Data protection policy
In order to ensure the high level of data protection and the lawful processing of personal data, Kaso Oy has drawn the Data Protection Policy based on the principles of data protection and the processing of personal data. Kaso Oy's Data Protection Policy defines the principles and methods in which personal data processed in the company.
Categories of personal data and purposes of processing
Kaso Oy collects and processes only the personal data, which is necessary for Kaso Oy's business functionality, customer relationship management and appropriate commercial purposes.
Kaso Oy collects and handles, for example, following categories of personal data: name, address, telephone number and e-mail address of the customer or customer’s contact person and other necessary information to maintain the customer relationship and guarantee good customer service. Kaso Oy does not collect customer’s personal data belonging to special categories. In addition, Kaso Oy collects and processes the personal data required by the employment relationship management. Personal data, collected by Kaso Oy, maybe also used to fulfil the obligations arising from the law or the instructions of the authorities. Kaso Oy does not use personal data for profiling or other automated data processing.
Collected personal data retains for as long as it is necessary for the purposes specified in this Data Protection Policy. For example, personal data maybe retained, if necessary, even after the termination of the customer relationship to the extent permitted or required by applicable law.
Rights of the Data subject
Principles of security
Kaso Oy has implemented appropriate physical, digital and administrative measures to protect personal data from loss, destruction, misuse and unauthorized access or disclosure. For example, personal data is accessible for relevant personnel. All materials are protected in the Data base system by usernames and passwords. Paper copies are stored in a locked cabinet or in a safe. Data may be disclosed on request to authorities that are legally entitled to access register’s information.
In case of personal data breach
If Kaso Oy becomes aware of a Data Protection Policy violation of the personal data gathered in the company, Kaso notifies if necessary the Data Protection Ombudsman and, in certain circumstances those, whose data have been subject to a breach of privacy.
Transfer of personal data outside the EU or EEA
Kaso Oy does not transfer or disclose personal data outside the EU or the European Economic Area (EEA) consistently. In case of potential transfer or disclosure of personal data outside the EU and EEA, it is carried out in accordance with the requirements of the Data Protection Regulation
Training and guidance
Kaso Oy offers trainings and guidance to ensure that its personnel is aware of the requirements set by the data protection legislation. Every employee in Kaso Oy dealing with personal data must become familiar to instructions of Kaso Oy for the processing of personal data.
If necessary, Kaso Oy's Data Protection Policy will be adjusted to meet requirements of legislation and case law.
This Data Protection Policy has been approved by Kaso Oy's senior management and board and has been communicated to the staff.