Privacy Policy Statement

This is Nivala Industrial Park statement regarding the processing of personal data and data subjects’ rights. Subject to EU’s General Data Protection Regulation (GDPR) 2016/279.

Updated on July 22, 2020.

1.   Data Controller

Nivala Industrial Park, Pajatie 5, 85500 Nivala, Finland

Business ID: 0186733-5

2.  Contact Person for the Register

 Tanja Rautio, tanja.rautio(at), +358 40 594 0201.

3.  Register Name

 Nivala Industrial Park customer register.

4.  Legal Basis and Purpose of Personal Data Processing

 Our purposes for personal data processing are to maintain customer relations and to contact, communicate, and inform, as well as marketing. The processing of personal data is based on GDPR Article 6(b).

5.  Content in the Register

 The data stored in the register consists of information provided by the data subject: personal name, company or organization, position within the organization, personal identity code or business ID, contact information (telephone number, email address, address), and billing information. Data subjects’ rights are carried out in accordance with the GDPR.

6.  Regular Sources of Information

 Our company processes personal information as required by normal company activities and authorities, based on agreements or reservations. Personal information and the data stored in the register are obtained from customers, contract parties, and persons making reservations, for example, through web form messages, email, telephone, contracts, customer meetings, or other situations where a customer provides personal information.

7.  Disclosure or Transfer of Data Outside the EU or EEA

 There is no regular disclosure of data to outside parties. Information may be publicized as agreed with the customer. Information may also be disclosed in situations where it is necessary for real estate maintenance purposes. Such cases include, for example, the servicing and maintenance of electrical, heat, or water systems. Personal data may be disclosed to the authorities: police, rescue personnel, and the courts. There will be no transfers or disclosures of data outside the EU or EEA.

8.  Principles of Register Protection

 Personal data is stored in accordance with Finnish and EU law: pay information for 10 years and receipts for 6 years, after which the data will be erased. Physical materials containing personal data are stored in a safe, lockable room, or a lockable archive space. Data that is processed in IT systems is protected from outside parties with antivirus software and firewalls. Any data stored or processed with information technology can only be accessed by specifically appointed persons. Data use requires these persons to sign in to a system with their personal user ID and password.

Databases and their backups are located in locked spaces, and their data can only be accessed by specifically appointed persons. Our company’s website is protected and encrypted. Our business premises can only be accessed using keys and key fobs to prevent any unauthorized personnel from accessing the building. Due diligence is observed when processing data, and any data processed with information technology is protected in accordance with regulations. When personal data is stored on web servers, appropriate physical and digital measures are taken to ensure security.

The company ensures that stored data as well as server access rights and other information that is critical for the security of personal data are processed in confidence and only by persons whose work duties include data processing.

Outsourced operations: All parties shall utilize necessary technical and organizational measures to protect personal data. Data security will be evaluated, inspected, and updated regularly following a schedule set by the parties in agreement. The company is required to appoint only data processors who will follow the appropriate technical and organizational measures when processing data, who shall meet the requirements set in the GDPR, and who are capable of ensuring that the data subjects’ rights are observed.

9.  Right to Data Inspection and Right to Rectification

 Data subjects have the right to inspect any personal data concerning them and demand the rectification of any erroneous or incomplete data. When a data subject wishes to inspect data concerning them or demand a rectification, the request should be sent via email to the data controller, to tanja.rautio(at)

10.  Other Rights Related to the Use of Personal Data

 Data subjects have the right to request the erasure of their data from the register. Furthermore, data subjects have all the rights listed in the GDPR, for example, the right to restrict data processing in certain situations. Requests should be sent via email to the data controller, to tanja.rautio(at)