ABP-Client 200 x 200

| Abarth | Alfa Romeo | Aston Martin | Audi | Bentley | BMW | BYD | Cadillac | Chevrolet / Daewoo | Chrysler | Citroën | Corvette | Cupra | Dacia | Daihatsu | De Tomaso | Dodge | Dongfeng | DS | Ferrari | Fiat | Ford | GM USA | GMC | Honda | Hongqi | Hummer | Hyundai | Ineos | Infiniti | Isuzu | Iveco | Jaguar | Jeep | Kia | Lada | Lamborghini | Lancia | Land Rover | Lexus | Lotus | MAN TGE | Maserati | Maybach | Maxus | Mazda | McLaren | Mercedes-Benz | MG | Mini | Mitsubishi | Morgan | Nio | Nissan | Opel | Peugeot | Polestar | Porsche | RAM | Range Rover | Renault | Rolls Royce | Rover | Saab | Seat | Seres | Škoda | Skywell | Smart | SsangYong / KGM | Subaru | Suzuki | Toyota | TVR | Volkswagen | Volvo | Voyah 

Privacy policy

Privacy Policy of Autobodyparts Oy

The controller is obliged under the General Data Protection Regulation to inform data subjects in a clear manner. This privacy policy fulfills that obligation.

Data Controller

Autobodyparts Oy (Business ID: 0565585-8)

Contact details:

Läntinen teollisuuskatu 6
02920 Espoo
Finland

Contact details regarding registers:

Autobodyparts Oy
Läntinen teollisuuskatu 6
02920 Espoo
tietosuoja@suviagroup.com

Data Subjects

Autobodyparts Oy’s:

  • Current and potential customers
  • Suppliers and partners

Names of the Registers

  • Customer Register
  • Supplier Register

Legal Basis and Purpose of Processing

Legal basis for maintaining the registers:

  • Customer relationship, customer consent, or other relevant connection
  • Supplier relationship

Purpose of processing personal data:

Personal data is processed only for predefined purposes, which are as follows:

The customer register is used for managing and developing customer relationships, customer communication, planning and targeting marketing, developing customer service, monitoring payments, and developing services and business operations.

The supplier register is used for managing and developing supplier relationships and for communication.

Processing of personal data is based on legitimate interest and compliance with statutory obligations.

Personal Data Stored in the Registers

The registers contain the following information:

Customer Register:

Contact details:

  • Name
  • Address
  • Email
  • Phone number

Additional information:

  • Title or professional designation
  • Information on purchased products/services
  • Marketing consents
  • Communication history (including emails and call data), complaints, feedback, etc.

Partners / Supplier Register:

Contact details:

  • Name
  • Address
  • Email
  • Phone number

Additional information:

  • Title or professional designation
  • Communication history (including emails and call data), complaints, feedback, etc.

Rights of the Data Subject

The data subject has the following rights. Requests concerning these rights must be submitted to the contact person mentioned above.

Right of access

The data subject may review the personal data stored about them.

Right to rectification

The data subject may request correction of inaccurate or incomplete data.

Right to object

The data subject may object to the processing of personal data if they believe it has been processed unlawfully.

Right to prohibit direct marketing

The data subject has the right to prohibit the use of their data for direct marketing.

Right to erasure

The data subject has the right to request deletion of their data if processing is no longer necessary. We will process the deletion request and either delete the data or provide a justified reason why the data cannot be deleted.

It should be noted that the controller may have a statutory or other right not to delete requested data. The controller is obliged to retain accounting records for the period specified in the Accounting Act (Chapter 2, Section 10), which is 10 years. Therefore, accounting-related data cannot be deleted before the retention period has expired.

Withdrawal of consent

If the processing of personal data concerning the data subject is based solely on consent, and not, for example, on a customer relationship, the data subject may withdraw their consent.

Right to lodge a complaint with the supervisory authority

The data subject has the right to request that we restrict the processing of disputed data until the matter is resolved.

Right to complain

The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they believe that we are violating applicable data protection legislation.

Contact details of the Data Protection Ombudsman:
https://www.tietosuoja.fi/fi/index/yhteystiedot.html

Regular Sources of Information

Register data is primarily obtained from companies or individuals themselves, from publicly available internet sources, and from databases of commercial customer information systems.

Regular Disclosures of Data

Personal data is disclosed to authorities to fulfill statutory obligations.

As a rule, data is not disclosed to third parties. If disclosures are made, we ensure that all our service providers comply with data protection legislation.

Retention Period

Personal data is generally processed for as long as the customer or supplier relationship is valid and as required by applicable legislation.

The data subject can unsubscribe from our marketing list independently via the link included in each marketing email we send.

Employee data is retained in accordance with employment legislation.

Applicant data is retained for 2 years after the end of the recruitment process.

Shareholder data is retained in accordance with the Limited Liability Companies Act.

Processors of Personal Data

The controller and its employees process personal data. Only employees who require the data for their duties and have the right to process it are authorized to use the data.

We may also outsource the processing of personal data partially to third parties. In such cases, we ensure through contractual arrangements that personal data is processed in accordance with applicable data protection legislation and otherwise appropriately.

Transfers of Data Outside the EU

As a rule, data is not transferred outside the EU or EEA. Data may be stored on foreign cloud servers, in which case the requirements of the General Data Protection Regulation are complied with.

Principles of Register Protection

Any manual material is stored on company premises, accessible only to Autobodyparts Oy personnel. Employee and applicant data is stored taking into account data protection guidelines and the sensitivity of the data.

IT systems are located in Autobodyparts Oy’s closed network, protected by passwords, firewalls, and other technical measures.

Automated Decision-Making and Profiling

We do not use personal data for automated decision-making or profiling.