Privacy policy
Customer register description per 18 October 2023
Controller
Vilkas Group Oy (Business ID: 1033996-4)
(hereinafter referred to as "RateCompass," "we," or "our")
Phone: +358 20 743 1919
Email: privacy@ratecompass.eu
Contact Person for Register-Related Matters
Markku Korkiakoski
Finlaysoninkuja 19, 33210 Tampere, Finland
Phone: +358 20 743 1916
Email: markku@ratecompass.eu
Register Name
RateCompass User register
General Terms
These terms and conditions (hereinafter "Privacy Policy") apply to personal data stored in the RateCompass customer register.
Our goal in processing customer information is to provide high-quality services and improve customer experience while respecting privacy. We do not collect unnecessary information about our customers and acknowledge our responsibility to protect the privacy of our customers and their affiliated individuals.
Content of the Register
We store the following information about our customers and, if the customer is not a natural person, the customer's contact persons and other potentially relevant persons related to managing the customer relationship (hereinafter referred to as "Registered"):
- Company
- First and last name
- Address
- Language of communication
- Email address
- Phone number
- Other possible information related to customer relationship management, such as marketing consents and prohibitions, and information about ordering services
Updating Information
Users can update their name and address information in their online store profile. Users can also contact the contact person mentioned in this policy to update their information. Users also have the right to later prohibit the processing of their information for marketing purposes. This request should be sent to the contact person mentioned in this policy via email.
Purpose of Processing Personal Data
We use the information collected from the Registered for the following purposes:
- In connection with delivering and ordering services
- For personalizing our services and communications, providing recommendations, and targeting marketing efforts
- For customer service and communication, such as sending messages, reminders, technical notices, updates, and requested information
- For producing, maintaining, protecting, and developing services
- For direct marketing in accordance with consents and prohibitions given by the Registered
- For ensuring the appropriateness and functionality of communication
- For business planning and product development
- For other tasks required to fulfill the rights and obligations of the data controller and to enforce agreements made with third parties
If the Registered provides us with electronic contact information, such as email addresses, during customer communication, we consider that they have given their explicit consent to receive such communication, including electronic channels, as described above.
For specific, pre-defined, and short-term campaigns, additional information about the purposes of processing personal data can be provided through campaign-specific privacy policies. Information collected within the context of campaigns will be immediately and appropriately deleted after the purpose related to the campaign has ceased.
Regular Data Sources
The regular data sources include information provided by the Registered during orders and forms, as well as information generated in connection with customer service, offers, contact requests, complaints, and the use of products and services. Additionally, with the consent of the Registered and based on legal grounds, we may obtain or receive information related to the Registered from third parties, such as authorities, to improve communication quality and ensure the accuracy of the information.
Regular Disclosures of Data
Regular disclosures of data are not made from RateCompass' user register.
RateCompass may disclose personal data within the limits and obligations imposed by applicable law to third parties, such as authorities.
In email communication and customer management, RateCompass uses the HubSpot system. Therefore, personal data is stored on servers located outside the European Union, and the service provider participates in the Privacy Shield system, ensuring data protection at the EU level.
Use of Cookies
We use cookies and other similar technologies on the RateCompass website to statistically track visitor numbers. The information collected through cookies is used to improve the functionality and content of the site. Users can disable cookies from their browser settings. However, we cannot guarantee that our platforms will function flawlessly after disabling cookies, as cookies may be necessary for the proper functioning of some services.
Principles of Register Protection
The register and its contained personal data are processed confidentially. The register is appropriately protected against external threats by firewalls and other technical means. The register is kept only in electronic form, and any occasional paper printouts are immediately and appropriately destroyed following Vilkas's internal guidelines.
Personal data can be stored on RateCompass's own physical platform and in a cloud service provided by an external service provider. When using external service provider services, the respective service provider is responsible for the actions regarding the Registered's rights. Regardless of whether we store and process data in our own or outsourced environments, we are responsible as the data controller for ensuring that data security is appropriately organized and personal data is adequately protected against external means.
We do our best to implement and continuously update our actions to protect personal data from unauthorized use, destruction, or modification. We collaborate with authorities and our partners to ensure compliance with applicable laws regarding
Rights of the data subject
The Data subject has the following rights under the EU General Data Protection Regulation:
- the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipient to whom the personal data have been or will be disclosed; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where the personal data are not collected from the data subject, any available information as to their source; and (viii) the existence of automated decision-making and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (GDPR, Art. 15);
- the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (GDPR, Art. 7);
- the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement (GDPR, Art. 16);
- the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; (iii) the data subject objects to the processing based on a special personal situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes; (iv) the personal data have been unlawfully processed; or (v) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject (GDPR, Art. 17);
- the right to obtain from the controller restriction of processing where one of the following applies: (i) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or (iv) the data subject has objected to processing based on a special personal situation pending the verification whether the legitimate grounds of the controller override those of the data subject (GDPR, Art. 18);
- the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent referred to in the regulation and the processing is carried out by automated means (GDPR, Art. 20);
- the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the EU General Data Protection Regulation (GDPR, Art. 77).
Requests concerning the exercising of the rights of the Data subject shall be submitted in writing to the contact person of the controller in a personally signed or similarly certified document or personally presented to the controller.
The Data subject is responsible for the accuracy of the data they provide. The Data subject must give notice of any changes in the data provided by them.
The Data subject may provide and cancel consent for direct marketing in accordance with the Information Society Code (917/2014) by notifying the contact person indicated in this register description by e-mail. In addition, the Data subject has the right to ban the processing and handover of data concerning them for direct advertising, remote sales and direct marketing as well as for market and opinion surveys by notifying the controller’s contact person of the ban. The right to ban does not apply to customer communications or other communications relating to the implementation of services or managing customer relationships in connection with services.
This description was last updated on 18 October 2023. RateCompass reserves the right to change the data protection policies described here and update these terms and conditions accordingly.
If users have questions about our products or services, they are advised to contact customer service. If the question is specifically about privacy protection, we ask the user to contact the contact person indicated in this Register description.