PRIVACY POLICY

Privacy in Serena’s Services

Customer privacy is very important to us and we are committed to protecting the privacy of our customers. We have made a privacy policy that is accessible to everyone on the Internet. The privacy policy describes the information to be collected in the customer register and the use of that information. The privacy policy is updated as necessary and the date of the update is mentioned in the privacy policy.

We have defined what personal information means in Serena and how it is handled and by whom. Personal data will not be processed or stored unnecessarily and unnecessary data will be deleted.

In addition to processes related to the processing of personal data, we pay attention to technical solutions and make sure that we use only secure technologies and our technology partners, subcontractors and all our partners meet our quality requirements.

We will always be happy to help with the processing of your personal information, and our up-to-date contact information is available on the website and in the privacy policy.

Serena Customer Data Privacy Statement

Privacy Statement for Personal Data Protection

1. Registrar

Puuharyhmä Oyj (Business ID: 05645289)

Tornimäentie 10

02970 Espoo

Phone: 0205010300

Email: info.serena@puuhagroup.com

2. Person responsible for the register

Jouko Järvinen

Phone: 0205010300

E-mail: info.serena@puuhagroup.com

3. The name of the registry

Puuharyhmä Oyj / Serena customer register

4. Purpose of the register

Personal data is handled in accordance with predefined uses such as customer relationship management, communication, implementation of parties’ rights and obligations, development and analysis of the registrar’s functions, marketing and business planning.

The personal data contained in the register may be used in a manner permissible by law for direct marketing, distance selling, opinion or market research and other addressed deliveries of the registrar and of the partners of the same group of companies as well as of the registrar’s partners.

5. Information contained in the register

The register addresses the information necessary for the purposes of the register, which may be:

• First and last name
• contact information (address, phone number, email address, company name)
• Country of residence and language
• sex
• date of birth
• the chosen method of payment and identification of payment instruments and the purchase information
• Name and contact details of a guardian under 15 years of age and possible communication
• the start and end times of the customer relationship
• Identification of the use of services and identification of electronic communications
• newsletter subscribers
• Registered targeted promotions
• billing and recovery information
• Customer Relationships
• direct marketing permits and bans as well as marketing related information
• user analysis data
• Changes / Logs of Previously Identified Data

6. Regular sources of information and data retention

Personal data is collected from the registrar itself and from the registrar’s systems when a registered user uses the services.

Personal data can be collected and updated by the registrar and the registers of companies belonging to the same group of companies as well as from the registrar’s partners.

The data will only be retained as long as it is necessary to carry out the intended use.

7. Protection of the registry

Databases containing registry entries are protected by technical means, such as firewalls and passwords, and stored in locked premises. Manually maintained material is also in locked state.

The registrar shall ensure that access to the personal data is only by those employees of the registrar that have it necessary for the performance of their duties.

8. Transfer and transfer of information

The controller may disclose the data, within the limits permitted and mandated by the valid legislation, to the registrar’s selected partners for marketing purposes unless the data subject has denied such disclosure.

Data is not transmitted outside the European Union or the European Economic Area unless there is an immediate need for transfer, for example because of the technical implementation of the service. In this case, the controller shall ensure the level of data protection as required by law.

9. Inspection, prohibition and correction right

The registered person has the right to check what information about him has been deposited in the register. The request for verification is submitted in writing or by e-mail to the person responsible for the registry. The request for verification must be identifiable. The request for verification can also be made personally at the registrar’s office.

The registered person has the right to deny access to his / her data for direct mail, distance selling or other direct marketing as well as opinion and market research and the right to claim correct defective information by contacting the person responsible for the register.

10. Cookies

The site uses cookies. A cookie is a small text file that a browser stores on a user’s terminal. The cookie contains an anonymous, unique tag that allows for identification of the browser visiting the site. Cookies do not harm the user’s terminal and cookies can not be used to spread malware.

The user can not be identified using cookies.

Cookies are used to provide the website services and for site development. Cookies can be used to analyze information about the use of the site. Cookies can also be used to target advertising.

The user of the site can block cookies by changing their own browser settings or clearing cookies from their own browser. However, it should be noted that blocking or deleting cookies can adversely affect or completely block the use of the site.