This data protection statement applies to STH Steel and the realisation of electronic services.
In this data protection statement, we go through why we process your personal data and what your rights are in the processing of your personal data when you visit our websites, contact us and use our products.
We respect your privacy and undertake to protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Data Protection Act.
This privacy statement was most recently updated on 1.6.2023.
1. Personal Data Controller
STH Steel (hereinafter “we”, “us” or “STH Steel”)
Corporate ID number: 2183564-8
+358 20 741 0190
2. Name of the register
STH Steel’s customer and user register (hereinafter “Register”).
3. Purpose of processing personal data and scope of processing
We collect, store and process personal data in our Register only for the purposes that we have defined in advance and we always ensure that we have a legal basis for storing and processing personal data.
The personal data in our Register is primarily used to offer products, customer communication, business planning and development, management, the maintenance and development of customer relationships and the improvement of user experiences. Regarding the improvement of user experiences, this primarily refers to the maintenance and development of the webpages in order to ensure that the webpages are functional (more information about cookies can be found later in the document).
The processing of personal data is carried out on the basis of your consent, completion of an order and thus the conclusion of a contract, compliance with legal obligations (such as bookkeeping and taxation) and our legitimate interests.
When it comes to marketing our products or other information about our company, the processing of personal data is based on our legitimate interest to promote our business and nurture customer relationships.
The processing of personal data is based on our legitimate interest to nurture customer relationships and gain new customers.
In connection with contact requests via, for example, various social media channels such as Facebook and Instagram as well as via email, text messages and the communication tools like WhatsApp, we undertake not to process any sensitive data through these various social media channels.
4. Data we collect
On our website, we may need to collect personal data when certain features are to be used. We process the following categories of personal data in our Register for the purposes referred to in paragraph 3 above:
Contact Form/Job Application Form
When you visit our website, an encrypted connection (HTTPS) is created between the website and the visitor’s browser. This means that any data submitted via a form, for example, cannot be read by any unauthorised person when this data is transferred from the browser to the website.
Our website and the third-party services we use store cookies in your browser, provided that you choose to accept this. You can view the data on the website even if you declined the storage of cookies, but some features may not work as intended. Most browsers accept cookies automatically. Go to the Help menu in your browser for instructions on how to disable cookies.
Here you can read about the cookies that Google stores in your browser. Google Analytics is only active if the user has given permission for us to store cookies in the browser.
LinkedIn Insight Tag
Here you can read about the cookies that LinkedIn stores in your browser. LinkedIn Insight Tag is only active if the user has given permission for us to store cookies in the browser.
Here you can read about the cookies that Meta stores in your browser. Meta Pixel is only active if the user has given permission for us to store cookies in the browser.
Here you can read about the cookies Dealfront stores in your browser. Dealfront is only active if the user has given permission for us to store cookies in the browser.
Provided that the visitor has given us permission to do so, we collect anonymous data to help us understand how the website is used. This also enables us to improve our services. This data is collected using Google Analytics, LinkedIn Insight Tag and Meta Pixel. You can read more about this at the bottom of the page.
A large part of the data in our Register consists of data that the registered subjects themselves provide via orders or via e-mail and the like in connection with the customer relationship.
Please note that what determines what personal data is processed, and the scope of this processing, is your status, for example whether you act as a customer or a website visitor.
5. Who we share the collected data with
Contact form and application form
The data provided via the contact form or the application form is not shared with any third party. A very small number of people have been trusted to read and process the data that visitors submit through the website.
When a user sends data, the submitted data is transported over an encrypted connection between the browser and the website (HTTPS). The website then encrypts the data and stores it. The stored data from the website can only be read by those entrusted with a login and an additional password for decryption.
We use Google Analytics to store statistics on our visitors. Google Analytics creates a profile of the visitor by collecting anonymous data, such as the browser used and the type of hardware used.
When you visit the website, information is transferred to Google, which processes the information as an independent data controller. Data about website visitors is transferred to Google, which processes the data as a data controller for its own purposes. Google may also combine the data with its other information about the visitor. For indirect identification, Google uses the visitor’s unique identifier (IP address) to identify users, but it is also possible to link this IP address directly to a natural person, for example when logging into a Google account.
Please note that when you are logged into a Google account, Google collects even more unique identifiers about you, such as identifiers that identify your device, information about the browser or application you use, advertising identifiers for Android or IOS mobile users, language choice, your network of friends and your most popular YouTube videos.
Google uses data collected about website visitors for at least the following purposes:
– positioning (country, city, business or community-owned network)
– visitor behaviour on the website
– visitors’ interests on the website
– retargeting and advertising.
Clearing cookies: The registered user can clear cookies from the browser settings. By clearing cookies periodically, the user changes the set of data used to form a profile of the user. However, clearing cookies does not stop the data collection completely, but rather resets the profile based on previous behavioural data.
LinkedIn Insight Tag
We use LinkedIn Insight Tag to store statistics on our visitors and to target our marketing.
No personally identifiable information is collected by LinkedIn Insight Tag.
We use Meta Pixel to keep statistics on our visitors and to target our marketing.
No personally identifiable information is collected by Meta Pixel.
We use Dealfront to keep statistics on our visitors and target our marketing.
Read Dealfront’s Privacy Notice to find out how they use the information we share with them.
Any transfer of your personal data to third parties is based on written agreements that ensure that your personal data is protected. We disclose personal data to authorities in accordance with the legal obligations imposed on us.
We do not process personal data outside the EU/EEA area.
6. This is how long we store collected data
Data collected through the contact forms is stored on the website for at least one (1) year. In other cases, your data is saved for as long as it is needed for the purpose for which it was collected or as required by law. It is, therefore, not always possible to define the storage period in advance.
However, we may be obliged to retain some of our customers’ personal data in order to comply with the Accounting Act or other mandatory legislation even after the customer or user relationship or any other basis for processing personal data has ended.
7. The users have full control over their data
The users have full control over their data. This means, for example, that you have the right at any time to request a statement of what data we possess regarding the user. You also have the right to request that the data be deleted.
As a starting point, there is no cost attached to exercising the rights you have as a data subject. However, we reserve the right to charge a reasonable fee if the request is repetitive in nature or manifestly unfounded or unreasonable.
If you wish to exercise your rights as a data subject, please contact [email protected].
8. How we protect collected data
By taking organisational and technical measures, we ensure we ensure that all your data is safe, protected from unauthorised processing and not destroyed, deleted, altered or unlawfully transferred. The software that powers the site is continually updated to address security vulnerabilities that are revealed over time. The traffic between the visitor’s browser and our server is encrypted.
Persons who process personal data are obligated to maintain professional secrecy and confidentiality. The data is stored in databases, which are protected by usernames and passwords and technically protected by firewalls.
Contact details of the supervisory authority:
Tietosuojavaltuutetun toimisto (Information Commissioner’s Office)
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki, Finland
Switchboard: 029 566 6700
Registry Office: 029 566 6768