahti Business Region as an attractive business environment.

Our legal basis is either a legitimate right or personal consent.

Personal data is processed only to the extent necessary to implement the purposes referred, and in a manner that can reasonably be expected for the purposes mentioned above.

The collection of personal data is based on a customer relationship or other context related to the operations of Lahti Region Development LADEC Ltd and marketing of the Lahti Business Region.

We collect information, for example, when starting a customer relationship, registering, using our services or in connection with events we organize.

We primarily collect personal data directly from the data subjects. Personal data may also be collected from other registers and public data sources to the extent permitted by law.

In order to develop our services, we utilise cookies and other similar technologies in statistical monitoring and analysis of our services’ user numbers, for example.

Cookie policy and social plugins

Personal data related to the provision of services:

• General contact details, such as name, organisation, address, e-mail and phone number
• For customers of start-up advice, also date of birth
• Additional information provided by the customer (e.g. gender, citizenship, work and study history)
• Service transaction details
• Details about customer feedback and surveys
• Details related to the implementation of direct marketing and customer communications
• Details about service use via different channels

Personal data related to customer and marketing communications:

• General contact details, such as name, organisation, e-mail and phone number
• Details related to the implementation of direct marketing and customer communications
• Details about service use via different channels 
• Consents and prohibitions related to electronic direct marketing
   

At Lahti Region Development LADEC Ltd, your personal data are processed only by persons whose work duties include personal data processing. 

Our personal data processing is supported by trustworthy service providers in the maintenance and development of IT systems, service provision as well as various research and development activities, for example. These experts process personal data under a mandate from us.

We comply with current legislation in all data processing. 

We also require our subcontractors to protect the personal data they process with appropriate means.

As a rule, the data will not be disclosed to third parties.

However, contact details may be disclosed to the extent necessary to co-organisers of events, financiers of publicly funded projects or other similar representatives of public administration.

Regardless, the data will not be disclosed to third parties for marketing purposes. 

The data will not be disclosed outside the EU, the European Economic Area or countries which have been found to provide an adequate level of data protection by the European Commission, unless an adequate level of data protection has been ascertained with agreements or by other means as required by law.

Retention period of data
We will retain your personal data as long as it is necessary to fulfil the purposes of use according to the legislation in force. After this, the personal data will be deleted.

We comply with the statutory obligations concerning personal data processing, taking into account legislation on accounting, for example. At the end of the contractual relationship, the retention period of the data is determined by their purpose of use and existing legislation.

Each data subject included in the register has the right to access the data saved about them in the register and request any incorrect personal data to be rectified or incomplete information to be completed.

Data subjects also have the right to request their personal data to be erased from the register to the extent permitted by law.

If the data subject wishes to access the data saved about them or request their personal data to be rectified or erased, the request must be submitted to the controller in writing. 

The controller requires the requester to prove their identity.

The controller will reply to the customer’s request within the time period specified in the General Data Protection Regulation (generally within one month). 

We implement these rights as described here, with consideration to applicable laws and any restrictions imposed by them.

According to applicable data protection legislation, a data subject has, at any time, the right to:

• upon request, be informed about whether their personal data have been collected, and which data are saved in the register;
• upon request, have their personal data be rectified;
• upon request, have any marketing and customer register data concerning them be erased to the extent allowed by law;
• withdraw their consent and object to the processing of their personal data in so far as the processing is based on consent given by the data subject;
• receive their personal data in machine-readable format and transfer the data in question to another controller, provided that the personal data in question were provided to us by the data subject personally;
• be informed of any personal data breach concerning their personal data.

We primarily seek to resolve any disputes together with the data subject.

If the data subject is of the view that we have not processed personal data lawfully, they can submit a report to the supervisory authority.

We ensure the security of personal data processing and the confidentiality, integrity and availability of personal data with appropriate technical and administrative means, in accordance with the data protection principles of Lahti Region Development LADEC Ltd.

Personal data is protected against unauthorised access as well as unlawful and accidental processing.

Personal data is processed only by persons who have been separately authorised to process them by LADEC.

We train and instruct our employees who handle customer data in data protection matters.