Privacy Policy
This is the register and privacy policy of TimberNova Oy in accordance with the EU General Data Protection Regulation (GDPR).
Updated 10 February 2026.
Controller
TimberNova Oy
Business ID: 2875779-3
Lappalansalmentie 187
71890 Hamula
Finland
Email: info@timbernova.fi
Phone: +358 40 094 9659
Website: https://www.timbernova.fi/
Contact person for data protection matters:
Jukka Puurunen
jukka.puurunen@timbernova.fi
+358 40 094 9659
Name of the Register
TimberNova Oy Customer and Contact Register
Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is:
- data subject’s consent
- a contract or preparation of a contract
- legitimate interest of the controller in managing the customer relationship
The purpose of processing personal data is:
- communication with customers
- managing and maintaining customer relationships
- preparing offers, contracts and invoicing
- marketing and communication
Personal data is not used for automated decision-making or profiling.
Content of the Register
The register may contain the following information:
- name
- company and job title
- phone number
- email address
- billing information
- information related to customer relationships and assignments
Personal identity numbers are not stored.
Data is retained for the duration of the customer relationship and for the period required by accounting legislation and other applicable laws. The data subject may request deletion of their data by contacting us via email.
Cookies
The website may use cookies. A cookie is a small text file stored on the user’s device when visiting the website.
Cookies are used to:
- analyze website usage
- improve user experience
- develop services
The user may block cookies through their browser settings. The website may also use third-party analytics and marketing services.
Regular Sources of Information
Data stored in the register is obtained from:
- website contact forms
- telephone
- contracts
- customer meetings
- other situations where the customer provides their information
Disclosure and Transfer of Data Outside the EU or EEA
Personal data is not regularly disclosed to third parties.
Data may be transferred outside the EU or EEA if required by the systems or service providers used. In such cases, an adequate level of data protection is ensured in accordance with the EU General Data Protection Regulation.
Principles of Data Protection
Due care is taken in processing personal data.
Electronic data is protected by appropriate measures:
- usernames and passwords
- firewalls and technical security solutions
- restricted access rights
Only persons whose job duties require it have access to personal data.
Rights of the Data Subject
The data subject has the right to:
- access their personal data
- request rectification of inaccurate data
- request deletion of data
- restrict processing of data
- object to processing
- lodge a complaint with a supervisory authority
Requests must be submitted in writing to the controller. The controller may request verification of identity if necessary. Responses are provided within the timeframe required by the EU General Data Protection Regulation, generally within one month.