Creation date: 23 April 2018
Everyone appreciates their privacy, and so do we. However, our operations require us to process personal data. We are committed to respecting your privacy and to adhering to applicable national and international regulations (the provisions and principles set down in the European Union’s General Data Protection Regulation, for instance) in the processing of personal data.
1 Data controller
Torikatu 26, FI-90100 Oulu, Finland
+358 20 735 0299
2 Contact person in matters related to the data file
CEO: Tiina Räisänen, firstname.lastname@example.org
Data Protection Officer: Outi Arontie, email@example.com
3 Data file name and data subjects
Verkkoasema Oy | Customer and marketing data file
In the data file, we process the personal data of our customers, potential customers and their representatives.
4 How do we use your personal data?
We process personal data in matters related to customer relationship management (service production and delivery, billing and debt collection, processing of complaints, customer support and customer satisfaction measurement, among other things), in customer communications, the marketing of services offered by Verkkoasema Oy and its partners and the development of services.
Your personal data may also be collected and processed to fulfil legal obligations, such as accounting and official obligations.
We collect, store and process personal data for pre-determined purposes only.
5 What kinds of personal data do we collect?
The following information may be stored about the data subject:
- Telephone number
- Email address
- Job title
- Consent-related information
- Generally available classification information
- Customer feedback information
- Order, billing and delivery information
- IP address information or another identifier
- Data collected with cookies
- Ordered/downloaded materials prepared by our experts
- Pages visited, time spent on the website, path from where the website was accessed and links clicked
- Information collected from social media channels
- Other information collected with the customer’s consent
6 From which sources do we collect personal data?
We collect personal data concerning you mainly from you yourself when we contact you or later in connection with the use of our services. We also collect information about events and training sessions we organise. We may also collect customer-related information from public sources or registers, such as LinkedIn or other social media channels.
With Google Analytics, Active Campaign Analytics and Viidakko CEM, we collect information about the users of our website in order to analyse and develop our website and to target relevant marketing at the users of our website. Data is stored automatically in the data file when the user submits information on our website or in the www.verkkoasema.fi service.
The purpose of the marketing automation solutions we use is to help us serve the visitors to our website better. We do not use mass mailing as these solutions enable us to focus our marketing on topics that interest you.
7 On what grounds do we process your personal data?
We see to it that we always have legal grounds for processing your personal data.
We mainly process the data to fulfil and prepare agreements (e.g. production and delivery of our services, customer relationship management, processing of complaints and customer feedback) and on the basis of our legitimate interest (e.g. direct marketing to our customers and product development of our services).
With your consent, we may use your email address for sending newsletters and marketing letters or process other personal data about you. If we process your personal data solely on the basis of your consent, you can withdraw your consent at any time.
We may also process your personal data to fulfil legal obligations.
8 Will your personal data be transferred or disclosed?
As a rule, your personal data is processed by members of our company’s personnel as part of their work.
In some cases, your personal data may be disclosed confidentially to our partners or our subcontractors who process personal data on the basis of a written commission agreement. Such cases include, for instance, data centre and cloud services intended for storing data, providers of the IT systems we use and external services acquired to support sales and marketing.
Our subcontractors and partners process personal data as agreed, according to our written guidelines and only for agreed, legal purposes.
We may also disclose data to meet our contractual obligations or when law or competent authorities so require. We may also disclose your personal data if we are involved in corporate or business acquisition.
We may disclose anonymised or statistical data that can no longer be attributed to an individual. If this data is no longer considered personal data, we may also disclose data to third parties for purposes other than those mentioned here.
9 Is your personal data transferred outside the EU and the EEA?
When processing your personal data, we use service providers who may have access to your personal data from outside the EU/the EEA, from countries such as the United States of America. We see to it that transfers are conducted in an appropriate and legal manner in accordance with legislation on the processing of personal data.
In all cases, we transfer your personal data outside the EU/the EEA only on one of the below-mentioned, legal grounds:
- the European Commission has decided that the receiving country in question has ensured an adequate level of data protection;
- we have provided appropriate safeguards for transferring your personal data by using the standard data protection clauses approved by the European Commission. In this case, you have the right to receive a copy of these standard clauses by contacting us; or
- there are other legal grounds for transferring your personal data outside the EU/the EEA, such as the Privacy Shield arrangement applicable to the USA, approved by the European Commission.
10 For how long is your personal data stored?
We store your personal data only for as long as is required for the purposes described in this policy. In addition, some data may be stored for a longer period of time as far as is required by legal obligations, such as accounting-related responsibilities. Data that is no longer required is erased regularly.
11 How is your personal data secured?
We respect the confidentiality of your personal data.
Personal data is protected from use by third parties with firewalls, antivirus software, personal user IDs and passwords. Personal data can only be accessed by persons authorised by Verkkoasema whose work duties require them to process personal data. We disclose personal data to our partners, such as our subcontractors, only in a confidential and restricted manner on the basis of agreements. Our partners must commit to ensuring adequate information security and the legal processing of personal data in all aspects of the processing. The persons who process personal data are bound by an obligation of secrecy.
Our website uses a TLS-encrypted HTTPS connection, which ensures the protection of all electronic personal data. In the browser, this is indicated by the green lock icon on the left in the address bar. If there is data in a manual format, they are stored in locked premises that cannot be accessed by third parties and destroyed securely.
The cookies we use are related to our marketing automation system (Viidakko CEM or Active Campaign), Google Analytics and the social media channels we use: LinkedIn, YouTube, Twitter and services provided by the Facebook companies.
If you do not wish the online service to collect data through cookies, you can prevent cookies (most browser software allow the user to disable cookies). You can prevent Google Analytics from collecting data about you. Read more about this on Google’s website. However, please note that in this case, it is possible that the online service does not function properly.
13 What rights do you have?
13.1 Right to prohibit direct marketing
The data subject has the right to object at any time to processing of personal data for direct marketing purposes.
All direct email sent by Verkkoasema contains a link allowing you to prevent any future direct emails. You can also sent a direct marketing ban request by email to firstname.lastname@example.org.
13.2 Right of access (right of review)
Everyone has the right to know what kinds of data concerning them is stored in a personal data file. You can request your data from us for review as described in Section 14.
13.3 Right to demand rectification or erasure of data (right to be forgotten)
Verkkoasema erases, rectifies or supplements, on its own initiative or at the request of the data subject, any data that is erroneous, unnecessary, incomplete or obsolete with regard to the processing.
13.4 Right to restriction of processing
The data subject has the right to request the restriction of the active processing of their personal data when, for instance, the data subject contests the accuracy of their personal data and requests the rectification or erasure of the data. In this case, the personal data in question may only be stored, not otherwise processed. The restriction of processing is ensured by technical means.
Before the restriction of processing is lifted, Verkkoasema informs the data subject of this.
13.5 Right to object to the processing of personal data
If we process your personal data due to the public interest or our legitimate interest, you have the right to object the processing of personal data concerning you provided that there is no compelling reason for the processing of the data, overriding your rights, or that the processing is not required for handling a legal claim.
13.6 Right to data portability
As far as the data subject has provided data to the customer data file themselves and the data is processed on the basis of the data subject’s consent or commission, the data subject has the right to receive this data in a machine-readable format, as a rule, and the right to transmit this data to another data controller.
13.7 Withdrawing consent
If personal data is processed on the basis of the data subject’s consent, the data subject has the right to withdraw their consent by informing Verkkoasema of this. For instance, all direct email sent by Verkkoasema contains a link allowing you to withdraw your consent to any future direct emails. You can also withdraw your consent as described in Section 14.
13.8 Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a competent supervisory authority if the data controller has not complied with the applicable data protection regulations in their operations.
14 Requests related to the rights
Any enquiries and requests related to the data file can be submitted either in person by presenting an identity document or with our electronic form. The form verifies your identity through Visma Sign with online banking credentials or a mobile certificate, for instance. We deliver the data to your email address as a password-protected document, with the password sent as an SMS to your phone.
Verkkoasema responds to requests within one (1) month of the submitting of the request unless there are special reasons for a longer response time. We may also refuse to fulfil your request on grounds defined in applicable law.
As a rule, exercising your rights is free of charge.
15 Is the provision of information obligatory?