Note: this privacy statement is a direct translation from its Finnish equivalent. If there is a conflict between the English and Finnish version of the privacy statement, the terms determined in the Finnish privacy statement are applied. 

 

On the Road Again Oy's group and its affiliated companies engage in the collection and processing of personal data. In this privacy statement, in accordance with the General Data Protection Regulation (679/2016/EU) Articles 13 and 14, and the Data Protection Act (1050/2018), we outline what information about our corporate customers we collect and process, why we do so, and how we store the data.

 

1. Controller and affiliated companies

 

The controller is On the Road Again Oy group (business ID 3131993-8).

Business address & mailing address: Lastaajankatu 5, 33560 Tampere

 

The following companies are part of the group:

 

Back In Business Oy (3089642-6)

Going Smooth Oy (3279435-1)

RestaUra Oy (3265170-5)

This is Business Oy (3244907-2)

 

2. Person responsible for the register

 

Contact:

Mirko Lännenpää (CEO / On the Road Again Oy)

mirko.lannenpaa@panchovilla.fi

050 531 9586

 

3. Register name 

 

On the Road Again Oy’s corporate customer privacy statement. 

 

4. Purpose and legal basis for the processing of personal data

 

Personal data and invoicing information are collected from the group’s and its affiliated companies’ corporate customers and individuals representing them. The purpose of collecting this information is to ensure smooth communication and maintain business cooperation. The legal basis for processing personal data is the legitimate interest of the data controller to be in contact with customers. When a customer enters into an agreement with On the Road Again Oy or its affiliated companies, the legal basis is the respective contract.
 

5. Content of the register

 

The register includes identification and contact information of our corporate customers' contacts, such as name, profession, position in the company, phone number, email, and workplace address. We also store and process information about our corporate customers, such as company names, contact information, and billing details, including billing addresses, electronic invoicing addresses, broker codes, and broker information. In addition, data related to bans on marketing and promoting activities, such as bans and consents on direct marketing, marketing activities (for instance, data on marketing raffles and their participation data) can also be stored and processed.  

 

6. Regular sources of personal data

 

The register is primarily created based on the information provided by the contacts of corporate customers. Information is also obtained through the corporate customer’s website, email and customer meetings, as well as from publicly available internet sources and other public sources, such as the trade register.

 

7. Disclosures, transfers, and recipients of personal data

 

The disclosure of personal data can, in principle, only occur for purposes that support the operational concept of the corporate customer register, and where the purpose of data usage is not fundamentally incompatible with the purposes of this register.

 

The data controller may, at its discretion, disclose personal data within the limits allowed and required by the current legislation to affiliated companies within the same group or to partners representing the registered person, unless the registered person has explicitly prohibited this. If the data controller sells or otherwise arranges its business, information may be disclosed to buyers during business arrangements.

 

The data controller does not disclose personal data of corporate customers, their decision-makers, or contacts to third parties for marketing purposes unless it is a data transfer required by legislation or official regulations.

 

Regarding the processing of personal data, information may also be transferred by the data controller to entities outside the European Union (EU) or European Economic Area (EEA) (e.g., cloud services such as Google Drive and Microsoft OneDrive) that are committed to complying with the requirements of the General Data Protection Regulation in ways that ensure sufficient data protection for the processing of personal data.

 

8. Data protection principles of the register

 

The controller has implemented appropriate technical and administrative security measures to ensure the protection of personal data. Personal data is stored both in electronic databases and manually maintained materials. Electronically processed databases are protected by firewalls, passwords, and other generally accepted technical means in the field of information security. Manually maintained and processed materials are located in premises where unauthorised access is prevented.

 

Only those specifically defined and identified individuals whose tasks require the processing of personal data stored in the register have access to personal data. These individuals access the system with personal user accounts within the controller's internal network.

 

9. Retention period of personal data

 

The personal data of the registered individual is retained only for as long as is required for the implementation of the purposes specified in this privacy statement.

 

10. Rights of the registered individual

 

In accordance with legislation, the registered individual has the right to inspect what information concerning them is stored in the personal register. Additionally, the registered individual has the right to request the correction of inaccurate information in the register or the deletion of personal data within the limits and in accordance with applicable data protection legislation.

 

The request for correction of information must specify the error that needs to be corrected and indicate the correct information. Requests (including requests for data deletion) must be made in writing and sent signed to the address mentioned in section 1. The registered individual has the right to lodge a complaint with the national data protection authority (in Finland, the Data Protection Commissioner) or another data protection authority of the European Union or European Economic Area if the registered individual believes that their rights under data protection legislation have been violated. The registered person has the right to prohibit the use of their information for direct marketing, market research, and opinion polls. Such a prohibition can be communicated at any time to the data controller at the above-mentioned address or, for example, by unsubscribing from the mailing list as instructed in the marketing message.

 

11. Changes to the privacy statement

 

The controller continuously develops its business and therefore reserves the right to change this privacy statement by notifying about it through its services and websites (RestaUra privacy statements = www.restaura.fi/tietosuojaselosteet). Changes may also be based on changes in legislation. The controller recommends registered individuals to regularly review the content of the privacy statement.

 

This privacy statement has been updated last on 15th of February, 2024.