Data Protection Statement of the Register of Electronic Services

This is Component Hardware registration and data protection statement in accordance with the EU General Data Protection Regulation (GDPR).

1. PURPOSE AND BASIS OF PERSONAL DATA PROCESSING

The primary basis for processing personal data is the customer relationship between Component Hardware and the customer, the customer's consent or something else.

Personal data can be processed for the following purposes: Managing customer relationships, handling customer feedback and other consumer contacts, for marketing purposes, as well as managing purposes related to other online services, as well as managing and implementing related communication and marketing.

2. INFORMATION CONTENT OF THE REGISTER

Information about the user is registered in Component Hardware's register, which the user himself reports when using the websites. This basic information includes e.g. contact information of persons, such as name, address, telephone number and email address, language, other information related to the customer relationship and ordered services, such as direct marketing permits and prohibitions, and other necessary contact information.

IP addresses of website visitors and cookies necessary for the functions of the service are processed on the basis of a legitimate interest, e.g. to take care of information security and for the collection of statistical data of website visitors in those cases when they can be considered as personal data. If necessary, consent is requested separately for third-party cookies.

3. STORAGE PERIOD OF PERSONAL DATA

The company keeps personal data in the customer register until the customer relationship between the registered person and Component Hardware can be considered to have ended. The termination period is determined from the data subject's most recent service contact or contact, to which 10 years are added. Some of the data may have to be kept longer than this due to legal reasons.

4. REGULAR INFORMATION SOURCES

Information is primarily obtained from the following sources:

Events related to the registered person and the registrant's customership, use of services, communication and transactions. Information can be obtained e.g. From messages sent via www forms, by e-mail, by phone, through social media services and other situations where the user himself gives his information. In addition to the information provided by the registrant himself, events related to the registrant's customership, use of services, communication and transactions (Log data) can be saved.

Information about contact persons of companies and other organizations can also be collected from public sources such as websites, directory services and other companies.

5. REGULAR TRANSFER OF DATA AND DATA TRANSFER OUTSIDE THE EU OR THE EUROPEAN ECONOMIC AREA

Component Hardware uses the ActiveCampaign email service for marketing and customer communication. ActiveCampaign will be transferred the information provided by the user and, where necessary, information related to marketing. In addition to the person himself, this information may come from authorities and companies providing services regarding personal information. ActiveCampaign is a US company, in which case personal data is transferred outside the European Union. However, personal data is protected as required by the Personal Data Act and AcriveCampaign belongs to the list of companies certified by the Privacy Shield framework between the USA and the EU. More information on ActiveCampaign's website:  https://www.activecampaign.com/legal/gdpr-updates/gdpr-overview

6. Use of cookies

On our website, we use the so-called cookie function, i.e. cookies. A cookie is a small text file that can be sent to the user's computer and stored there, which enables the website administrator to identify visitors who visit the website frequently, to facilitate the login of visitors to the website, and to enable the compilation of composite information about the visitors. With the help of this feedback, we are able to constantly improve the content of our pages. Cookies do not damage users' computers or files. We use them in such a way that we can offer our customers information and services according to each of their individual needs.

If the user visiting our pages does not want us to receive the aforementioned information with the help of cookies, most browser programs enable the cookie function to be turned off. This is usually done through the browser settings.

However, it is good to take into account that cookies may be necessary for the proper functioning of some of the pages we maintain and the services we offer.

The tracking tools we use:

With the help of the Facebook Pixe l cookie from Facebook Inc., we can target Facebook advertising to users who have visited our site and monitor the results of advertising. However, Finnvera itself cannot identify users who have visited the site. More information about the Facebook Pixel tool: https://www.facebook.com/business/learn/facebook-ads-pixel

For visitor tracking, we use the Google Analytics program from Google, Inc. , with the help of cookies, our website recognizes your computer when you return to the pages or browse them. The service is used to monitor, among other things, the number of visitors to the site, which website the visitors came from and which pages of our site they visit. The information is not used to identify individuals. More information about the Google Analytics program can be found at  https://marketingplatform.google.com/about/analytics/

Google Tag Manager , used to manage tracking tags.

7. DESCRIPTION OF REGISTRY PROTECTION PRINCIPLES

The information of the user register of Component Hardware's electronic services is stored in the system of the registrar, which is protected by the physical and digital data security of the equipment in a relevant way. Such means include, for example, the use of firewalls, secure equipment rooms, managed granting of user rights and monitoring of their use, instructing the personnel involved in data processing and the use of required encryption techniques. Access to the system requires a username and password, and the information contained in the register is located in locked and guarded premises.

The register is handled carefully and appropriately. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it is. The digital material can only be accessed with the personal username and password of the employee entitled to it.

8. RIGHTS OF THE REGISTRANT

The registered person has the right to check his/her data stored in the register and to demand the correction of any incorrect data or the completion of incomplete data. If the data subject wants to check the information stored about him or demand corrections, the request must be sent in writing. If necessary, the registrar can ask the requester to prove his identity. The controller will respond to the customer within the time stipulated in the EU data protection regulation (30 days).

The registered person has the right to file a complaint with the competent supervisory authority if the data controller has not complied with applicable data protection regulations in its operations.

If personal data is processed based on the data subject's consent, the data subject has the right to withdraw his consent by notifying Component Hardware of this in accordance with section 12 of this privacy statement.