Go to search service

Privacy policy

Updated 3 January 2019

Data Controller
LVI-Numero Oy
Eteläranta 10
00130 Helsinki

Person Responsible for the Personal Data Register
Magnus Sirén, Managing Director, magnus.siren_@_lvi-info.fi

This document describes the principles governing the processing of personal data in the LVI-INFO product information database. The product information database is located at https://port.lvi-info.fi and is owned by LVI-Numero Oy.

System Description
The LVI-INFO.fi service has three user groups: administrators, regular users, and viewers. Administrators are employees of Ambientia and LVI-Numero Oy. Regular users and viewers are employees of LVI-Numero Oy’s customer companies. All users must log in to use the service.

Subscribers to the LVI-INFO.fi newsletter have either subscribed to the newsletter themselves or have been added as recipients based on a customer relationship.

Purpose of Processing Personal Data
Personal data is processed for the purpose of managing and maintaining customer relationships related to the www.lvi-info.fi service, monitoring the use of online services and preventing misuse, as well as planning and developing the functionality of the online services.

Categories of Personal Data Processed in the System
The personal data register contains personal data of individuals who have registered as users of the www.lvi-info.fi service or subscribed to the newsletter.

The service does not process special categories of personal data referred to in Article 9 of the EU General Data Protection Regulation.

Administrators have access to all views and information within the service. This user group includes Ambientia employees and designated employees of LVI-Numero Oy.

Regular users administer their own company’s information. They can maintain their company’s product information and manage the information and access rights of employees within their company for this system (administrator or viewer access). A viewer only has access to their own company’s product information.

Users of customer companies and administrators can view the information of other users within the same customer company (name, phone number, email address). Administrators can also view information about deleted users. Viewer accounts cannot view other users’ information.

The following personal data concerning users and newsletter subscribers is processed and stored in the system:

  • Name
  • Phone number
  • Email address
  • Company

This information is used for communication between LVI-INFO administrators and customer companies, as well as for sending newsletters and announcements. In addition, the information is retained and processed for product history investigation purposes.

For companies, the system stores, among other things, products and their detailed technical information, company contact details, and billing addresses.

Sources of Data
The register contains information provided directly by registered individuals, as well as service usage data collected during the use of the service.

Customer information is added to the register during registration and removed at the customer’s request. Information is updated when necessary.

Regular Disclosure of Data
Personal data contained in the register is not disclosed to external parties.

Principles of Register Protection
The register is stored in an information system accessible only to employees of LVI-Numero Oy who require access to the system in order to perform their work duties. The information system is protected with usernames and passwords.

All data traffic related to the service is transmitted over an encrypted HTTPS connection, from the user’s browser to the Apache HTTP Server located in front of the application. Personal data is stored in a database or newsletter application, and attachments are stored on the server’s disk. The application writes events to logs that include the person’s full name in plain text. Access to the server, database, and application administration views is restricted to authorized persons after authentication.

The contact details of a company’s contact person are transferred to the party responsible for invoicing, but otherwise no data is disclosed to third parties.

It is not possible to completely delete a person’s data from the service, as the data is required for tracking product history information in accordance with Article 17 of the EU General Data Protection Regulation.

The system is hosted in Ambientia’s server environment. The server operating system is Red Hat Enterprise Linux 6. The server is accessible only from Ambientia’s internal network and only by separately authorized persons.

Facebook-f Linkedin-in Youtube
Contact information

Eteläranta 10
00130 Helsinki

Company

Website & Design by Intendit