Privacy Policy

Rautakeskus's privacy policy where we explain how we handle your personal data.

Rautakeskus Group Oy's (”Rautakeskus”) Privacy Policy

With this privacy policy, we provide you (customer, user of our online store, or other person whose data we process) information about what data we collect in our online store and locations and how we process the data you have entrusted to us.

Personal data is information from which an individual can be identified. We may also collect information that cannot be used to identify an individual or convert collected personal data into a form that no longer identifies the individual.

We process your personal data in accordance with the General Data Protection Regulation and national data protection laws.

Data Controller

  • Rautakeskus Group Oy
  • Otsotie 21, 01900 Nurmijärvi
  • 040 668 8713

Questions regarding the processing of personal data or data protection should be addressed by email to: tietosuoja@rautakeskus.fi

Collection and Processing of Personal Data

Whose personal data do we process?

We collect information about our customers, their beneficiaries or guarantors, and users of our online store. A Rautakeskus customer or online store user can be a consumer customer or a business customer. To serve our business customers, we also process the personal data of their responsible persons.

What kind of personal data do we process?

We collect and process the following types of personal data as applicable.

Customer Relationship Data

Basic Information
  • Identification information: name, personal identification number, date of birth
  • Contact information: address, phone number, email address
Customer Information
  • Rautakeskus customer number
Business Customers
  • Company responsible person: name, job title, job function
  • Contact information: phone number, email address
Other Customer Relationship Information
  • Purchase and payment transaction information: purchase history, payment method information, delivery information, billing information
  • Price categories
  • Communication with the customer
  • Customer interests and builder profile information
  • Customer satisfaction information and feedback

Online Store

  • Identification information: user username and password
  • Information about the user's behavior on the website
  • Information about the computer used by the person using the website (read more about cookie policies below)

Marketing and Communication

  • Direct marketing consents
  • Information provided through social media

Credit Granting Information

  • Customer or guarantor credit information
  • Credit balance
  • Possible guarantees and securities and related personal data (including personal identification number)

Other Information

Beneficiary Information
  • Account holder or beneficiary name, date of birth, phone number, email address
Security and Property Protection Information
  • Recordings from surveillance cameras
  • Vehicle registration number
Additional Service Information
  • Reservation and registration information for events
  • Information about loan or rental products
Other Information
  • Other information you provide when dealing with our online store, unit, or otherwise

When do we process your personal identification number?

We process your personal identification number as limitedly as possible and only when necessary. We collect your personal identification number if you open a personal credit account or are a customer of our rental business. Processing of the personal identification number is necessary for credit decision and guarantee arrangements and for managing your credit account. Additionally, we may process your personal identification number for debt collection arrangements.

How do we process your payment information?

The processing of certain payment information, such as credit card and debit card payments and online banking payments in the online store, is outsourced to third parties to ensure the security of the service, and this information is not stored in our systems. We only use trusted payment service providers. The payment service provider acts as the data controller for payment information. You can also contact us if you have questions about the information processed in the payment service.

Where do we collect the information from?

We primarily collect the information directly from you. Additionally, we collect information from the following sources:

  • Payment and billing information from our payment service providers depending on the chosen payment method;
  • Contact information of company responsible persons from selected partners and public sources when targeting marketing and communication to our business customers;
  • Credit information from Suomen Asiakastieto Oy's credit register when we grant you a credit account or our receivable is at risk;
  • Information about invoices and receivables transferred to collection from our billing and collection partners if our receivable has been transferred to the reminder or collection process.

For what purposes do we process personal data?

Personal data is processed for the following purposes, among others:

  • Processing, delivery, and archiving of purchases and orders;
  • Providing customer and user accounts;
  • Customer service, customer complaints, refunds, returns, and other similar after-sales services;
  • Management of customer relationships, services, and the online store and improving the customer experience;
  • Billing, credit management, guarantee management, and enabling payment;
  • Direct marketing, marketing, marketing competitions, targeted content, pricing, customer communication, and customer feedback;
  • Protecting property;
  • Resolving legal claims and disputes;
  • Analytics and statistics.

On what basis do we process your personal data?

We apply the following legal bases for processing your data in accordance with Article 6(1) of the General Data Protection Regulation:

Contract between you and Rautakeskus

Personal data may be processed in the following situations, among others:

  • Purchase and sales contracts;
  • Account and loyalty program contracts;
  • Commitment to benefit or account usage rights;
  • Guarantee commitment or contract related to the use of the online store;
Your consent

Personal data may be processed in the following situations, among others:

  • Direct marketing to consumer customers, unless there is another legal right for direct marketing;
Compliance with a legal obligation

Personal data may be processed in the following situations, among others:

  • To arrange for statutory liability and right of withdrawal;
  • To enable accounting and mandatory recalls ordered by authorities;
To fulfill the legitimate interest of Rautakeskus or a third party

Personal data may be processed in the following situations, among others:

  • To provide better and more personalized services;
  • To improve customer communication;
  • To understand customer relationships and conduct market research;
  • To target direct marketing and other marketing to business customers;
  • To protect property;
  • To improve and develop information security;
  • To prevent fraud and dishonesty

How long do we retain your personal data?

Your personal data is generally retained as long as your customer or user account is active. You can terminate your customer or user account by notifying us. After terminating your account, we may need to process your data for handling potential claims and complying with statutory and internal retention periods (e.g., accounting records).

We may also need to retain your data after the primary purpose of processing has ceased. An example of this is the management of your expressed direct marketing prohibition, which requires processing your data to ensure that you do not receive direct marketing in the future.

Certain personal data is deleted sooner than mentioned above. For example, surveillance camera recordings are retained only for a limited time. To ensure that we do not process your data for an unnecessarily long time, we may anonymize certain data groups, such as customer survey data, instead of deleting the data, so that it can be used for analysis or statistics.

How do we ensure the effective and secure processing of your personal data?

Rautakeskus takes necessary technical and organizational measures to ensure a high level of data protection in the processing of personal data.

Our staff is instructed to process personal data only for a limited purpose and by a limited group of people. Access to personal data is restricted at the system level.

Additionally, we continuously develop our processes to ensure that the processing of personal data is efficient and connected to the systems acquired for that purpose.

It is important to us that our customers receive increasingly personalized service, so we strive to improve the analysis and statistics of the information provided by customers. You can voluntarily provide us with information about your construction project or interests during registration, purchase, marketing campaign, survey, or other processes. This information can be used to provide you with more personalized service at our locations, in our online store, or in marketing directed at you. We strive to anonymize your personal data whenever possible when there is no longer a need to process it.

Outsourcing and Disclosures

When do our partners process your data?

We have outsourced some of the processing of personal data to our partners. Outsourced data processing regularly occurs through third-party information systems, direct marketing services, communication agencies, transportation companies, and payment service providers. We regulate data processing through data processing agreements in accordance with the General Data Protection Regulation to ensure the legality of processing and that your data is processed only for a limited purpose.

Your personal data may be disclosed to other data controllers for enabling payment methods and services, phone services, and collection and credit checks. We do not disclose your data for third-party marketing purposes.

Is personal data transferred outside the European Economic Area?

Personal data may be processed within the framework of data protection legislation outside the European Union and the European Economic Area, depending on the data processing service provider. In such cases, the processors are required to implement a sufficient level of data protection in accordance with data protection legislation, for example, by using the European Commission's standard contractual clauses. Data may also be transferred to countries listed by the European Commission as having an adequate level of data protection, such as Canada. Currently, your data is processed under our data processing agreements in the United States and Canada.

Can authorities access your data?

Your personal data may also be disclosed to authorities or other public entities if we are required to provide the information by law or regulation.

Cookies

Use of Cookies

We use cookies on our website to better target and develop our services.

A cookie is a text file stored on the visitor's device by the website, allowing the website administrator to recognize the visitor when they return to the site. Additionally, a cookie can be used to recognize the visitor's visit to another operator's website. In this case, the visitor may see advertisements related to the site that stored the cookie.

You can block the use of cookies or delete stored cookies from your browser settings. However, this may affect the ease of use of the site and, in some cases, even prevent the use of the site.

Cookies Necessary for the Operation of the Online Store and Improving Usability

We collect cookies necessary for the operation of the online store, which ensure the best possible user experience for our online store users. These cookies relate to, among other things, analyzing the performance of the online store, enabling fast page loading, saving the shopping cart even if the site is closed, and facilitating site navigation.

Cookies Related to Analysis and Marketing

Cookies related to analysis allow us to monitor the use of our online store without tracking or identifying individual users. These cookies provide information about, for example, which products users of our online store are interested in and what they buy from us. Analysis allows us to develop the site to better meet the needs of our customers.

Cookies Related to Marketing

Cookies related to marketing are used to target advertising that interests the customer online, both on our sites and outside our site. Cookies do not themselves store your personal data, but they can be used to identify your browser and target appropriate marketing to you based on your online behavior, for example, through marketing banners placed on different sites.

Your Rights and How You Can Influence the Processing of Your Personal Data

You have rights based on data protection legislation, which you can exercise by contacting us by email at tietosuoja@rautakeskus.fi. We aim to respond to inquiries and requests as soon as possible.

Withdrawal of Consent

If the processing of your data is based on consent, you have the right to withdraw your consent to the processing of your data. When you withdraw your consent, we will stop processing the data and delete it to the extent that processing is no longer necessary. Direct marketing messages offer the option to prohibit receiving direct marketing messages in the future.

Inspection and Correction

You have the right to inspect your personal data and request the correction of incorrect information, deletion of data, and transfer of data in accordance with the General Data Protection Regulation. You also have the ability to edit your data in our online store or make a request to edit the data at our unit or by email to the address mentioned above.

Deletion and Objection

You can request that we delete or restrict the processing of your personal data. In this case, we will investigate the request and strive to comply with your wishes as far as possible within the framework of the purpose of processing or statutory retention periods and obligations. You also have the right to object to the processing of your personal data for a justified reason.

Verification of Identity

Exercising the above-mentioned rights requires verification of your identity. We do this to ensure that an external person cannot influence how we process your data.

Your Right to Dispute Processing

You have the right to object to or dispute our way of processing your personal data by filing a complaint with the supervisory authority. The complaint can be made on the Data Protection Ombudsman's website at tietosuoja.fi or through the contact details available there.

Changes to the Privacy Policy

Compliance with data protection is an ongoing process. We strive to develop our operations and data processing, which may necessitate updating this privacy policy. We reserve the right to change this privacy policy from time to time. Changes will be announced on our website or in this privacy policy. We may also notify you of significant changes by email or other appropriate means directly.

Last updated: December 2024