for Romu Keinänen Oy’s
Data Act, 523/1990, Sections 10 and 24).
(Policy created 1/3/2018)
1. Controller of the register
Romu Keinänen Oy (hereinafter ”Romu”)
Business ID: 1635143-8
Mänkimiehentie 13, 02780 Espoo
Phone: 0201 443 685
2. Person handling register-related
c/o Romu Keinänen Oy
Phone: +358 201 443 685
3. Name of the register
Customer Register based on Romu Keinänen’s customer accounts and other
4. Intended use of personal data
Personal is processed for the payment of scrap purchases, official requests
of annual purchases, handling and analysing customer accounts and other
appropriate matters, producing and personalising services, development and
design of business, as well as marketing, remote sales, opinion and market
surveys and customer communications, which may also be carried out
electronically or in a targeted manner.
Personal data may be processed within the scope allowed by applicable
legislation for the marketing purposes of companies belonging to the Romu
Group, or partners that have been selected by Romu; such marketing purposes
include direct marketing, remote sales and opinion as well as market surveys.
The disclosure of personal data to partners may, in principle, only occur for such
purposes that support the operating principle of the register, and where the
intended use of such data is not incompatible with Romu’s intended uses.
Romu may use the location details of a user’s terminal device for all of the
purposed indicated above in this paragraph, however in principle to offer service
based on the user’s location or to enable an internal analysis concerning the
user’s activities, subject to the fact that the user has expressly provided Romu
with consent to use location details, or if consent to use location details is
unambiguously indicated in context of the user with Romu, or if details
concerning location are anonymous. Users may revoke their consent at any
time by removing the cookie history of their own browser.
General requirement for the processing of personal data: Points 1, 2, 5, 6 and 7
of Section 8 Subsection 1 of the Personal Data Act.
5. Data content of the register
The following details in the register can be processed for all registrees:
• first and last name
• contact details (postal address, phone number, email address)
• start and end date, as well as method of a customer account and/or
• end part of social security number
• change details of data specified above
In addition to the data listed above, the following details in the register can be
processed for those who have purchased a product and/or service:
• customer number
• social security number
• invoicing and collection details
6. Regular data sources
Personal data concerning registrees is collected directly from the registrees.
7. Disclosure and transfer of data
On the basis of the register controller’s consideration, data can be disclosed
within the scope and requirements of valid legislation, for example, to Romu’s
partners, unless the registree has denied the disclosure of data. The disclosure
of personal data may, in principle, only occur for such purposes that support the
operating principle of Romu’s customer register, and where the intended use of
such data is not incompatible with Romu’s intended uses.
Data may also be disclosed in a manner required by the requirements of
competent authorities or other parties, based on valid legislation, as well as for
historical or scientific research, provided that the data has been transformed in
to an unidentifiable format.
Data may be disclosed to buyers in connection with corporate acquisitions, if
Romu sells or organises its business operations.
Data may be transferred to register controller-selected partners that process
data on behalf of the register controller, on the basis of a cooperation agreement
concluded between the parties. In this case, the data processor does not have
the right to process the transferred data for its own purposes, in its own personal
In principle, data is not transferred outside the European Union’s member states
or outside the European Economic Area, unless it is necessary for the purposes
of personal data processing indicated above or for the technical implementation
of data processing, in which case the requirements of the Personal Data Act
shall be observed in the transfer of data.
Romu may transfer data contained in the register to its own direct marketing
registers after the conclusion of customer accounts or appropriate matters.
8. Protection of the register
The data included in the register that is electronically processed is protected by
means of firewalls, passwords and other technical methods that are generally
accepted in the data security sector. Manually maintained documentation is
located in premises to which access is prohibited to unauthorised persons.
Only the identified register controller and employees of companies that have
been assigned and are working on behalf of the register controller, have access
to the data contained in the register after being granted user rights by the
9. Right to review, deny and amend
Registrees have the right to review, in accordance with the Personal Data Act,
what personal data has been stored in the register. At the request of the
registree, we shall perform the necessary amendments and supplements to the
personal data or we shall remove the data that is incorrect, unnecessary,
incomplete or outdated in terms of the purpose of processing. The review and
update of data takes place by contacting our customer service. The request
must be in writing and must be signed.
Registrees have the right to deny the processing of data concerning them as
well as the disclosure for direct marketing, remote sales and other direct
marketing, as well as market and opinion survey purposes, by contacting our
Romu continuously develops its business operations and, therefore, reserves
Changes may also be based on amendments to legislation. Romu recommends