Privacy Policy

Privacy Policy – Customer and marketing register

June 6th, 2023
This is a combined personal data file description and newsletter to Procemex Ltd’s customers,
potential customers and website users. Its content adheres to Sections 10 and 24 of the Personal Data
Act (523/1999) and Articles 12 and 13 of the EU General Data Protection Regulation.

1. Controller

Dear customer or website user,
Thank you for your interest in our services.
In order to implement the service, we need some information about your company and contact
persons. We will treat this data as if it were our own: we want to be worthy of your trust.
In this Privacy Policy we will try to explain our data processing practices as openly and transparently
as possible. Read it through carefully. If you have any questions, we will be happy to answer them.

Contact:
Procemex Ltd. (FI16201990)
Appiukontie 10; PO Box 306
FI-40101 Jyväskylä
+358 14 337 2111
info@procemex.com

2. Data subjects

• Customers (contact persons)
• Potential customers
• Website users
• Web shop users

3. Purpose and criteria for processing personal data

4. Data entries

The register may contain the following information:

5. Duration of data processing

As a general rule, personal data are processed for as long as the customer agreement for which the data are needed is valid. The data are entered as they are received from the data subjects themselves and updated as per updates sent by the data subjects to the Controller.

Form data sent via this site are deleted automatically within two (2) years after being submitted. Unnecessary personal data are deleted from our customer and marketing register every six (6) months. If you want to stop receiving our email marketing messages, you can remove yourself from the mailing list by clicking the exit link included in each of the emails.

6. Your rights

Your rights are explained below. Any requests concerning your rights should be sent to info@procemex.com

Right of access
You have the right to access your personal data stored by us. In case of any errors or shortcomings, you may request us to correct or supplement the data.

Right of objection
If you feel that we have processed your personal data contrary to the law or that we have no right to process your data or part thereof, you can object to its processing at any time.

Ban on direct marketing
You can prohibit us from using your data for direct marketing purposes at any time. We will never sell or otherwise transfer your data to third parties in order for them to initiate direct marketing
campaigns. We purchase online advertising from, for example, LinkedIn and Google, but do not submit your personal data to them. Online advertising is not a form of direct marketing but is based on cookies. For further information, please see Cookies.

Right of erasure
If you feel that certain data are no longer necessary in relation to the purposes for which they were collected or processed, you have the right to ask us to delete such information. We will review your
request and either delete the data or give you a legitimate reason why the data cannot be erased. If you disagree with our decision, you have the right to lodge a complaint with the Finnish Data
Protection Ombudsman (instructions for making a complaint). In addition, you may request that we limit the processing of the disputed data until the matter has been resolved.

Right of appeal
You have the right to lodge a complaint with the Finnish Data Protection Ombudsman if you feel that we are violating existing data protection legislation when processing your data (instructions for
making a complaint).

7. Regular sources of information

Data concerning potential customers are collected from said customers with their permission during
website visits, or through other personal or digital communication.

8. Release of information

As a general rule, personal data are not released for marketing purposes outside Procemex Ltd. Some data may, however, be selectively released to a third party commissioned by the Controller to execute a targeted marketing campaign. In such a case, the Controller retains the ownership of the data, and the third party has no right to use the data for anything other than the commissioned task.

We have ensured that all our service providers comply with data protection legislation. Our regular service providers include the following:

• Lemonsoft
• Eemailer
• DealFront
• PiwikPro
• Hotjar
• Microsoft
• Fisher International

9. Transfer of data outside the EU

Where possible, we store your personal data in a selected and secure data center located in Europe. Some of the above service providers may use backup servers located outside the EU/EEA in the
United States. Backup is used to ensure that your data remains safe in the event that the primary servers fail.

Privacy Shield
We have made sure that our service providers are committed to the so-called Privacy Shield frameworks (https://www.privacyshield.gov/list) designed by the EU and the United States to ensure that the data transmitted from Europe to the United States is processed in compliance with data security practices.

10. Principles for the protection of data files

Safe and secure data handling is of utmost importance to us. To this end, we have employed a variety of means to protect your personal data.

• Access to the system requires a user ID and a password. The system is also protected by
  firewalls and other technological means
• Data files can only be accessed and used by employees of the Controller who are designated
  and appointed for the task.
• Use of the register is protected with user-specific IDs, passwords and access rights.
• The register is located on a computer, which is located on a server in an ICT room protected
  from unauthorized access.
• The facilities are locked and guarded.
• The data files are backed up regularly.

11. Cookies

This site uses cookies. The site sends to the browser cookies – small text files that are stored on your computer’s hard drive. We use both session ID cookies, which expire when you close the browser, and
persistent cookies, which are stored on your computer’s hard drive.

Cookies allow us to recognize your browser and to use this information to, for example, count the browsers used to visit our
website and to analyze and statistically monitor the use of our site. They also allow us to track and monitor the interests of our visitors, and to use this information to improve the site. All information
collected is anonymous, and none of the online activities can be linked to a specific individual.

Most Internet browsers automatically accept cookies, but if you want to, you can modify the settings of your browser and at any time disable the cookies. You can avoid cookies by modifying the settings
in your web browser and banning their use.

Advertising cookies help us to ensure that our ads are as relevant and interesting to you as possible. They also prevent the same ads from being displayed. Some third parties may also use cookies or web beacons (1 pixel image files) to provide relevant advertisements when you visit different sites.

The data collected via cookies or web beacons do not contain or reveal to us or third parties any personally identifiable information such as your name or contact information. Third-party advertisers
may also use technology that measures the effectiveness of their ads. This may be done via beacons (1 pixel GIF files) placed on our site to collect anonymous data. After receiving anonymous data on
visits to this and other websites, advertisers are able to customize advertisements to the user’s preferences.

This website uses the Google Ads remarketing service to advertise on Google websites to previous visitors to our site. The user is not identifiable from the information associated with the cookies. The
Google Ads remarketing service may be blocked at www.google.com/settings/ads. For more information about customized browser-based advertising, please visit Your Online Choices.