Retta Oy – Privacy
policy for customer service and customer feedback (incl. complaints)

Retta Oy (”Retta”) provides centralized customer service to its customers, potential customers and stakeholders. The company also processes various customer feedback provided by its customers, including  any complaints against the company. Retta Oy, Business ID 3434128-4 acts as a data controller as specified in data protection legislation. The purpose of this privacy statement is to inform data subjects about the processing of their personal data in regards to customer service, feedback, and complaints. 

Retta is the data processor for the customer service it
provides to its own customers.  In this regard, any data protection requests and enquiries should be addressed to the relevant data controller.

What personal data does Retta process, and for what purpose? 

Retta’s central customer service centre handles provides the customer service for Retta’s customers. Its customer service system records all communications, such as email messages and telephone calls. The recorded data includes the date and time and the customer’s name, telephone number and email address. The system also records the content of email messages and telephone calls. The purpose of using the data is to identify the customer, manage customer service and facilitate contact with customers, verify the content of calls, ensure the quality of customer service, and develop the operations of the customer service centre. 

In the case of complaints (insofar as they may contain personal data), the purpose is the processing of the complaint and usage of Retta’s legal remedies. 


What is Retta’s processing of personal data based on? 

The processing of personal data, as part of customer service and the processing of customer feedback and complaints, is based on the management of the contractual relationship between Retta and the customer insofar as the matter is related to the contractual relationship. Otherwise, processing of personal data is based on the Retta’s legitimate interest. Retta’s legitimate interest is to ensure
the quality of customer service and to develop the operations of the customer
service centre and, in the case of complaints, to protect against the claims
made against Retta. 

Where does Retta obtain personal data? 

As a rule, the data is mainly collected from the data subjects themselves: based on a phone call, an email or a chat conversation initiated on the retta.fi website, or based on previous customer interactions. 

Profiling and automated decision making  

The data subjects’ data will not be used for profiling and will not be subject to automated decision-making measures.  

Data processors and disclosure to third parties 

Personal data may be disclosed within the Retta Group for the purposes of business development or the exercise of legal remedies (processing of complaints).  

In providing services to its customers, Retta uses various systems and thus, various personal data processors.  

Establishing or defending a legal claim may require the disclosure of personal data to an insurance company, legal adviser, or agent. Data may also be disclosed to the authorities as required by law. 

Data is not disclosed to parties outside the European Union or the European Economic Area. 

How long is personal data stored? 

The data recorded in the customer service system is stored for 180 days. Data may be stored for longer to the relevant extent if this is necessary to complete a customer service assignment. 

Customer feedback and complaint materials are stored until they have been processed, or for as long as necessary for any legal procedures. 

How is the data protected? 

The data is protected by means of appropriate technical and organisational measures. Paper documents are stored in a locked facility. Digital material is protected through technical measures, and access rights are only granted to people who need to access the material because of their job or assignment. The employees of Retta are bound by a confidentiality obligation. Employees are provided with training and instructions on the lawful processing of personal data. 

Processors of personal data outside the Retta are also required to implement sufficient technical and organisational protection measures and commit to a confidentiality obligation. 

What are the data subject’s rights? 

Data subjects have the right to know whether a data controller is processing personal data concerning them. If the data controller processes such personal data, the data subject has the right to receive a copy of the personal data concerning them. If the personal data is deficient, erroneous, inaccurate or outdated, the data subject has the right to request that the data controller correct the data. 

If the processing of personal data is based on the data subject’s consent or a contractual relationship, the data subject has the right to receive the personal data concerning them in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another controller. This right only applies to personal data that the data subject has provided to the data controller and that is processed automatically. 

In certain circumstances, the data subject has the right to restrict the processing of their personal data. This is the case when, for example, the accuracy of personal data is contested by the data subject. In such cases, processing will be restricted until it has been confirmed that the data is accurate and its processing is lawful. 

The data subject has the right to request that the personal data concerning them be erased. This right is only applicable when the personal data is no longer needed for the purposes for which it was collected, there are no other legal grounds for its processing and it does not need to be stored to meet the requirements of the law. In other words, data cannot be erased while there is a valid legal basis for its storage. 

If the processing of personal data is only based on the data subject’s consent, they have the right to withdraw their consent at any time. In addition, the data subject has the right to object to the processing of their personal data if its processing is based on the data controller’s legitimate interest. 

The data subject has the right to file a complaint with the Data Protection Ombudsman (www.tietosuoja.fi) if the data subject believes that the data controller fails to meet their obligations or otherwise fails to comply with the applicable data protection laws. 

If you have any questions about personal data processing and data subjects’ rights, please contact us via email. We verify your identify before you submit your information. 

This privacy statement was last updated on 1 September 2024