To front page
To front page

Hardware store customer register

Data controller

SOK Corporation

Purpose of personal data processing

Personal data is processed as part of the sale and delivery of hardware store products and services to the customer, as well as the development of services. Personal data is processed when sales orders are recorded for each customer and forwarded to the potential supplier for delivery.Personal data is also processed for after-sales service and for mapping the functionality of the service.With cash transactions, we collect the “know your customer” information required by the Anti-Money Laundering Act from the customer if a certain amount is exceeded.

The personal data processed

The following data is processed for customers: • name • address • email • phone number • the “know your customer” information required by the Anti-Money Laundering Act • communication with the customerIn addition to the above, the following data is processed concerning regular hardware trade customers: • information on co-op membership • information about the project, address of the construction site • the customer’s interests • direct marketing consents and prohibitions • purchase history • customer group • pricing • S-Etukortti card number • co-op membership number • customer classificationFor business customers’ contact persons, we process the contact person’s name and contact details.

Basis for processing personal data

Personal data is processed for the performance of an agreement. When sending direct marketing, the processing of personal data is based on the consent of the data subject.The person has the right to withdraw their consent for direct marketing if they so wish. The withdrawal of consent has no effect on the lawfulness of the processing of personal data based on consent conducted prior to the withdrawal. Withdrawal of marketing consent is done by contacting the data controller specified in this policy.In certain cases, we are also obligated under anti-money laundering legislation to know our customers, in which case the processing of personal data is based on a legal obligation.

Where do we obtain the personal data?

We receive personal data from the customers themselves.

Recipients of personal data

The personal data is processed in digital systems and services for the purposes specified in this privacy policy. We use external service partners in the provision of system and support services. Personal data can be transferred to the service providers used insofar as the service providers participate in the implementation of measures within the framework of the relevant assignment.Personal data may be disclosed to regional cooperatives within S Group for customer relationship management purposes. Information on purchases is disclosed to the invoicing department of the cooperative for invoicing based on the hardware trade account agreement, as well as to the S Group co-op member and customer register within the Bonus awarding terms and conditions automatically to the S-Etukortti membership number that the customer has indicated on the agreement.We ensure that our partners protect personal data sufficiently as required by law.We may disclose data to the authorities within the limits allowed and required by valid legislation, such as when answering the authorities’ requests for information.

Transfer of personal data to third countries or international organisations and the data protection safeguards used

We do not transfer personal data to third countries outside the European Union or the European Economic Area or to international organisations.

Period for storing personal data or criteria for determining the storage period

We store your personal data related to the hardware trade for the duration of the customer relationship. After the end of the customer relationship, the retention period depends on the personal data and the purpose for which it is used. The customer register of SOK’s hardware trade stores data in two different ways, depending on the type of customer.The data of a one-time hardware trade customer (a customer whose data is stored in the customer register for a fixed period due to the nature of the customer’s purchases) is stored for 6 months or for the time necessary to manage the customer relationship.The data of a regular hardware trade customer (a customer whose data is stored in the customer register) is stored for 6+1 years.”Know your customer” data is stored for five years from the end of the regular customer relationship or the completion of the business, as defined in the Anti-Money Laundering Act.

Rights of the data subject

The data subject has the following rights: • Right to access personal data • Right to rectification of data • Right to erasure • Right to restrict processing • Right to object • Right to withdraw consent • Right to data portability If a data subject wishes to exercise their rights or to obtain further information about the processing of their personal data, they can contact the controller named in this privacy policy.Data subjects also have the right to lodge a complaint with the supervisory authority if they deem that the processing of their personal data violates the applicable data protection regulations.

The effects on the contract of not providing personal data

Not providing personal data prevents the following actions: - The hardware store cannot notify the customer when the ordered product has arrived and is available for collection - The hardware store cannot grant the customer personal offers - The customer's purchase history is not saved. Retaining the data accordingly enables the examination of one's own product purchases, for example for the purpose where information on previously used building materials is important when making new product selections.

General description of technical and organisational safety measures

We protect the personal data for the whole duration of its life cycle by using appropriate security measures. At S Group, we protect personal data with, among other things, anticipatory risk management and security planning, data communication protection means, the continuous maintenance of information systems and backups, and by using secure hardware facilities, access control and security systems. The granting and monitoring of user rights is a well-managed process. We regularly provide training for our personnel who participate in the processing of personal data, and ensure that our partners’ personnel also understand the confidential nature of personal data and the importance of secure processing. We select our subcontractors with care. We continuously update our internal practices and guidelines.If, despite all of our safeguards, we detect a data security breach concerning personal data, we will immediately begin investigating the matter and strive to prevent any damage. We will inform the relevant authorities and data subjects of any data security breaches in accordance with legislative requirements.

Contact details of the data controller

Postal address: P.O. Box 1, FI-00088 S-RYHMÄ, Finland S Group’s co-op member service: +358 10 76 5858 Street address: Fleminginkatu 34, FI-00510 Helsinki, Finland Business ID: 0116323–1 tietosuoja.rautakauppa@sok.fi

Contact details of the data protection officer

tietosuojavastaava@sok.fi