Privacy Policy

Naava HERO- tunturi-2
GDPR Compliance D-Fence 2019

Privacy Policy

1. Controller

Naava Group
Laukaantie 4, 40320 Jyväskylä, Finland

Puh. +358 144 591 503

2. Contact person

Toni Aalto
IT Manager

Puh. +358 44 0200 600

3.Name of the register


4. Purpose and legal basis of processing personal data

The purpose of the register is to maintain Naava's customer register, to manage customers' orders, filing and handle customer relationships.

Processing and the collection of Personal Data will be limited to what is justifiable to provide our website users with improved experience when browsing at our website, and to what is deemed necessary for Naava in carrying out its business and improving its services, provided that these interests are not outweighed by the data subjects rights and interests.

Information from the register can be used in the company's own registers for, for example, targeted advertisement without giving out information to outside parties. Personal Data may be disclosed and moved to the company's partners' server due to technical requirements. Personal Data is only processed in order to maintain the company's customer relationships.

The company has the right to publish the information within the register online or as a written list, hasn't the customer specifically asked not to. The meaning of a list in this purpose is, for example, address stickers for direct mail or similar use cases. The customer has the right to ask the company no to disclose any Personal Data by informing the company's customer service by email ( or the register's contact person.

5. Processed information

The Personal Data register contains the following information:

The contact's first and last name
The represented organization
Phone number
Information about previous orders
Banking information
The contact's online activity

6. Sources and transfer of information

Personal Data is collected through the customer's internet and online activity. Personal Data is received through registrations done by the customer and information given out by the customer during the relationship with the company. Information such as the customer's name and contact information is also received through third parties. Information can also be received from subcontractors related to the use or production of the service.

Naava may use other technologies or third party analytical software to collect and use data. The collected Personal Data is only in the company's use, except when using a third party service provider to either provide the customer with added value or to the support of credit applications.

Personal Data will only be disclosed in cases of credit applications, debt collections, invoicing and to authorities in cases required by the mandatory local legislation or court order. Only necessary personal data is shared with these third parties. Personal Data will not be distributed outside of the EU, unless necessary to fulfill technical requirements. Collected information about a customer will be disposed by the customer's request, unless local legislation, open invoices or debt collection prevents deleting the information.

7. Data protection principles

A) Physical documents: Personal Data collected manually will be stored behind locked and fire safe doors. Only selected employees, who have signed a non-disclosure agreement, has the right to process manually collected Personal Data.

B) Electronic documents: The rights to access databases containing Personal Data are restricted, so that the information can only be viewed and processed by persons who are legally admitted and required to do so. All databases and information systems are only accessible with individual and personal login information, an username and password. All users have signed a non-disclosure agreement. The databases are protected by a firewall to prevent outside access.

8.Rights of the data subject

Data subject has right to receive information about what Personal Data has been collected by Naava. The customer shall make a written request to the company's customer service or the register's contact person. Data subject has the right to object processing, to the extent that it is related to direct marketing, by contacting the company's customer service.

Data subject has the right to request erasure of personal data in the register, if the legal basis for processing of personal data has ceased as well as request correction of incorrect information. The request shall include a specification over the information that the data subject wishes to erase or correct and can should be sent by email to the company's email, The corrections will be made without delay.