Register and privacy policy

This is Katera Steel Oy’s register and privacy policy in accordance with the EU’s General Data Protection Regulation (GDPR). Completed on 22 May 2026

1. Controller

Katera Steel Oy
Kehräämöntie 8, 87400 Kajaani, Finland

2. Contact person responsible for the register

Mikko Julkunen
+358 (0) 40 187 6621
mikko.julkunen@katerasteel.fi

3. Name of register

Katera Steel Oy customer register.

4. Legal basis and purpose of processing personal data

The legal basis for processing personal data under the EU General Data Protection Regulation is 
– the person’s consent

The purpose of processing personal data is to communicate with customers and maintain customer relationships.
The data is not used for automated decision-making or profiling. 

5. Data content of the register

The data stored in the register includes: the person’s name, email address, telephone number and self-written message.

The IP addresses of website visitors and cookies necessary for the functioning of the service are processed on the basis of legitimate interest, for example, to ensure data security and to collect statistical data on website visitors in cases where such data can be considered personal data. Consent for third-party cookies is requested separately when necessary.

6. Regular data sources

The data stored in the register is obtained from the customer through, for example, messages sent via web forms, email, telephone, social media services, contracts, customer meetings and other situations where the customer discloses their data.

Contact persons for companies and other organisations may also be collected from public sources, such as websites, directory services and other companies.

7. Regular data disclosures and data transfers outside of the EU and EEA

No data is regularly disclosed to other parties. Data may be disclosed to the extent that this has been agreed with the customer.

The controller may transfer data also to outside of the EU and EEA. Data will not be transferred to the United States without the explicit consent of data subjects.

8. Principles of register protection

The register is managed with due care, and data processed by the  information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the hardware is ensured as appropriate. The controller ensures that stored data, server access rights and other information critical to the security of personal data, is handled confidentially and only by those employees whose job description includes such duties.

9. Right of inspection and right to rectification

Every data subject has the right to inspect their data stored in the register and request the rectification of any incorrect data or the completion of incomplete data. If a data subject wishes to inspect the data stored about them or request rectification of it, the request must be sent in writing to the controller. If necessary, the controller may ask the requester to prove their identity. The controller will respond to the customer within the time limit set in the EU’s General Data Protection Regulation (as a rule, within one month).

10. Other rights related to the processing of personal data

A data subject has the right to request that personal data concerning them be erased from the register (“right to be forgotten”). Data subjects also have other rights under the EU’s General Data Protection Regulation, such as restricting the processing of personal data in certain circumstances. Likewise, data subjects have other rights under the EU General Data Protection Regulation including the restriction of processing personal data in certain circumstances. Requests must be sent in writing to the controller. If necessary, the controller may ask the requester to prove their identity. The controller will respond to the customer within the time limit set in the EU’s General Data Protection Regulation (as a rule, within one month).