Privacy statement

High Metal Oy - data of the data controller and personal data processor

High Metal Oy
Business ID: 1604302-1
+358 44 360 0030
info@highmetal.fi
Linjatie 3, 01260 Vantaa

Contact point for matters related to the data protection regulation:
High Metal Oy, Linjatie 3, 01260 Vantaa

Definitions

Personal data* means all data related to an identified or identifiable natural person, hereinafter the registered person; an identifiable natural person is considered to be a natural person who can be directly or indirectly identified especially on the basis of identification information such as name, social security number, location information, online identification information or one or more physical, physiological, genetic, psychological, economic, cultural or social factors characteristic of him.

Personal data processing* refers to an activity or activities that are applied to personal data or data sets containing personal data, either using automatic data processing or manually, such as collecting, storing, organizing, structuring, storing, modifying or changing, searching, querying, using, disclosing data by transferring, distributing or otherwise making them available, matching or combining, limiting, deleting or destroying the data.

The controller* refers to a natural person or legal entity, authority, agency or other body that, alone or together with others, defines the purposes and means of personal data processing.

Personal data processor* means a natural person or legal entity, authority, agency or other body that processes personal data on behalf of the controller.

High Metal's public ICT services

High Metal has public internet services at the following addresses and documents related to the data protection of service providers by subsection:
Company website:: https://highmetal.fi
LinkedIn: https://www.linkedin.com/company/high-metal-group/
(https://www.linkedin.com/legal/privacy-policy)

ICT technology is used in these internet services, with the help of which the user can be identified and the information can be used to offer the user the services offered by High Metal. Social media services are located in the service providers’ own ICT infrastructure, and the service providers collect according to their own conditions, regardless of High Metal.

High Metal's general rights and obligations as a data controller

is responsible for collecting personal data
processes personal data legally, carefully and in accordance with good data processing practices, and otherwise acts in such a way that the protection of data subjects’ private life and other basic rights that protect privacy are not restricted without a basis provided for by law
defines the purposes and means of personal data processing and gives the Customer written instructions on the processing of personal data. The purpose of personal data processing must state what kind of tasks (e.g. marketing communications) personal data is processed for
is responsible for providing registered users with all notifications and information regarding the processing of personal data required by legislation
is responsible for the fulfillment of registered rights
ensures that the transfer of personal data to High Metal and the processing of personal data is in accordance with the law
confirms and is responsible for ensuring that the processing of personal data complies with the requirements set by legislation, including information security requirements
is responsible for ensuring that corrections, deletions and changes to personal data are delivered without delay

High Metal's general rights and obligations as a processor

processes personal data only for the purposes specified in the assignment agreement or based on consent, only to the extent necessary
processes personal data legally, carefully and in accordance with good data processing practices, and otherwise acts in such a way that the protection of data subjects’ private life and other basic rights that protect privacy are not restricted without a basis provided for by law
processes and ensures that a subordinate who has access to personal data only processes personal data in accordance with documented, lawful and reasonable instructions provided by the Customer, unless otherwise required by applicable law
to ensure that personal data is processed only by those persons whose work duties require it and that the persons in question are committed to complying with the obligation of confidentiality or are bound by an appropriate statutory obligation of confidentiality
implements all the security measures required by the legislation from processors of personal data
maintain the necessary reports/accounting of processing operations

Purposes of processing

Marketing and sales

Description of registered groups:
Contact persons of active customers, contact persons of potential customers, persons who have participated in events such as webinars or events, persons who have downloaded downloadable content such as guides, persons belonging to the cooperation network.

Description of personal data groups:
Name, position in the organization, phone number, e-mail address, business cards, information about sent communications, information about content downloaded by the data subject, interests of the data subject.

Reference to the personal data processing agreement concluded with the personal data processor:
Agreement and personal data processing agreement drawn up with the customer. In the case of representatives of potential customers and other persons, the processing of personal data is based on the unequivocal or explicit consent of the data subject or High Metal’s legitimate interest.

Description of the technical and organizational security measures according to Article 32, paragraph 1 of the Data Protection Regulation:
Access control to marketing tools with a centralized password service. All employees of High Metal have a valid non-disclosure agreement and they have been instructed on how to handle personal data. High Metal’s employee’s level of access and access to information is determined by his job duties, and he is only given access to necessary information and systems.

High Metal’s employee’s level of access and access to information is determined by his job duties, and he is only given access to necessary information and systems.

High Metal does not process customers’ personal data registers in its own systems without the customer’s separate request and instructions. However, if the customer delivers a file containing personal data to High Metal, High Metal removes it from its own hard drives and informs the customer of this and instructs where and how the personal data should be properly delivered.

The IT systems owned by High Metal all have appropriate encryption and are password protected, and their data security is maintained and updated appropriately.

Else:
High Metal does not process special personal data
Information is not transferred to third countries or international organizations.
Information is stored for the entire life cycle of High Metal and information is not destroyed.