Register and confidentiality policy

This is a register and confidentiality policy of NewPaakkola, which is in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Updated on 10.4.2025.

1. Registrar

NewPaakkola Oy, Itäpuolentie 387B, 95300 Tervola
www.newpaakkola.com, +358 44 468 4242  

2. Contact information for the registrar

sales@newpaakkola.com

3. Name of the register

NewPaakkola’s contact form on the company’s website.

4. Legal basis and purpose of the processing of personal data

The information received via the contact form on the website will only be used for handling the ongoing case. The information is not used for automated decision-making nor profiling.

5. Information content in the register

The information sent through the contact form on the website, e.g., contact information, will only be used to handle the customer’s case. The data is deleted immediately when it is no longer needed.

6. Regular sources of information

The information is obtained via the contact form. The initiative lies with the customer.

7. Regular data transfers and data transfers outside the EU or EEA

Information is not regularly disclosed to other parties.

8. Security principles of the registry

Employees have a duty of professional secrecy and are obliged to follow the internal safety guidelines. Access to data is limited.

9.  Right of access and right to request correction of information

Anyone who has sent a message through the contact form has the right to check their own information stored in the register. The request for verification must be sent in writing to the data controller. If necessary, the data controller can ask the customer to prove their identity. The controller will respond to the customer within the time limit specified in the EU Data Protection Regulation (usually within one month).

10. Other rights related to the processing of personal data

Anyone who sends a message using the contact form has the right to request the removal of their personal data from the register (”Right to be forgotten”). The data subjects also have other rights under the EU General Data Protection Regulation, such as restrictions on the processing of personal data in certain situations. The request must be sent in writing to the data controller. If necessary, the data controller can ask the customer to prove their identity. The controller will respond to the customer within the time limit specified in the EU Data Protection Regulation (usually within one month).