Privacy Policy­

General principles of personal data processing

Your data protection and privacy are important to us. When you use our services, you provide us with information about yourself, and we want to prove worthy of your trust.

• We process personal data carefully and professionally.
• We protect personal data with appropriate technical solutions.
• The processing of personal data is planned and compliant with the law.
• We do not collect unnecessary information about you.
• We strive for transparency in our operations.
• We explain our practices in clear and understandable language.

Personal data refers to any information that can be linked to an identifiable natural person.

Data processor or data controller?

In some cases, we act as a data processor, not a data controller. When we cannot determine the purpose and the means of processing personal data ourselves, we are acting as a data processor. In such cases, we have access to the personal data managed by the data controller.

For example, when a client provides us with personal data about their employees for a specific purpose, the client acts as the data controller. In this situation, our client determines the purpose and methods of processing the personal data.

A data processor may only process personal data for the purposes defined by the data controller. The processor’s responsibilities toward the controller are defined in the service agreement between us and our client.

We act as the data controller in situations where we process personal data on our own behalf, meaning we decide ourselves why and how personal data is collected.

What personal data do we collect?

The data we collect depends on the service you use. If you only visit the website and reject all cookies, we do not collect any information about you. If you are our customer, we naturally know more about you. However, not all information is stored in our registers.

Below are examples of situations where your personal data may be stored in our registers.

General information

In order to contact you, we store your contact details in different systems. Such general information may include your name, phone number, email address, or contact information for messaging services.

Customer relationship information

When a customer relationship is established between us, the amount of information naturally increases. We use this information to provide our services and manage the customer relationship.

If you are a corporate client, we store information about your employer, meaning the company. This may include the company’s address, billing details, the location of your workplace, the services in use, company-specific login credentials for required systems, and notes from meetings.

Phone calls and other communications

We may record phone calls or other discussions for quality control, training, or to fulfill accountability obligations. Email and social media conversations may be stored automatically even if we do not specifically record them. Log data may also be stored from these communications, such as the time a message was sent.

We may record phone calls or other discussions for quality control, training, or to fulfill accountability obligations. Email and social media conversations may be stored automatically even if we do not specifically record them. Log data may also be stored from these communications, such as the time a message was sent.

Newsletter subscription

When you subscribe to a newsletter, we store your email address. We may also ask for your name and areas of interest.

Website visits

By default, visiting our website does not store any personal data in our systems. However, if you accept all cookies, Google Analytics stores your IP address and a unique user ID. These allow us to distinguish individual users and their website visits.

Summary of personal data collection

Where do we obtain (collect) your personal data?

Below are sources from which we obtain personal data. The most common source is contact through our website or by email.

DIRECTLY FROM YOU

We collect your information when you contact us, subscribe to our newsletter, or use our services.

FROM OUR WEBSITE

Our website uses cookies to optimize your user experience. This information is not always identifiable and therefore may not constitute personal data. Read more about the use of cookies in our Cookie Policy.

FROM PARTNERS AND PUBLIC SOURCES

For example, we may search for contact or billing information using various databases.

How do we use your personal data?

CUSTOMER RELATIONSHIP MANAGEMENT AND SERVICE DELIVERY

We process your personal data to identify you as our customer, communicate with you, and send you messages during different stages of the customer relationship.

BUSINESS DEVELOPMENT

We process personal data to develop our business and services and to conduct marketing research and analysis, such as customer satisfaction surveys.

MARKETING

We collect and analyze personal data, such as your behavior on our website or your location, in order to send you information about our services or other messages that may be useful to you. We may also use your personal data to improve the user experience of our website and the relevance of advertising.

STATISTICS

We also use the collected data for statistical purposes and to improve our operations.

Legal basis for processing personal data

We process your personal data on the following grounds:

• You have given us consent to process your data. Consent may be given by using our services or contacting customer service. You may withdraw your consent at any time.
• Processing is necessary for the legitimate interests of us or third parties. This may include situations where we process your data to prevent fraud, send targeted direct marketing, or maintain the security of our information systems.
• Processing is necessary to comply with our legal obligations.
  

Automated decision-making and profiling

We may use automated decision-making in some of our services, for example in the automated handling of service requests. Automated decisions are based on the information provided to us.

We use profiling to send marketing messages that we believe are relevant to you. This also helps us avoid sending irrelevant messages. You have the right to object to profiling related to direct marketing.

Data retention and security

We are committed to ensuring the security of your data through good data management and careful handling of personal data. We use appropriate technical, physical, legal, and organizational measures to protect your information.

We retain personal data only as long as necessary for the purposes described in our privacy policies and registers, unless a longer retention period is required or permitted by law.

Personal data is generally processed for two years after the last offer or invoice has been sent.

• Newsletter subscribers may unsubscribe from the list themselves.
• Data of website visitors is processed for two years.

Please note that the data controller may have a legal or other obligation not to delete requested data. The controller is required to retain accounting records for the period defined in the Accounting Act (Chapter 2, Section 10), which is 10 years. For this reason, accounting-related data cannot be deleted before this period expires.

Disclosure of personal data to third parties

We do not disclose your personal data to third parties without your consent unless one of the following conditions applies:

• Disclosure is based on law, regulation, or a contract binding us.
• We and the third party have a data processing agreement in place.
• Disclosure is necessary for providing a service to you.
• Your personal data was collected in connection with an event organized together with our partners. In such cases, we may share your data with partners organizing the event for marketing communication related to the event.

We regularly use the following service providers in order to provide our services. We ensure that all service providers comply with data protection legislation and, when necessary, have separate agreements regarding the processing of personal data.

• Accounting services
• Website maintenance – Janne Parri Oy, Finland
• Webflow – Webflow Inc., United States
• Zapier – Zapier Inc., United States
• Dropbox – Dropbox Inc., United States
• Google Drive – Google LLC, United States
• Microsoft 365 – Microsoft Corporation, United States
• Google Tag Manager – Google LLC, United States
• Google Analytics – Google LLC, United States
• Google Ads – Google LLC, United States
• ActiveCampaign – ActiveCampaign LLC, United States
• Facebook Ads – Facebook Inc., United States

International transfer of personal data

We may also transfer information to a debt collection agency if necessary for the recovery of payments.

Your personal data is primarily stored within the European Union (EU) and the European Economic Area (EEA).

However, we use cloud services, website platforms, advertising services, and other applications whose headquarters are located in the United States. In such cases, personal data may be processed outside the EU/EEA.

Below are the services and their privacy policies:

• Webflow Inc., Yhdysvallat - Privacy Policy - PS*
• Dropbox Inc., Yhdysvallat - Privacy Policy - PS*
• Google LLC, Yhdysvallat - Privacy Policy - PS*
• Microsoft Corporation, Yhdysvallat - Privary Policy - PS*
• ActiveCampaign LLC, Yhdysvallat - Privacy Policy - PS*
• Facebook Inc., Yhdysvallat - Privacy Policy - PS*
• Zapier Inc., Yhdysvallat - Privacy Policy
  ‍

Companies marked with PS* operate under the EU–U.S. Privacy Shield framework, which ensures that the transfer of personal data complies with the EU General Data Protection Regulation (GDPR) and that an adequate level of data protection is maintained. ‍

Your rights

You have the right to, among other things:

• access the personal data stored about you in our registers
• request correction of inaccurate information
• request deletion of your data (the right to be forgotten)
• transfer your data to another service
• restrict the processing of your personal data

If you wish to exercise any of the rights mentioned above, you can contact the person responsible for register-related matters:

Purpose of processing personal data / Purpose of the register

The purpose of processing personal data is to manage and administer the customer relationship, fulfill the rights and obligations of both the customer and the data controller, and process personal data in accordance with applicable data protection legislation for purposes related to online services.

In addition, personal data may be processed for the marketing activities of the data controller and companies belonging to the same corporate group, including direct marketing. Direct marketing may also be carried out electronically.

However, this does not mean that everyone in the register will automatically be added to mailing lists after any form of contact. Customers must always separately subscribe to and confirm a newsletter subscription. If you submit a request for a quote through the website, your information may be used in advertising platforms for targeting and exclusion lists.

Content of the register

The register may contain the following information. The data stored in the register increases as needed, meaning that not all information is collected from every customer. A person is considered to be in the register if even a single piece of identifying information has been recorded.

• first and last name
• email address
• postal address
• phone number
• employer (for corporate customers)
• employer’s information
• permissions and consents
• workplace / office location
• billing and debt collection information
• financial information
• information about processed orders and bookings
• information related to the customer relationship and contractual relationship
• unique IP address
• information provided by the data subject
• information observed from the use of services

Regular sources of information

A customer may be added to the register through the website’s contact forms, by purchasing products from the online store, or by providing information directly to one of the company’s employees.

Data storage and protection

We are committed to ensuring the security of your data through good data management and careful handling of personal data. We use appropriate technical, physical, legal, and organizational measures to protect your information.

We retain personal data only as long as necessary for the purposes stated in our privacy and register descriptions, unless a longer retention period is required or permitted by law.

Personal data is generally processed for two years after the last offer or invoice has been sent.

• Newsletter subscribers may unsubscribe from the mailing list themselves.
• Data of website visitors is processed for two years.

Disclosure of data

Please note that the data controller may have a legal or other obligation not to delete requested data. The controller is required to retain accounting records for the period defined in the Accounting Act (Chapter 2, Section 10), which is 10 years. Therefore, accounting-related materials cannot be deleted before the retention period has expired.

We do not disclose your personal data to third parties without your consent unless one of the following conditions applies:

• The disclosure is based on law, regulation, or a contract binding us.
• We and the third party have a data processing agreement.
• The disclosure is necessary for providing a service to you.
• Your personal data was collected in connection with an event organized together with our partners. In such cases, we may share your data with partners organizing the event for marketing communication related to the event.

We regularly use the following service providers to deliver our services. We have ensured that all our service providers comply with data protection legislation.

• Accounting services
• Website maintenance – Janne Parri Oy, Finland
• Webflow – Webflow Inc., United States
• Zapier – Zapier Inc., United States
• Dropbox – Dropbox Inc., United States
• Google Drive – Google LLC, United States
• Microsoft 365 – Microsoft Corporation, United States
• Google Tag Manager – Google LLC, United States
• Google Analytics – Google LLC, United States
• Google Ads – Google LLC, United States
• ActiveCampaign – ActiveCampaign LLC, United States
• Facebook Ads – Facebook Inc., United States

We may transfer data to a debt collection agency if necessary for monitoring or collecting payments.

Right of access under the Personal Data Act

The data subject has the right to access the information stored about them in the register, request correction of incorrect data, and otherwise exercise the rights guaranteed under data protection legislation.

A written request regarding the inspection, deletion, or correction of data must be addressed to the person responsible for register matters (see: Person responsible for register-related matters).

Other rights related to the processing of personal data

The data subject has the right to prohibit the processing of their personal data for direct marketing, distance selling, other direct marketing purposes, as well as market and opinion research. The prohibition will be recorded in the register.

Cookies

We use cookies and similar technologies to provide and improve our website and services. Our pages may also include components from third-party providers, for example those related to social media services.

In some cases, these cookies may also collect personal data. The use of cookies is explained in more detail in our Cookie Policy.

You can block non-essential cookies at any time from the menu located at the bottom-left corner of the page.