1. Data Controller

Name: PoweResta Oy

Business ID: 3090696-2

Postal Address: PL 1, 40321 JYVÄSKYLÄ

Email: info@poweresta.com

Phone: +358 10 508 8580

2. Contact Person Responsible for the Register

Name: Tomi Laamanen

Email: info@poweresta.com

Phone: +358 10 508 8581

3. Name of the Register

The website of PoweResta Oy.

4. Purpose of Data Collection

The legal basis for processing personal data, in accordance with the EU General Data Protection Regulation (GDPR), is the individual’s consent (documented, voluntary, specific, informed, and unambiguous).

The purpose of processing personal data submitted through the Contact Us and Download Brochure forms is communication with customers, maintaining customer relationships, and marketing.

Additionally, data collected on this website is used for:

• Technical reasons to ensure website functionality.

• Website usage analysis and digital marketing.

The data is not used for automated decision-making or profiling (Article 22 of the GDPR).

5. Content of the Register

The data stored in the register includes:

• Name

• Company/organization

• Email

• Phone number

• Submitted messages

• IP address of the connection.

6. Regular Data Sources

Data is collected using the Contact Us and Download Brochure forms, Google Analytics, and Meta Business services.

7. Regular Data Disclosures and Data Transfer Outside the EU or EEA

Data is not regularly disclosed outside the company. Some of the external service or software providers used by the company may store data outside the EU or European Economic Area (EEA). Data used for website analysis (Google Analytics) and digital marketing (Meta) may be stored outside the EU.

We regularly use the following service providers:

• Domainhotelli Oy

• Google

• Meta

• Microsoft

8. Use of Cookies

We use cookies on our website. A cookie is a small text file sent to and stored on the user’s computer, allowing website administrators to identify frequent visitors and compile aggregate information about users. This feedback enables us to continually improve our website’s content. Cookies do not harm users’ computers or files.

We use cookies to provide information and services tailored to our customers’ needs. Personal data submitted through the Contact Us and Download Brochure forms may be associated with website visitors using IP addresses and cookies.

If a website visitor does not want us to collect the aforementioned information via cookies, most browsers allow the cookie functionality to be disabled in their settings. However, cookies may be necessary for the proper functioning of some of our websites and services.

9. Website Usage Analysis

Our website uses Google Analytics, provided by Google Inc.

Google analyzes website usage on our behalf using cookies mentioned above. Data collected by Google regarding your behavior on our website is transmitted to Google servers in the United States, where it is stored and analyzed. The results are delivered to us in anonymized form. Google is certified under the EU-US Privacy Shield agreement, ensuring an adequate level of data protection when processing data in the United States.

For more information about Google Analytics, refer to:

Google Analytics Terms of Service

Google Privacy Policy and Terms of Service.

10. Digital Marketing

Our website uses Meta Business services, provided by Meta Platforms Inc.

Meta analyzes website and form usage for digital marketing purposes. Collected data is transmitted to Meta servers in the United States. The results are delivered to us in anonymized form. Meta is certified under the EU-US Privacy Shield agreement, ensuring an adequate level of data protection when processing data in the United States.

For more information about Meta Business services, refer to this link.

11. Data Retention Period

Personal data collected through the Contact Us and Download Brochure forms is retained indefinitely.

User and event-level data collected by Google Analytics is automatically deleted from Google’s servers after 26 months.

Meta retains event data for up to two years.

12. Principles of Register Protection

The register is processed with care, and data processed via information systems is properly secured. Data is transferred over SSL-encrypted connections. When register data is stored on internet servers, appropriate physical and digital security measures are in place.

The data controller ensures that stored data, server access rights, and other critical information related to data security are handled confidentially and only by employees whose job responsibilities require it. Access to the data is protected by at least a username and password.

13. Third-Party Services or Content on Our Website

Our website contains services and/or content provided by third parties. When these services are used or third-party content is displayed, related communication data is exchanged between you and the respective service provider.

For details on the extent and purpose of such data processing, refer to the privacy statements of the respective providers:

• Meta

• LinkedIn

• Twitter

14. Right to Access and Correct Data

Every individual whose data is stored in the register has the right to inspect their stored data and request the correction of any incorrect or incomplete information.

If an individual wishes to review or correct their stored data, the request must be submitted in writing to the data controller. The data controller may request proof of identity from the individual, if necessary. The data controller will respond within the time frame specified in the GDPR (typically within one month).

15. Other Rights Related to Personal Data Processing

Individuals in the register have the right to request the deletion of their personal data (the “right to be forgotten”). Registered individuals also have other rights under the GDPR, such as the right to restrict the processing of personal data in certain situations.

Requests must be submitted in writing to the data controller. The data controller may request proof of identity from the individual, if necessary. The data controller will respond within the time frame specified in the GDPR (typically within one month).

16. Privacy Policy Updates

We update our privacy policy from time to time. Updates will be published on this website. All changes take effect when published on the website.

We recommend regularly visiting our website to stay informed about any updates.

Last updated: September 26, 2022.