POWER-PLAZA.COM
KUMERA CORPORATION

Data Privacy Policy

1. Data controller

Kumera Oy
Kumerankatu 2
11100 Riihimäki
Business ID: 1536721-9

2. Contact details

Email: dpo@kumera.com

Website scope note: This privacy policy also describes how we process personal data when you visit and interact with our website (e.g., when you browse pages, submit forms or communicate with us via the website).

3. Legal basis

Our processing is based on one or more of the following legal bases, depending on the context:

  • Contract / steps prior to contract (GDPR Art. 6(1)(b)): e.g., responding to requests related to services and managing customer relationships.

  • Legal obligation (GDPR Art. 6(1)(c)): e.g., accounting and statutory retention obligations.

  • Legitimate interests (GDPR Art. 6(1)(f)): e.g., information security, fraud prevention and running and improving our website and services in a B2B context.

  • Consent (GDPR Art. 6(1)(a)): where required, for example for non-essential cookies/trackers (such as analytics or marketing cookies) and for keeping applicant data for future recruitment opportunities.

Cookies and similar technologies: We use cookies and similar technologies. Strictly necessary cookies are used to provide the website and requested functions. For other cookies/trackers (e.g., analytics or marketing, where applicable), we ask for your consent before placing them on your device. We do not treat continued browsing or scrolling as consent to non-essential cookies/trackers. Where consent is requested, you can choose to accept or refuse non-essential cookies.

4. Personal data categories

Contact data, business information and recruitment data.

5. Sources

Data subjects, customer representatives, referees, and internal systems.

6. Recipients

Authorized employees and contracted service providers.

7. International transfers

Transfers outside EU/EEA are safeguarded under GDPR mechanisms.

8. Retention of personal data

Kumera retains personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable laws and regulations.

Customer and business contact data:

Personal data is retained for a maximum of ten (10) years after the last business interaction. This is justified by contractual obligations, legal requirements and potential legal claims.

Recruitment data:

  • Unsuccessful applicants: up to twelve (12) months after recruitment ends

  • With consent: may be retained longer for future opportunities

  • Selected candidates: retained as part of employment records

Extended Retention:
Data may be retained longer where required by law, for dispute resolution or legal claims.

After the retention period, data will be securely deleted or anonymized.

9. Security

Technical and organizational safeguards including encryption and access control.

10. Data subject rights

Access, rectification, erasure, restriction, objection, portability, and complaint rights. You can exercise your rights by contacting us at dpo@kumera.com and describing your request. We may need to verify your identity. We will respond without undue delay and in any event within one month, subject to GDPR Art. 12(3).

If you consider our processing of your personal data to be inconsistent with data protection laws, you also have the right to lodge a complaint with the Office of the Data Protection Ombudsman (Finland) or your local supervisory authority.

11. Updates

This policy is reviewed and updated periodically.