Utopia Analytics' privacy policy

Updated 13 November 2023

1. General

We are committed to respecting your privacy and processing your personal data in accordance with the applicable data protection legislation. This document concerning the processing of your personal data (“Privacy Policy”) aims to fulfill our obligation to inform you as a data subject regarding our personal data processing practices and your rights as the data subject, as required by the General Data Protection Regulation 2016/679 of the European Union ("GDPR"). We reserve the right to reasonably amend this Privacy Policy and kindly ask you to visit this page recurringly and review this Privacy Policy for possible changes.

 

Our website may also include links to websites and services operated by third parties, for which this Privacy Policy does not apply. Rather, we encourage you to consult the respective privacy policies of those third parties, would they apply to you.

 

2. Contact information

Utopia Analytics Oy (“we”), acting as the data controller in accordance with this Privacy Policy.

VAT ID: FI26411588

 

Data Protection Officer

Mikonkatu 6 C FI-00100, Helsinki,Finland

dpo@utopiaanalytics.com

3. Categories and sources of personal data as well as the purposes and legal bases for the processing of personal data

Categories of Personal Data

Purpose of processing

Source of personal data

Legal basis for processing

Customer’s contact and communication data, such as company name, contact person, phone number, email address, position/role and personal data contained in surveys and messages between us and the data subject. We may also collect meeting details and data necessary (e.g. specific interest/reference expressed by data subjects or observed by us) to tailor our offers and services to the customer.

Customer relationship management; Fulfilling of contractual obligations towards the customer; Invoicing; Service development; Marketing of new services

Data subjects themselves; Public registers; Company websites; Data may be also obtained in the course of business

Consent; Legitimate interest of the data controller (communicating with customer, customer relationship management, marketing of new services); Legal obligations; Performance of a contract

Potential customer’s contact and communication data, such as company name, contact person, phone number, email address, position/role and personal data contained in surveys and in certain messages between us and the data subject. We also collect data necessary to tailor our offers and services to the potential customer.

Obtaining new customers; Service development; Marketing

Data subjects themselves; Public registers; Company websites; Our business partners; Data may be also obtained in the course of business

Consent; Legitimate interest of the data controller (marketing our services and communicating with potential customer)

Job applicant’s data, such as name, address, phone number, employment background, academic history, data on aptitude assessments, photographs, identity data on referees, data collected from referees, and other information the applicant provides in, for example, a resume or a cover letter

Recruitment of employees

Data subjects themselves and with their consent, their referees

Consent; Actions necessary prior to entering into an employment contract; Legitimate interest of the data controller (recruitment of the appropriate employee)

Website visitor’s data, such as IP address and other observed data (see cookie policy)

Developing the website; Marketing; Statistics; Ensuring that the website works properly and in a secure manner

Personal data accumulated by website visits; Our business partners

Consent; Legitimate interest of the controller (ensuring the security and functioning of the website)

Data of other persons contacting us, such as name, phone number, email address of the data subject, meeting/event details, personal data contained in certain communications between us and the data subject.

The purpose can vary pursuant to the nature and contents of the contact. The purpose can be answering to your enquiries, event/meeting organization and/or taking other necessary actions pursuant to your request(s).

Data subjects themselves

Consent; Legitimate interest of the controller (answering to your enquiries)

4. How long do we store your personal data?

We will store your personal data for the period of time required for the purpose of processing listed above, unless mandatory laws require us to store certain personal data for longer. The storage period may differ greatly from one type of processing to another.

5. Where is your personal data stored and where is it transferred to?

We aim to store your personal data within the European Union and the European Economic Area (“EU/EEA”). However, due to certain systems and services used to support our business and providing our services, some personal data may be transferred outside the EU/EEA. We ensure such transfers are in accordance with applicable data protection legislation, e.g. by means of the personal data remaining in a country recognized by the European Commission as ensuring an adequate level of protection, by using the European Commission’s Standard Contractual Clauses, or by means of other transfer mechanisms designated by the GDPR, and where necessary, additional safeguards.

6. Who may we disclose or transfer your personal data to?

Your personal data may be shared with and processed by our partners and subcontractors for the purposes of marketing, sales, accounting, recruiting, website maintenance, statistics, invoicing as well as providing our services.

We may also share personal data with third parties where such is reasonably necessary to meet any obligations of applicable legislation and / or authority order, or to detect, prevent, or otherwise address crime or security issues.

7. Your rights as a data subject

As a data subject, you have the following rights.

 

- The right to access: You have the right to request copies of your personal data. However, to protect the confidentiality of our clients, we may not agree to requests for data that could jeopardize the processing of confidential client data.

- The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.

- The right to erasure: You have the right to request that we erase your personal data, under certain conditions.

- The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.

- The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.

- The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

- The right to withdraw consent: Where personal data processing is based on your separate consent, you have the right to withdraw your consent. The withdrawal shall not affect the lawfulness of processing based on consent performed before the withdrawal.

Please send your request to our contact address mentioned above. You may need to provide proof of your identity or answer certain questions for us to be able to process your request.

As a data subject you are always entitled to contact the relevant data protection authority in case of complaints. In Finland, the supervisory authority is the Data Protection Ombudsman. Further information is provided at www.tietosuoja.fi.