Register and confidentiality policy
This is a register and confidentiality policy of NewPaakkola, which is in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Updated on 10.4.2025.
1. Registrar
NewPaakkola Oy, Itäpuolentie 387B, 95300 Tervola
www.newpaakkola.com, +358 44 468 4242
2. Contact information for the registrar
3. Name of the register
NewPaakkola’s contact form on the company’s website.
4. Legal basis and purpose of the processing of personal data
The information received via the contact form on the website will only be used for handling the ongoing case. The information is not used for automated decision-making nor profiling.
5. Information content in the register
The information sent through the contact form on the website, e.g., contact information, will only be used to handle the customer’s case. The data is deleted immediately when it is no longer needed.
6. Regular sources of information
The information is obtained via the contact form. The initiative lies with the customer.
7. Regular data transfers and data transfers outside the EU or EEA
Information is not regularly disclosed to other parties.
8. Security principles of the registry
Employees have a duty of professional secrecy and are obliged to follow the internal safety guidelines. Access to data is limited.
9. Right of access and right to request correction of information
Anyone who has sent a message through the contact form has the right to check their own information stored in the register. The request for verification must be sent in writing to the data controller. If necessary, the data controller can ask the customer to prove their identity. The controller will respond to the customer within the time limit specified in the EU Data Protection Regulation (usually within one month).
10. Other rights related to the processing of personal data
Anyone who sends a message using the contact form has the right to request the removal of their personal data from the register (”Right to be forgotten”). The data subjects also have other rights under the EU General Data Protection Regulation, such as restrictions on the processing of personal data in certain situations. The request must be sent in writing to the data controller. If necessary, the data controller can ask the customer to prove their identity. The controller will respond to the customer within the time limit specified in the EU Data Protection Regulation (usually within one month).