Updated 29 March 2022
1. Contact information
Data Protection Officer
Vilhonkatu 6 A FI-00100, Helsinki, Finland
2. What personal data do we process, how do we receive it and for which purposes we process it? What is our legal basis for the processing of personal data?
We may process personal data as identified below considering our role either as the Data Controller or the Data Processor.
|Type of personal data||Purpose of processing||Source of personal data||Our role||Legal basis for processing|
|Customer’s contact data, such as company name, contact person, phone number, email address and position/role||Customer relationship management, fulfilling contractual obligations with the customer, invoicing and marketing of new services||Data subjects themselves, public registers, company websites, data may be also obtained in course of business||Data Controller||Legitimate interest of the data controller (customer relationship management, marketing of new services), legal obligations, fulfilment of a contract.|
|Potential customer’s contact data, such as company name, contact person, phone number, email address and position/role
|Obtaining new customers, marketing||Data subjects themselves, public registers, company websites, our business partners, data may be also obtained in course of business||Data Controller||Consent of the Data subject, legitimate interest of the data controller (obtaining new customers).|
|Job applicant’s data, such as name, address, phone number, employment background, academic history and other information the applicant provides in, for example, resume and cover letter||Recruitment of employees||Data subjects themselves||Data Controller||Actions necessary prior to entering into employment contract, legitimate interest of the data controller(recruitmet of the appropriate employee)
such as text content of data moderated by us, user name, and other related content
|Providing our services and fulfilling contractual obligations with our customer||Our customer||Data Processor||Contractual relationship with our customer and a data processing agreement with our customer whereas our customer is the data controller
|Data Controller||Consent, legitimate interest of the controller (ensuring the security and functioning of the website)|
|Data of other persons contacting us, such as name and email address of the data subject||Answering to your enquiries and/or taking other necessary actions pursuant to your request||Data subjects themselves||Data Controller||Consent, legitimate interest of the controller (answering to your enquiries)|
3. How long is personal data stored by us?
We will store your personal data for the period of time required for the purpose of processing listed above. However, we may store the personal data longer due to requirements arising from the Finnish Accounting Act or other similar legislation.
We store the customer data processed by us for the duration of the customer relationship and at maximum fifteen (15) months after.
We evaluate the necessity and accuracy of the personal data on a regular basis.
4. Where is your personal data located and transferred?
We aim to store your personal data within the European Union and European Economic Area (“EU and EEA”). However, certain personal data, due to systems and services used to support our business and providing our services, may be transferred outside the area of EU and EEA. In such case we make sure that one of the following instruments apply: (a) the personal Data remains located within a country recognized by the EU as providing an adequate level of protection for the personal Data (“Adequacy Decision”), (b) standard contractual clauses or a similar instrument in accordance with the applicable data protection legislation exist in case of transfer, or (c) binding corporate rules in accordance with applicable data protection legislation exist in case of transfer.
5. Who else may process your personal data and with whom we may share your personal data with?
Your personal data may be shared with and processed by our partners and subcontractors for the purposes of marketing, sales, accounting and invoicing as well as providing our services. In such cases we make sure that a data processing agreement exists between us and each of our partners or subcontractors together with one of the instruments defined under Section 4 above when needed.
We may also share personal data with third parties outside our organization if access to and use of the personal data is reasonably necessary to: (i) meet any requirements / obligations of applicable law, regulation, and / or court order or (ii) detect, prevent, or otherwise address crime or security issues.
6. Your rights as a data subject
As a data subject, you have the following rights for types of personal data listed above for which we are the Data Controller. Please send your request to our contact address. You may need provide a proof of your identification while we process your request.
- The right to access: You have the right to request copies of your personal data. We may charge you a small fee for this service.
- The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
- The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The right to withdraw consent: Where personal data processing is based on your separate consent, you have the right to withdraw your consent. The withdrawal shall not affect the lawfulness of processing based on consent performed before the withdrawal.
Please note that as a data subject you have always the option to request us to stop sending you marketing messages. Moreover, we shall on our own initiative delete, correct and complement any personal data which is discovered to be incorrect, unnecessary, incomplete or outdated for the intended purposes.
In the event we are the Data Processor, we advise you contact your data controller, who is a provider of the service in which you have been registered.
As a data subject you are always entitled to contact the data protection authorities in case of complaints. Further information is provided at www.tietosuoja.fi.