Data protection

We process personal data according to the data protection legislation

The implementation of LADEC’s services requires personal data to be processed. We ensure the security of personal data according to the data protection legislation.

Our systems are secure, and we do not disclose your data to any third parties for the purpose of marketing communications without separate consent.

We process your personal data only to the extent that is necessary for processing.

Your personal data are handled only by persons whose work duties include personal data processing.

On this page, we will tell you more about our data protection practices, including the following:

  • The purpose for which we use your personal data
  • Which personal data we collect
  • What rights the data subjects in our register have.
     

Lahti Region Development LADEC Ltd’s privacy policy

Published 24 May 2018

We seek to continuously develop our services, which is why we retain the right to change this privacy policy by announcing any changes on this page.

Lahti Region Development LADEC Ltd (0855115-7)
Niemenkatu 73, FI-15140 LAHTI
+358 44 702 2700 | info@ladec.fi
Service hours: Weekdays 8am–4pm

Data protection officer and contact information:
Riina Kivekäs
Niemenkatu 73, FI-15140 LAHTI
+358 40 588 8417 | riina.kivekas(at)ladec.fi
 

 

Any requests concerning the rights of data subjects must be sent in writing or by e-mail to the following addresses:

Lahti Region Development LADEC Ltd
Inspection/other request concerning personal data / Riina Kivekäs
Niemenkatu 73
FI-15140 LAHTI
riina.kivekas(at)ladec.fi 

Lahti Region Development LADEC Ltd collects personal data in order to maintain relations with customers and interest groups, develop services, conduct analyses and survey customer experiences.

The data are also used to communicate about services and events, introduce the business environment of the Lahti region and attract new businesses to the region.

Our legal basis is either a legitimate right or personal consent.

Personal data are processed only to the extent necessary to implement the purposes referred to above and in a manner that data subjects can reasonably expect when providing their data.

The collection of personal data is based on a customer relationship or other context related to the operations of Lahti Region Development LADEC Ltd.

We collect data at the start of a customer relationship, during registration or while our services are being used.

We primarily collect personal data directly from the data subjects. Personal data may also be collected from other registers and public data sources to the extent permitted by law.

In order to develop our services, we utilise cookies and other similar technologies in statistical monitoring and analysis of our services’ user numbers, for example.

Cookie policy

Personal data related to the provision of services:

  • General contact details, such as name, organisation, address, e-mail and phone number
  • For customers of start-up advice, also year of birth
  • Service transaction details
  • Details about customer feedback and surveys
  • Details related to the implementation of direct marketing and customer communications
  • Details about service use via different channels

 

Personal data related to customer and marketing communications:

  • General contact details, such as name, organisation, e-mail and phone number
  • Details related to the implementation of direct marketing and customer communications
  • Details about service use via different channels 
  • Consents and prohibitions related to electronic direct marketing
     

At Lahti Region Development LADEC Ltd, your personal data are processed only by persons whose work duties include personal data processing. 

Our personal data processing is supported by trustworthy service providers in the maintenance and development of IT systems, service provision as well as various research and development activities, for example. These experts process personal data under a mandate from us.

We comply with current legislation in all data processing. 

We also require our subcontractors to protect the personal data they process with appropriate means.

As a rule, the data will not be disclosed to third parties.

However, contact details may be disclosed to the extent necessary to co-organisers of events, financiers of publicly funded projects or other similar representatives of public administration.

Regardless, the data will not be disclosed to third parties for marketing purposes. 

The data will not be disclosed outside the EU, the European Economic Area or countries which have been found to provide an adequate level of data protection by the European Commission, unless an adequate level of data protection has been ascertained with agreements or by other means as required by law.

Retention period of data
We will retain your personal data only for as long as it is necessary to fulfil the purposes of use according to the legislation in force. After this, the personal data will either be erased or anonymised.

We comply with the statutory obligations concerning personal data processing, taking into account legislation on accounting, for example. At the end of the contractual relationship, the retention period of the data is determined by their purpose of use and existing legislation.

Each data subject included in the register has the right to access the data saved about them in the register and request any incorrect personal data to be rectified or incomplete information to be completed.

Data subjects also have the right to request their personal data to be erased from the register to the extent permitted by law.

If the data subject wishes to access the data saved about them or request their personal data to be rectified or erased, the request must be submitted to the controller in writing. 

The controller requires the requester to prove their identity.

The controller will reply to the customer’s request within the time period specified in the General Data Protection Regulation (generally within one month). 

We implement these rights as described here, with consideration to applicable laws and any restrictions imposed by them.

According to applicable data protection legislation, a data subject has, at any time, the right to:

  • upon request, be informed about whether their personal data have been collected, and which data are saved in the register;
  • upon request, have their personal data be rectified;
  • upon request, have any marketing and customer register data concerning them be erased to the extent allowed by law;
  • withdraw their consent and object to the processing of their personal data in so far as the processing is based on consent given by the data subject;
  • receive their personal data in machine-readable format and transfer the data in question to another controller, provided that the personal data in question were provided to us by the data subject personally;
  • be informed of any personal data breach concerning their personal data.

We primarily seek to resolve any disputes together with the data subject.

If the data subject is of the view that we have not processed personal data lawfully, they can submit a report to the supervisory authority.

We ensure the security of personal data processing and the confidentiality, integrity and availability of personal data with appropriate technical and administrative means, in accordance with the data protection principles of Lahti Region Development LADEC Ltd.

Personal data is protected against unauthorised access as well as unlawful and accidental processing.

Personal data is processed only by persons who have been separately authorised to process them by LADEC.

We train and instruct our employees who handle customer data in data protection matters.