About

brdMaker Oy (”brdMaker”) is a company specialized in manufacturing and selling mechanical, electronical devices and components.
As a quality driven company, we have implemented a wide range of practices and solutions to ensure that your personal data is processed just the way it should be – securely and safely.
This Privacy Policy gives you a clear overview on how we at brdMaker process your personal data and how data subjects’ rights are protected.

Company details and contact information

brdMaker Oy
Thilmanintie 3
39610 Kovelahti
FINLAND
Business ID: 2966129-1
VAT number: FI29661291
Contact Person:
Kristiina Heikkinen
Email: info@brdmaker.com

For what purposes we may process your personal data?

We process personal data only for specific predefined purposes.
The purposes for processing personal data vary from automatically collected anonymous analytics data to billing and shipping information required to deliver your order. However, all data is processed solely for a specific predefined and transparent purpose.
At brdMaker, we have divided the processed data into three data groups;
1)     We require certain information in order to process orders, deliver products, and to manage relationships with our customers (Customer Data);
2)     We may process your information for marketing purposes (Marketing Data);
3)     We may collect and allow third parties to collect information about how you use and interact with our website and services online (User Data);
We may also collect information to develop, research and analyze the efficiency of our services.

What type of information we process in each data group?

First of all, personal information subject to processing may only include information that is necessary and relevant for the purpose it was collected. Each data group have their own purposes for collecting and processing personal data. Below you will find more detailed information about the processed information regarding each data group.
Customer Data
We only collect personal information related to Customer Data that is necessary to deliver the services or products ordered and to manage the customer relationships throughout their lifetime. Customer data may include the following types of personal data:

  • first name and surname;
  • name of the company;
  • contact details (postal address, city, region, country);
  • email address and phone number;
  • information related to the services ordered; and
  • billing and payment information.

Marketing Data
We may also collect personal information that is necessary for marketing purposes. All marketing data is combined into a separate marketing register that might include the following information.

  • name;
  • contact details (email, phone number, address of the company);
  • profession/position in the company;
  • information related to interested services; and
  • marketing prohibitions.

User data
We may collect and allow third parties to collect information about how you use and interact with our website. We are committed to only use third-party applications that are committed to the high standards of data protection laws in the European Union.
Example of a third-party providers of analytics service we currently use is Google Analytics. The service collects anonymous data allowing us to understand how our website visitors find our websites and enables us to improve our digital presence. More information about Google Analytics can be found here: https://analytics.google.com/analytics/web/.

How long is the personal data stored?

We store personal data only for the period necessary for the processing purpose. Therefore, the retention period of personal data depends on the purpose it was collected.
Customer Data is stored as long as the data subject remains the customer or partner with our company and maximum of five years after the termination of such relationship, unless it is required by law to store the information for a longer period of time. Email communication is retained for seven years and billing information for seven years.
Marketing Data is stored as long as brdMaker uses it for Marketing purposes. All information is reviewed at minimum once in every two-year period whereas any incorrect or outdated information is removed or updated. Data subject has right to request removal of his/her information from Marketing register at any time.

Who has access to personal data and how the data is protected?

brdMaker takes privacy and security of data extreme seriously. Personal data is stored only in highly protected environments in safe and secure manner.
All processed data is protected with proper technological and organizational safety measures. In practice this means that all IT-systems are protected using adequate safety precautions and access to any system is limited only to a specific group of users who have been properly trained.
Any data that is stored manually is stored in locked space in company premises with access given only to the employees that have right to access such data.
Any data stored in IT-systems is accessible by only those employees that have right to access it and require the access to information in order to process it. Anyone with such access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations. All data sets in electronic form are stored in servers that are protected with usernames and password, firewalls and other adequate solutions. Servers and backups are located in closed and supervised premises and accessible only by authorized persons that need access to them.
All brdMaker employees are subject to strict contractual confidentiality obligations.

How is personal data collected and what is the legal bases for the processing?

In all data groups, the data collected is mostly collected from the data subject herself.
Customer Data is collected from the data subject at the time of purchase, order or signing the partnership agreement. The legal basis for Customer Data is based on the contractual relationship between the data processor and the client/partner. Customer Data may also be processed for legal obligations or to protect brdMaker’s contractual rights.
Marketing Data is collected from the data subject herself, public sources and commercial registries. The personal data of data subjects who have not provided their consent for marketing beforehand are processed using principles of direct marketing whereas the legal basis for processing data is based on the legitimate interests of brdMaker.

Is my data transferred to a third party or outside the EU or EEA?

Data processed by brdMaker is not transferred to or shared with any third party, unless it is necessary for the usability of IT-systems or to fulfil legal or contractual obligations of brdMaker.
Any transfer and requirements for processing of personal information collected by brdMaker by another processor is secured with contractual terms. If the data is transferred outside the EU or EEA, brdMaker has taken necessary steps to ensure the level of privacy in the country in questions by using only the service providers that are certified with the widely recognized mechanisms such as the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, or by using standard contractual clauses laid down by the Commission of the European Union.

What are the rights of the data subject?

Data subjects have a wide range of rights to ensure that their personal data is processed as required by the law.
For instance, the data subject has the right to obtain information what kind of personal data is processed and have access to their data. The data subject has also the right of rectification or removal of the data and to prohibit processing of the data. All request must be sent in writing to the contact information provided above. Requests must be specific and precise and clearly communicate what information and who the request concerns.
In addition, the data subject has the following rights:
–          right to data portability;
–          to object to the processing of their data;
–          not to be subject to a decision based solely on automated processing; and
–          right to the erasure of their data and to be forgotten
The data subject has also a right to lodge a complaint with a supervisory authority if she considers that processing of her data has violated her rights under the General Data Protection Regulation or other applicable law governing the processing of personal data and privacy.
More information about lodging the complaint with Finnish supervisory authority can be found here: https://tietosuoja.fi/en/notification-to-the-data-protection-ombudsman