Citec Group Privacy Policy

1. Registrar

Citec Oy Ab (”Registrar”)

Business identity code: 1866176-3
Address: Silmukkatie 2, 65100 Vaasa, Finland
Phone: +358 6 3240700
Contact person: Harri Viertola

This Privacy Policy describes the way how Citec Group companies collect, hold and use information of individuals who visit and use Citec websites and services.

2. The use of personal data

The Registrar handles personal data to the extent required for the following purposes:

  • to perform engineering and technical documentation services to Citec customers and business partners,  and to ensure good cooperation and communication between Citec and its business and media partners
  • to develop the customer service and business
  • for marketing purposes, including direct marketing
  • for recruitment purposes
  • for analyzing and for compilation of statistics
  • to follow and analyze the website traffic
  • to develop the user experience of the website

3. The information content and groups of personal data of the register

Information about the contact person and employees of the customers, business partners and media, and information about contact persons and employees of potential customers and business partners and information about the users of the Citec Group websites can be stored in the registers. We also handle information concerning potential employees and job applicants of Citec Group.

The following information about the registered can be handled in the register:

  • The name and title of the individual
  • Contact details (phone number and e-mail address)
  • The name, contact details and area of business of the enterprise
  • CV related information concerning potential employees and job applicants
  • Information concerning and other Citec web site and service related visit behavior
  • Technical data and cookies which the registered have sent to the browser and information connected to this

 4.  The regular information sources of the register

The data is normally collected from the registered with the consent of him or her, or from the organization represented by the registered person. Data is also collected when ordering newsletters, when downloading manuals, when leaving a contact request, when applying for an open position, and when using web services (e.g. the websites and social media of the Registrar) and cookies or from data collected when participating in other events. Data may be collected also from public resources such as media, exhibitions or similar events, as well as from market intelligence tools and services.

The data can also be updated by using other person registers such as the person registers of cooperation partners and from authorities and other enterprises to the extent allowed by applicable legislation.

5. Storage of personal data

The Registrar stores personal data only so long as is necessary for achieving the purposes defined in this register description acknowledging the limitations set out in the applicable laws. Due to obligations in the applicable legislation, the data might have to be stored longer than the time period mentioned above. 

Outdated and unnecessary information will be destroyed in an appropriate way. The data will be marked in the register in the same way as the registered has reported it and the data will be updated when the registered reports an update to the Registrar.

6.  Transfer of personal data

The Registrar can use subcontractors and service providers for technical maintenance of the services, for customer service, administration and analyzation, of user data, customer communication or to carrying out different campaigns. Your personal data can be transferred to the subcontractors and service providers of the Registrar insofar they participate in the enforcement of the purposes which are defined in this privacy policy.

Such third parties cannot use your data for any other purposes than the ones defined in this privacy policy and for the purposes which have been defined by the Registrar. The Registrar obliges third parties to keep your information confidential and to keep their data protection at a level high enough to protect your personal data.

To handle the information the Registrar may use service providers which can access the information from outside the EU/EEC, e.g. from the USA. Registrar is responsible for the transfer being done in a legal and adequate way in accordance with the legislation regarding handling of personal data.

Your personal data can be transferred in accordance with the demands set by a competent authority and in accordance with the conditions based on law.

7. Cookies

The websites of the Registrar uses cookies. Cookies are small text files which will be stored at the user computer or in another device.

To develop the websites, the Registrar collects statistics based on Google Analytics service. The cookies of Google Analytics stores information e.g. about how users have found the website (by using a search engine, a direct link etc.), which websites were visited and the duration of the visit on a website. By using this information we are able to develop our website and follow up on new development ventures and how they have succeeded. Statistics is obtained regarding number of users, country, user time, used browser and the content visited.

In addition, the Registrar has adopted the Leadfeeder service. Leadfeeder stores data on how the user have found the website, which sites have been visited and the duration of each visit.

Along with other cookies it is possible to recognize the user of the website. In addition, the Registrar has adopted the MailChimp service to administrate newsletters and e-mails. The information is stored on the MailChimp server, which is placed in a monitored server center.

The user can, if needed, disable cookies in the browser settings. Disabling cookies may lead to some websites reacting slower and the access to some websites being blocked completely.

8. The rights of the registered


Right to access

The registered has the right to control their data which is being stored by the Registrar. The right of access can be denied on the grounds prescribed in the applicable legislation. As a starting point, the right of access is free of charge.

Right to oppose and limit

The registered has the right to oppose the handling of data that concerns the registered if the registered considers that the Registrar has handled the data illegally or that the Registrar does not have the right to handle data concerning the registered.

The right to oppose does not apply to the extent handling of the data is necessary for the Registrar to fulfil its legal obligations or necessary on other legal grounds.

Right to eliminate

The registered has the right to have wrongful data corrected or imperfect data complemented. The registered also has the right to demand data which concerns the registered to be deleted from the register of the Registrar.

The right to eliminate does not apply to the extent handling and storing of the data is necessary for the Registrar to fulfil its legal obligations or necessary on other legal grounds.

Right to transfer

Insofar the registered themselves have delivered data to the register of Registrar, and this data is handled on the basis of the consent of the registered or an assignment, the registered has the right to get this data in mainly electronic form and the right to transfer this data to another Registrar.

Prohibition against direct marketing

The registered has the right to prohibit that his or her data is used for direct marketing purposes.

Right of appeal

The registered has the right to appeal to the competent regulatory authority in case the Registrar has not complied with the applicable regulation of data protection.

Other rights

If data is handled on the basis of the consent of the registered, the registered has the right to withdraw the consent by informing the Registrar about this in accordance with section eleven in this privacy policy.

9. Contact

The registered shall send a request regarding the registered’s rights to the e-mail address mentioned in section 1.

The Registrar may ask the registered to specify the request and to prove the registered’s identity before the enquiry is handled. The Registrar can refuse to fulfil the request on grounds specified in the applicable legislation.

Registrar will answer the request within one (1) month from the date when the request was made.

10. Automatic decision making and profiling

The data in the register is neither used for automatic decision-making nor for profiling.

11. Principles for protecting the register

Protecting registered data is important for the Registrar. The data is stored in electronic systems, which are protected by firewalls, passwords and other technical solutions. Only the staff of the Registrar and other defined persons who need the data for the purposes of performing their assignments have access to the register. We ensure at all times strict confidentiality when processing personal data.

12. Changes in the privacy policy

The Registrar is constantly developing its business and therefore reserves the right to make changes to this privacy policy by informing about this on its website. Changes may also need to be made because of changes in the applicable legislation. Registrar recommends the registered individuals to familiarize themselves with the privacy policy on a regular basis.

(The privacy policy is updated 17.5.2018)