Privacy Policy – Marketing Register

Controller

Fira Oy
Address: c/o Fira Oy, Teknobulevardi 3-5, 001530 Vantaa, Finland
Business ID: 2768803-6
Contact person: [Jonas Meling, jonas.meling@fira.fi]

Name of register

Marketing Register (“Marketing Register”)

Introduction

Fira Oy and its subsidiaries (hereinafter “Fira” or “we”) collect personal data regarding their customers as well as the users who submit their contact details through the fira.fi website for the purposes of marketing.

This Privacy Policy discusses the principles according to which we store and process personal data saved in the Register. This Privacy Policy details the personal data we collect, how we process said personal data, and how you can exercise your rights related to your personal data.

We may update this Privacy Policy if the way in which we process the data changes or if updating it otherwise becomes necessary. The up-to-date version is available on our website. [fira.fi/en/privacy-policy/marketing-register/]

Our service may include elements provided by a third party. This Privacy Policy does not cover a third party’s principles applicable to data processing or to the protection of privacy, nor are we responsible for data processing carried out by any third parties. Please refer to their own policies to check their data protection principles.

Purpose of processing

We only collect, store and use personal data for predetermined purposes. We mainly use personal data to provide our own services, to market our services and products, to manage customer relationships as well as for customer communications and developing our marketing. These main purposes are:

  • To provide our own services and to fulfil our contractual obligations such as customer service and communicating service-related information and messages to the users
  • To improve quality, analyse trends and for the purposes of customer service
  • We can process your data to improve the quality of our services and products by analysing various trends related to the use of the services, for example. Whenever possible, we aim to use anonymous data from which individuals cannot be identified. We can use the data in managing the customer relationship and for customer service and communications.
  • To the extent permitted by law, we may also process personal data to implement the marketing of our services and products and for the purposes of direct marketing. This may also include processing and analysing personal data for the purposes of targeted marketing or services. We may, for example, show targeted marketing communications through our channels based on your past interests.
  • We may also, based on your consent, send you information and marketing communications via email.
  • Our aim is to constantly develop our online service. For this reason, we may also utilise personal data to develop our company’s online service / website and to improve the related processes and tools.

Fira processes your personal data to fulfil its contractual obligations towards its contractual partners and to act in accordance with the statutory requirements. The management of customer relationships and Fira’s legitimate interest are the basis for processing data. We may also ask for your consent to process certain personal data.

Data storage period

We store personal data only for as long as necessary, considering the purposes specified in this Privacy Policy. We will remove the personal data or anonymise it as soon as possible after its storage is no longer necessary.

The processed data and its sources

We collect data regarding the users of the fira.fi online service from the users themselves and in connection with the use of the service. We may collect open data regarding our customers from public sources such as LinkedIn or other social media channels. The collection and use of personal data is organised and we avoid unnecessary collection and storage of data.

Collected data may include:

– first and last name

– email address

– phone number

– title

– information about giving consent for marketing or opting out of direct marketing such as emails

– classification information provided by the individuals themselves such as interests

– feedback information from customer service or online service

In connection with the use of the service we may also process, for example, the following personal data regarding a customer/user:

– IP address

– order, billing and delivery information

– data collected through cookies

– data accumulated through the use of our website

Cookies

We use numerous technologies, including cookies, to collect and store data when you use our service and website. The cookies help us to count the total number of visitors to our pages and to monitor the use of our service and website. This helps us to improve our service. We also use cookies that make the use of our service and website easier for you by remembering user IDs, passwords or (language) choices, for instance. We also use monitoring and analytical cookies to follow our users’ attitudes towards the service we provide. We may also use cookies to target marketing (e.g. remarketing) and to optimise marketing.

Most browsers automatically enable cookies. You can prevent the use of cookies in your browser or set your browser to alert you whenever there is an attempt to install cookies. Please note that if you decide to prevent the use of cookies, some functionalities of the service may not work in the intended way. For further information about cookies and their removal, go to www.allaboutcookies.org.

Our services use, for example, Google Analytics, HubSpot and other analytics tools to create reports on the use of our website so that we can improve our website and service. For further information on Google Analytics, go to http://www.google.com/analytics. You can opt out of the collection of data by Google Analytics by downloading the browser add-on available at https://tools.google.com/dlpage/gaoptout.

Transfer and disclosure of personal data

We can transfer or disclose personal data to our partners if it is necessary for the purposes pursuant to this Privacy Policy. Such partners may include:

marketing consultants, marketing agencies, system providers and developers of our online service. We conclude written agreements with our partners and only use subcontractors who are committed to protecting personal data. In these cases, personal data is processed in accordance with applicable legislation.

We may also use third party service providers, for example providers of payment services, collection services and analytics services, to carry out certain tasks that include processing personal data on our behalf.

We can furthermore transfer or disclose personal data to our group companies and any party continuing our business operations as a result of corporate arrangements or the disposal, merger, de-merger, bankruptcy or liquidation of business operations.

Otherwise we will not sell or disclose your data to third parties.

In certain situations, your data may be transferred outside of the EEA because some of the cloud services we use may be located outside of the EEA. If data is transferred outside of the EEA, we will make sure that it is a country with an adequate level of protection determined by the European Commission and that the transferee has Privacy Shield certification. (https://www.privacyshield.gov )

We always make sure that the possible transfer of data is carried out on grounds required by law and with adequate protection mechanisms.

Should applicable laws so require, personal data can also be transferred or disclosed to the authorities.

Your rights

Right of access

Fira offers you right of access to your personal data processed by us. You can contact us to request access to the personal data we process with regard to you and the grounds for such processing. If less than 12 months have passed since your previous request for access, we can charge a fee for carrying out the measures related to the request.

Right to request rectification of data

You are also entitled to have erroneous, incomplete, outdated or unnecessary data rectified or supplemented by contacting us. The request must be submitted in writing.

Right to request removal of data

You can also ask us to remove your personal data from our systems. We will carry out the measures in accordance with your request unless we have a justified reason for not removing your data, for example to fulfil our statutory obligations. The data may not necessarily be removed immediately from all backup copies or other equivalent systems in our use.

Right to opt out of direct marketing

You can forbid the processing of your personal data for direct marketing purposes by sending an email about this to the above-mentioned address.

Right to oppose

You can also request restrictions to the processing of your personal data if the data is processed for purposes other than the performance of our services or for the fulfilment of a statutory obligation. You can also state your opposition to any further processing of your personal data, even if the processing were based on previous consent from you. Opposition to the processing of personal data may lead to more limited possibilities to use our website and services.

Right to restrict processing of data

You can ask us to restrict the processing of certain personal data. A request concerning the restriction of the processing of your personal data may lead to more limited possibilities to use our website and services.

Right to transfer data from one system to another

You are entitled to receive your personal data from us in an analysed and commonly employed format so that you can pass the data on to another controller.

Exercising your rights

You can exercise your above-mentioned rights by sending a message using the above-mentioned contact details. We have to be able to identify you in order to respond to your request. We may request additional information necessary to verify your identity. We may reject requests that are repeated unreasonably often or are excessive or groundless. If you believe that the processing of your personal data conflicts with the applicable legislation, you can submit a complaint to the local authority that supervises data protection, especially in the member state where you have permanent residence or workplace or where the alleged breach of the personal data regulation took place. In Finland, the supervisory authority is the Data Protection Ombudsman. http://www.tietosuoja.fi/fi/yhteystiedot/nainkysytneuvoa.html

Information security

We have protected our register of personal data from unauthorised access with a variety of technical and organisational means and arrangements. The personal data is saved on servers and systems protected with a firewall and passwords. The servers are protected from third parties. Personal data is processed only by people committed to non-disclosure who have a justified reason for processing the data based on their job. We nevertheless wish to emphasise that no service provided through the internet is perfectly secure.

Updating of the Privacy Policy

We may update this Privacy Policy if changes occur in our operations or data protection policy. Updates may also take place if there are changes in legislation. The changes will take effect once we have published the updated privacy policy.

Therefore, we ask you to regularly examine the contents of this Privacy Policy.