GDPR

Privacy Policy in compliance with the General Data Protection Regulation (EU) 2016/679

31 May 2019

1.Controller
Aurora Propulsion Technologies Oy, Otakaari 5, 02150 Espoo

2. Contact person in matters concerning the data file
Aurora Propulsion Technologies Oy, Roope Takala, Otakaari 5, 02150 Espoo

3. Name of the data file
Aurora Propulsion Technologies Oy website visitor data file.

4. Purpose of the data file
The controller or a partner authorised by the controller can use customers’ or potential customers’ personal data for the following purposes:

  • Aurora Propulsion Technologies Oy marketing communications, including direct marketing to those who have given their consent.
  • Managing and improving customer relations.
  • Developing the controller’s business and related customer services.

Personal data is processed in accordance with the EU’s General Data Protection Regulation (GDPR). The processing of personal data is based on consent and data subjects can withdraw their consent at any time.

5. Data content of the data file
The data file contains basic information provided by visitors to Aurora Propulsion Technologies Oy: name, company, town, email address and telephone number. If a visitor fills in a job application form, their year of birth, education, qualifications and language skills will also be included in the data file.

Other information: customer feedback, customer satisfaction data, campaign-specific data, data relating to the use of services as well as purchase behaviour, consent or refusal to receive direct marketing and distance sales communications, other information concerning customers or potential customers obtained with their consent or authorisation that are necessary for the provision of the services they require.

6. Regular sources of data

Data concerning customers and potential customers is obtained by means such as newsletter subscriptions, opinion and feedback messages, and competitions and prize draws. Only the data of those persons who have given their consent for being contacted for marketing and communications purposes is stored. Otherwise, the data provided for a specific campaign is only retained for the time specified in each campaign’s terms and conditions.

7. Data disclosure
Personal data may be disclosed to authorities in cases specified in the law. Personal data is not transferred outside the European Union or the European Economic Area unless this is required for the technical implementation of the service. In this case, the controller ensures an adequate level of protection as required by the law. Personal data may be disclosed, within the limits set in the GDPR, to Aurora Propulsion Technologies Oy partners and subcontractors that work by order of or on behalf of Aurora Propulsion Technologies Oy in operations related to Aurora Propulsion Technologies Oy online services.

8. Principles of protecting the data file
The data is stored in the controller’s system and protected with data protection software. The access right to the data file requires an individual user name and password that are only provided to members of the controller’s staff whose position and duties require access. The data contained in the data file is located in a locked and secure space.

9. Rights of data subjects

9.1 Right to be informed

Data subjects have the right to obtain transparent information about the processing of their personal data. Data subjects are informed of the processing of their personal data by this Privacy policy.

Data subjects have the right to have access to their personal data. They must submit a request to the controller’s contact person in writing, and the controller provides the data within 30 days of the request.

9.2 Right to rectification

Data subjects have the right to request that their data be rectified and erased without delay. The request must be submitted to the controller’s contact person in writing. The controller is obliged to erase the data if one of the following criteria is met: 1) The personal data is no longer needed for the purposes for which it was collected; 2) The data subject withdraws their consent; 3) There is no legitimate reason for the processing of the data or the data subject objects to the processing of their data or to the use of their data for direct marketing purposes; 4) Personal data has been processed unlawfully; 5) Personal data has to be erased due to a legal obligation; 6) Personal data has been collected in connection with the provision of information society services.

9.3 Right to restrict processing

Data subjects have the right to request that the processing of their personal data be restricted if any of the criteria in Article 18 of the GDPR is fulfilled. The right to restrict the processing applies if the data subject contests the accuracy of their personal data.

The controller informs every recipient of the personal data of any rectification, erasure or restriction unless this involves disproportionate effort. The controller informs the data subject of these recipients if the data subject so requests.

9.4 Right to data portability

Data subjects have the right to obtain their personal data and to submit their data to another controller. The right to data portability also gives data subjects the right to request that the controller transmits their data directly to another controller if this is technically feasible. The right applies if the processing is based on consent or for the performance of a contract and is carried out by automated means.

9.5 Right to object

Data subjects have the right to object to the processing of their personal data at any time if they have given consent to the processing. They also have the right to object to the processing of their personal data at any time if the processing is based on the company’s legitimate interest or profiling. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

After a data subject has objected to the processing of their personal data, the controller is only allowed to carry out processing if it can demonstrate compelling legitimate grounds for the processing.

Data subjects have the right to object to the processing of their personal data for direct marketing purposes at any time, including profiling when it is related to direct marketing.

9.6 Automated decision-making

Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. The above paragraph does not apply if, for example, the decision is necessary for entering into or performance of a contract between the data subject and the controller or if it is based on the data subject’s explicit consent.

9.7 Right to be informed of personal data breaches

Data subjects have the right to obtain information about personal data breaches. The right applies if the breach is likely to result in a high risk of adversely affecting data subjects’ rights and freedoms, in the form of identity theft, fraud or other criminal activity, for example.

9.8 Right to lodge a complaint

If a data subject considers that the processing of personal data relating to them infringes the GDPR, they have the right to lodge a complaint with a supervisory authority, who in this case is primarily the data protection ombudsman.

9.9 Right to compensation

If a data subject suffers material or non-material damage as a result of an infringement of the GDPR, they have the right to receive compensation from the controller or processor for the damage suffered. The controller or the processor is exempt from liability if it proves that it is not in any way responsible for the event that gave rise to the damage.

10. Cookies
We use cookies on our website. A cookie is a small text file that is sent to the user’s computer and stored on it. It enables the website administrator to recognise users who visit the website often, makes user login easier and also makes it possible to profile and collect combined data on the visitors. Cookies do not harm users’ computers or files. We use cookies to improve the content of our website.

If users visiting our website do not want us to obtain the above-mentioned data using cookies, most browsers allow cookies to be disabled. For example, users of Internet Explorer can manage cookies via Tools -> Internet Options -> Privacy. Some cookies may be necessary for the functioning of our website and the services we provide