REGISTRATION | LOG-IN

Register and Privacy Policy

This is the register and privacy policy of Fodesco Oy, in accordance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (1050/2018).

Prepared on: 02.05.2018. Last updated: 06.10.2025.

1. Controller

Fodesco Oy, Hirsikankaantie 2, 80710 LEHMO

2. Contact Person Responsible for the Register

Kyösti Nevalainen
firstname.surname @ fodesco.fi

3. Name of the Register

Customer Register of the Company.

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data is the controller’s legitimate interest as defined in the EU GDPR (e.g., maintaining a customer relationship). In customer acquisition, marketing is only conducted based on consent. The purpose of processing personal data is to handle orders, maintain contact with customers, manage customer relationships, and conduct marketing. The data will not be used for automated decision-making or profiling.

5. Data Content of the Register

The following data may be stored in the register: company/organization, business ID, delivery and billing information, contact person’s name, contact details (phone number, email address, website), e-commerce credentials, information about ordered products and any changes to them. Data is retained for the duration of the customer relationship.

6. Regular Sources of Data

Data is collected from customers via messages sent through online forms, by email, phone, contracts, customer meetings, and other situations where the customer voluntarily provides information. Company information is also checked from public official registers and credit or payment default registers.

7. Regular Disclosures and Transfers of Data Outside the EU or EEA

Data is not regularly disclosed to third parties. Technical processing of data may occur outside the EU or EEA, but only by service providers that comply with GDPR-approved safeguards (e.g., standard contractual clauses approved by the EU Commission).

8. Principles of Register Protection

Care is taken when processing the register, and data processed via information systems is properly secured. When data is stored on internet servers, appropriate physical and digital security measures are taken. The data controller ensures that stored information, server access rights, and other critical personal data are handled confidentially and only by employees whose job responsibilities require access.

9. Right to Access and Rectify Data

Every person in the register has the right to review their stored data and request correction of any incorrect or incomplete information. To do so, a written request must be submitted to the data controller. The controller may request verification of the requester’s identity if necessary. The controller will respond within the time limits set by the GDPR (typically within one month).

10. Other Rights Related to the Processing of Personal Data

A person in the register has the right to request the deletion of their data (“right to be forgotten”). They also have other rights granted under the GDPR, such as the right to restrict the processing of their data in certain situations. Requests must be submitted in writing to the data controller. The controller may request verification of the requester’s identity if necessary. The controller will respond within the time limits set by the GDPR (typically within one month).