Sales: Oskari +358 50 554 8434

Jani +358 40 740 8001

myynti@lkporras.fi

LK Porras Oy Teollisuustie 10, 79100, Leppävirta

PRIVACY POLICY

General

This Privacy Policy describes how LK Porras Oy (Business ID: 0172172-3) (Rappuralli.fi) processes personal data; what personal data the company collects, for what purposes the data is used, to whom the data may be disclosed, and how data subjects can influence the processing of their personal data.

The company protects the privacy of data subjects and complies with the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”), other applicable data protection legislation, and good data processing practices in all personal data processing activities.

“Personal data” refers to any information relating to an identified or identifiable natural person (“data subject”), as defined in the GDPR.

Data Controller and Data Protection Officer

Data Controller:

LK Porras Oy, Business ID 0172172-3

www.lkporras.fi

Contact persons of the Data Controller:

Marja-Liisa Monni

Sonja Monni

Data Protection Officers of the company group:

Marja-Liisa Monni

Sonja Monni

Contact details:

marja-liisa.monni@lkporras.fi

sonja.monni@lkporras.fi

PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

Personal data is processed for the following purposes, among others:

  • Ordering the company’s products and services
  • Producing, maintaining, developing, and ensuring the quality of services
  • Ensuring service security and preventing and investigating misuse
  • Fulfilling statutory obligations
  • Business planning and product development
  • Providing personalized customer service and targeted customer communications related to services, and monitoring service usage
  • Marketing and targeting marketing to customers and potential customers
  • Risk management and prevention of misuse

Legal bases for processing personal data

The primary legal basis for processing personal data is the contractual relationship between the company and the data subject. Processing is also based on statutory obligations, such as accounting obligations, customer due diligence requirements, and statutory reporting obligations. Processing for customer relationship management and direct marketing is based on the company’s legitimate interest.

Electronic direct marketing, subscription to the company’s newsletter, and storage of personal data collected via the company’s website for direct marketing purposes are based on consent.

CATEGORIES OF PERSONAL DATA, DATA CONTENT, AND DATA SOURCES

The company collects only such personal data that is relevant and necessary for the purposes described in this Privacy Policy.

The following categories of personal data are processed:

Contact information

Name, address, phone number, email address, and personal identity number.

Customer relationship data

Bank account number, billing and payment details, and other information identifying the customer relationship.

Customer transaction, contract, and product data

Information regarding contracts between the company and the data subject, product and order details, customer feedback, communications, and complaints.

Consents and prohibitions provided by the data subject

Information regarding consent to electronic direct marketing and consent to the processing of personal data, as well as withdrawal of consent and prohibitions provided by the data subject.

Behavioral and technical identification data

Monitoring of the data subject’s online behavior and use of the company’s services through cookies or similar technical identifiers. Collected data may include IP address, pages visited, browser type, URL, session time, and duration.

More information about cookies and other tracking technologies can be found in the company’s Cookie Policy.

Personal data required to fulfill contractual and/or statutory obligations and to provide the company’s services will be specified to the data subject in each context.

Personal data is primarily collected directly from the data subject or from the company represented by the data subject, for example when preparing an offer, concluding a customer agreement, during the customer relationship, through marketing activities, or via website forms. Data may also be provided by the data subject in connection with competitions, prize draws, website usage, or newsletter subscriptions.

The company uses external service providers for marketing purposes who process contact details for marketing activities. These data are not permanently stored in the company’s registers.

Personal data may also be collected from organizations represented by the data subject. In addition, data may be collected and updated from third-party registers permitted by law, such as the Population Information System, Trade Register, and credit information registers.

RETENTION OF PERSONAL DATA

Personal data is retained for as long as necessary to fulfill the purposes defined in this Privacy Policy, unless legislation requires longer retention periods (e.g. accounting, reporting, or other statutory obligations), or the company requires the data for the establishment, exercise, or defense of legal claims.

Retention periods and criteria vary depending on the category and purpose of the personal data.

Personal data is processed for the duration of the customer and contractual relationship and for a necessary period thereafter.

Data relating to potential customers is generally retained for XXX months.

For organizations, the retention of a data subject’s personal data is linked to the duration of the data subject’s role as a representative of the organization. Personal data is deleted within a reasonable time after the role ends.

When personal data is no longer required as described above, it will be deleted within a reasonable time, unless legislation obligates the company to retain the data longer.

RECIPIENTS OF PERSONAL DATA

The company may outsource personal data processing to service providers or subcontractors in accordance with this Privacy Policy. The company ensures through appropriate contractual arrangements that personal data is processed lawfully and appropriately.

Parties involved in personal data processing include, among others:

  • Oscar Software Oy
  • Suomen Asiakastieto Oy

Personal data is not disclosed for direct marketing, opinion polling, market research, or similar purposes.

Personal data may also be disclosed to:

  • Accounting service providers

Personal data may be disclosed to authorities in specific cases as required or permitted by law.

In emergency or exceptional situations, personal data may be disclosed to protect human life, health, or property. Personal data may also be disclosed if the company is involved in legal proceedings or other dispute resolution processes.

In the event of a merger, business transaction, or other corporate arrangement, personal data may be disclosed to third parties. Data protection will be ensured in such arrangements, and data subjects will be informed where required.

Data is primarily disclosed electronically, but may also be disclosed by other means, such as by telephone or mail.

TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA

Personal data is not transferred outside the European Union or the European Economic Area.

PRINCIPLES OF DATA SECURITY AND PROCESSING SAFETY

The company processes personal data in a manner that ensures appropriate security, including protection against unauthorized processing and against accidental loss, destruction, or damage.

Appropriate technical and organizational measures are used, including firewalls, encryption technologies, secure facilities, access control and management, personnel and subcontractor instructions, and contractual obligations.

Contracts and original documents are stored in locked premises with access restricted to authorized persons only.

All parties processing personal data are subject to confidentiality obligations under employment contracts and contractual confidentiality clauses.

RIGHTS OF DATA SUBJECTS

Right of access

The data subject has the right to obtain confirmation as to whether personal data concerning them is being processed.

The data subject has the right to access their personal data and to receive the data in written or electronic form upon request.

Right to rectification and erasure

The data subject has the right to request correction of inaccurate or incomplete data and to request deletion of their personal data.

The data controller also corrects, deletes, or supplements inaccurate, unnecessary, incomplete, or outdated personal data on its own initiative.

Right to data portability, restriction, and objection

The data subject has the right to request transfer of their data to another data controller.

The data subject also has the right, under applicable data protection laws, to request restriction of processing.

The data subject has the right to object to processing for specific purposes and to prohibit the use of their data for direct marketing.

Right to withdraw consent

If processing is based on consent, the data subject has the right to withdraw consent at any time. Withdrawal does not affect processing carried out prior to withdrawal.

Exercising rights

Requests related to data subject rights must be submitted electronically to the Data Protection Officer specified in this Privacy Policy. Identity will be verified before data is disclosed. Requests are handled within a reasonable time and no later than one month from receipt and identity verification.

If a request cannot be fulfilled, the data subject will be informed in writing.

RIGHT TO LODGE A COMPLAINT

The data subject has the right to lodge a complaint with a data protection supervisory authority if they believe their personal data has been processed unlawfully.

CHANGES TO THIS PRIVACY POLICY

The company continuously develops its services and may update this Privacy Policy accordingly. Changes may also result from legislative updates. Data subjects are encouraged to review this Privacy Policy regularly. Material changes will be communicated where required.

This Privacy Policy was published on 24 May 2021.

COOKIE POLICY

General information about cookies

We use cookies on our website to improve user experience. Cookies are small text files stored on a user’s device by a web server. After storage, the browser sends the information back to the server as part of a request, allowing the website to recognize and track browsers.

Cookies provide information on how users use our website. We may use cookies to develop our services and website, analyze website usage, and target and optimize marketing. Users can allow or disable cookies through their browser settings.

Types of cookies

There are two main types of cookies:

  • Session cookies, which are deleted when the browser is closed
  • Persistent cookies, which remain stored until deleted or expired

Cookies used

Cookies are used on the website for the following purposes:

  • Collecting user data via Google Analytics
  • Enabling content sharing via Facebook
  • Displaying recommendations to returning users
  • Identifying users when logged in (not applied to anonymous users)
  • Storing selected language preferences

We also use Google Ads (AdWords) for conversion tracking and remarketing. These are third-party cookies with lifespans ranging from 90 days to two years.

Third-party cookies

Google Analytics

We use Google Analytics to analyze website usage. Google Analytics uses cookies to collect information used to generate reports on website activity, including:

  • Determining the monitored domain
  • Distinguishing individual users
  • Remembering previous visits
  • Identifying traffic sources
  • Defining session start and end
  • Storing visitor-level custom variable values

Google stores this data for periods ranging from 30 minutes to two years depending on the cookie type.

Google’s privacy policy is available at:

http://www.google.com/privacypolicy.html

Accepting cookies

Most web browsers accept cookies automatically.

By using this website and accepting this policy, you consent to the use of cookies in accordance with this Cookie Policy.

Blocking cookies

Instructions for blocking cookies can be found in your browser’s support pages:

  • Chrome: https://support.google.com/chrome/answer/95647
  • Firefox: https://support.mozilla.org/fi/kb/evasteiden-paalle-ja-poiskytkeminen
  • Internet Explorer: https://support.microsoft.com/fi-fi/help/17442/windows-internet-explorer-delete-manage-cookies
  • Safari: https://support.apple.com/fi-fi/HT201265

Blocking cookies may affect website functionality.

User tracking

We use Leadoo user tracking to monitor how users navigate our website and to combine this data with user information collected through interactions such as chat. Leadoo uses etag tracking, which differs from cookie-based tracking by linking multiple user sessions together.

For more information on what data is tracked, please review Leadoo Marketing Technologies Oy’s Privacy Policy:

https://leadoo.com/privacy-policy

Under GDPR, we act as the data controller and Leadoo as the data processor. If you do not wish to be tracked, you may clear your browser cache. More information on how Leadoo operates can be found at:

https://leadoo.com/privacy-policy-processor

Contact us.

Tell us about your project and requirements, and we’ll work with you to find the best solution.

We are LK Porras, a family-owned company from Leppävirta. We have been manufacturing spiral stairs and other steel stair solutions for Finnish buildings since 1974. Cutting corners is not how we work. We know what we do, and we do what we promise.

Quick links

Products

Location

LK Porras Oy
Teollisuustie 10
79100 Leppävirta

© LK Porras. 2025. All right reserved.

Website by: Applari

Privacy policy