Privacy Policy

This is the privacy policy description of Kometos Oy and relates to the customer and marketing register under the Finnish Personal Data Act (523/99) 10 § and 24 § and the EU General Data Protection Regulation.

Register controller:
Kometos Oy
PL 97 (Keskustie 23)
61801 Kauhajoki
Y-tunnus: 0834172-3

Register controller’s contact information:
+358 20 757 1400

Latest update: 14.03.2022.

Register name: Kometos Oy client and marketing register

The purpose and basis for processing personal data and content of the register: Information obtained mostly from business cards and prospecting has been recorded in the client and marketing register of Kometos Oy. We do not store obsolete or unnecessary data in the register. Personal data is processed for the purposes of managing relations with customers or other appropriate affiliation, business planning and development, provision of solutions and services, as well as for marketing, notification, opinion and market surveys, distance sales, and customer communication, which can also be carried out electronically and in a targeted manner. In doing so, we strive to provide better service to our customers.

The register can process the following information about all data subjects:
• first and last name
• title
• contact information of the workplace (postal address, phone number, e-mail)
• the time and method of beginning and ending the customership and/or objective link
• direct marketing consents and prohibitions
• information regarding the use of electronic services and content, such as newsletter subscriptions
• information related to marketing and sales promotion, such as marketing measures aimed at the data subject and participation in such measures.

In addition to the above-listed information, the following can be processed in the register, if necessary:
• customer number
• business ID of the employing enterprise
• invoicing and collection details of the employing enterprise
• information related to managing and maintaining contact with and classification of the customership or other appropriate affiliation, such as purchase and cancellation information, delivery details and feedback on products and services

Regular sources of data: The personal data regarding data subjects is collected from the data subjects themselves, mostly in the form of a business card, from various services used by the data subjects, such as Kometos Oy website, and in connection with various marketing measures. Personal data can also be collected and updated from the registers of Kometos Oy partners, such as agents, as well as from authorities and companies providing services related to personal data.

Protection of the Registry: In accordance with the rules, the data is not passed on to third parties for use other than for the purposes of verification and updating the data and in situations critical to the functioning of cookies. Kometos Oy does not transfer data outside the EU, but some of the external service or software providers used by the company may store data outside the EU or the European Economic Area.

Technical and administrative protection measures and storage: Personal data is protected against unauthorized access and illegal processing. The data is collected in databases that are protected by firewalls, passwords and other generally accepted means in the data security industry. The databases are located in locked premises, and data or parts of data can only be processed by persons who need the data for their work tasks. This includes both the data controller and the employees of the data controller and those of companies acting on behalf of the data controller, who have access to the data in the data register with the right of use granted by the data controller.

Kometos Oy stores personal data only as long as it is needed for the stated purpose of use or to fulfil legal obligations. When the collected personal data is no longer needed, we destroy or delete it securely. Any documents are stored securely from outsiders in a locked space, and electronic documents are printed only when necessary and paper printouts are destroyed after use.

In processing personal data and planning the processing, we follow the requirements of the EU General Data Protection Regulation (GDPR) effective since May 25, 2018. Data can be transferred to partners selected by the data controller, who process the data on behalf of the data controller, in which case we guarantee through contractual arrangements that personal data is processed in conformity with valid data protection legislation and appropriately in all other respects. Data can be disclosed in a manner laid down in the requirements of the competent authorities or other similar entities, based on valid legislation. Data can be handed over to buyers in connection with business arrangements, if Kometos Oy sells or otherwise organizes its business.

Rights of the data subject: According to the Personal Data Act § 26, individuals have the right to obtain information about the data stored about them in the register or to request rectification and erasure of personal data regarding them, if the processing of such data is not necessary. Data subjects can object to the processing of their personal data, if they feel that the personal data has been processed unlawfully. Data subjects also have the right to prohibit the use of their data for direct marketing. If the processing of the personal data of data subjects is based only on consent, the data subjects may withdraw their previous consent at any time or file a complaint about aspects of the processing of their personal data to the supervisory authority.

It should be noted that the data controller may have a statutory or other right and obligation to justifiably refuse to rectify, erase, limit processing or transfer data from one system to another. In viewing and rectification requests it is necessary to identify the personal data subject to viewing and to provide the name of the register to which the request applies. A written and signed viewing or rectification request must be sent by email to:

Data subjects can exercise their right regarding personal data free of charge only once a year. If the requests of a person are obviously unfounded or unreasonable, especially if presented repeatedly or if the person requests several copies, the controller may charge a reasonable fee based on the administrative costs for fulfilling the request, or refuse to fulfil the request.

Automated decision-making and profiling: Automated decision-making and profiling are not used in the processing of personal data. Kometos Oy employs generally used digital marketing methods and tools in collecting information about your movements on our website. This information is collected for the purposes of improving the usability and content of our site, for targeted marketing and advertising, and for establishing the interests of the visitor. Data is mainly collected by means of cookies and cannot be associated with the individual. You can read below more about the cookies used on our website.

Provision of information: The Privacy Policy is available on the website of Kometos Oy.

Kometos Oy is constantly developing its business and reserves the right to change this Privacy Policy in the event of development of its business operations or changes in legislation by announcing it in its electronic services such as its website or in connection with other communications.