Privacy Policy of Congrid Oy’s Customer and Marketing Data Filing System

1 General

Congrid Oy (later “Company” or “We”) is committed to ensuring the confidentiality and data protec-tion of personal data at its possession. This privacy policy is applied to personal data that we collect in relation to our customer and marketing data filing system (later “Data Filing System”). The per-sonal data and related processing is described in this privacy policy. Additional information regard-ing the processing of personal data in the Data Filing System may be obtained from the address in Section 13.

We may update this privacy policy from time to time, for example due to changes in applicable legis-lation. We endeavour to carry out reasonable means to inform you of any possible changes and their effects in due time beforehand. Therefore, we advise you to review this privacy policy always after becoming aware of changes regarding the privacy policy.

This privacy policy was last updated on 17.5.2018.

2 Data Controller

Name: Congrid Oy
Address: Mielikintie 11 C
00750 Helsinki
Email: privacy@congrid.com
Business ID: 2566124-3

3 Whose Personal Data Do We Collect?

We process the personal data of the contact persons of our customers and business partners (in-cluding resellers) and the representatives of our potential customers in the Data Filing System.

4 What Categories of Personal Data Do We Process?

We process the following categories of personal data of the contact persons of our customers, our business partners (including resellers) and the representatives of our potential customers:

– your name;
– your contact details: such as email address and telephone number;
– the company you are representing and your position in the company;
– in relation to the contact persons of our customers that have registered to our Congrid ser-vice, information concerning the use of said service: order information, user ID and password, customer status information, information concerning pricing and payment methods, infor-mation sent to our server by your customer software (e.g. IP-address, manufacturer of the device), technical information required for the maintenance of the service (e.g. actions per-formed in the service); and
– other information concerning the exploitation of electronic services and content (e.g. subscrip-tion to a newsletter), technical information sent to our server by your browser (e.g. IP-address, browser, browser version, the webpage from which you came to our webpage) as well as the cookies sent to your browser and information related to them (additional information on cook-ies and similar technologies below in Section 12).

5 Which Sources Do We Use to Collect Personal Data?

We collect personal data primarily from the data subjects themselves (e.g. registration to our Con-grid service, your contact requests through our webpage and business cards delivered to us).
We also collect technical tracking information sent to the service by customer software and devices about the users registered to the Congrid service.

6 Basis for, Purposes and Impacts of Processing Your Personal Data

The basis for processing your personal data is our legitimate interest based on our purposes of use determined below.

If you are already our customer or business partner:
The purpose of the processing of your personal data as an existing customer or business partner is in particular the management and maintenance of our customer relationships. In addition, your per-sonal data are processed for the sales and direct marketing of our products and services. By pro-cessing your personal data we are able to provide better services for you and develop our products and services to better fit the needs of our customers. The processing of your personal data will have no other impact on you.

If you are our potential customer:
The purpose for which the personal data concerning our potential customers are used is carrying out direct marketing and other sales and marketing measures regarding our services and products, i.e standard marketing procedures such as sending marketing messages by email. The processing of the personal data of our potential customers has no other impacts than targeting of marketing messages.

We do not further process your personal data for other purposes than those described in this priva-cy policy.

7 Regular Disclosures and Transfers of Your Personal Data to Third Parties

Your personal data may be transferred to our business partners and subcontractors. Currently our business partners are:

– Accountor Finago Oy;
– Amazon Web Services EMEA SARL;
– Dropbox, Inc.;
– Google LLC;
– HubSpot Ireland Ltd;
– SiteGround Spain S.L.;
– SurveyMonkey Inc.;
– Zendesk Inc.;
– Local business partners and subcontractors used for the provision customer service and cus-tomer relationship management; and
– Business partners and subcontractors used for the development of our services.

Our business partners may process your personal data only for measures carried out on our behalf for the purposes defined in this privacy policy. We always ensure that our partners do not process the personal data transferred to them for any other purposes.

We may also be required to share your personal data with competent authorities in accordance with legislation concerning the processing of personal data.

8 Transfers of Your Personal Data outside the EU or European Economic Area

In some cases, we transfer your personal data outside the European Union or the European eco-nomic area in accordance with data protection legislation to the following operators that are located in the United States and have joined the Privacy Shield framework:

– Dropbox, Inc.;
– Google LLC;
– HubSpot Ireland Ltd;
– SurveyMonkey Inc.; and
– Zendesk Inc.

In all situations, we transfer your personal data outside the EU or the European Economic Area on-ly based on one of the lawful grounds mentioned below:

– the EU Commission has decided that the recipient country in question ensures an adequate level of protection;
– we have established appropriate safeguards for the transfer of personal data by using the standard data protection clauses approved by the Commission. You shall then have the right to obtain a copy of such standard clauses by contacting us in the manner described in the section ‘Contacts’; or
– you have given your explicit consent for the transfer of your personal data or another lawful basis for the transfer of your personal data outside the EU or EEA exists.

9 Principles for the Retention of Your Personal Data

The personal data of our customers and business partners shall be retained for as long as the cus-tomer or business partner relationship exists. After the termination of said relationship, your person-al data shall be retained for a maximum of two years.

The personal data of our customers, business partners and potential customers shall be retained in the Data Filing System for as long as you hold a position to which our marketed product or service is related, provided that you have not prohibited direct marketing. In such case information on the prohibition of direct marketing can be retained in the Data Filing System.

Your personal data may be retained for longer if applicable legislation or our contractual obligations towards third parties require a longer retention period.

10 Rights of a Data Subject in Relation to the Processing of Personal Data

As a data subject you have the right, at any time, to object to the processing of your personal data for direct marketing purposes. You may give us channel-specific prohibitions concerning direct mar-keting (e.g. prohibit marketing messages sent by e-mail but allow marketing messages sent by mail).

In addition, you have the right to, according to applicable data protection legislation, at any time:

– be informed about the processing of your personal data;
– obtain access to data relating to you and review your personal data we process;
– require rectification and completion or erasure of inaccurate and incorrect personal data;
– object to the processing of your personal data on grounds relating to your particular situation in so far as the processing of your personal data is based on our legitimate interest;
– receive your personal data in a machine-readable format and transmit those data to another controller (provided that you have delivered us such data yourself, we process such personal data based on an agreement and the processing of personal data is carried out by automat-ed means); and
– obtain a restriction of processing of your personal data.

You should present your request for exercising any of the aforementioned rights in the manner de-scribed in the ‘Contacts’ Section of this privacy policy. We may ask you to specify your request in writing and to verify your identity before processing the request. We may refuse to fulfil your request on grounds set out in applicable data protection legislation.

You also have the right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the EU member state of your habitual residence or place of work, if you consider that we have not processed your personal data in accordance with applicable data protec-tion legislation.

11 Principles of Data Security

We respect the confidentiality of your personal data. Tangible material containing personal data shall be kept under lock and key in a space to which only separately appointed persons have ac-cess. Personal data processed digitally are protected and stored in our information system which is secured by firewalls and other technical measures. The data shall accessible to persons on a need-to-know basis only. Such persons have personal user credentials and passwords. We take backups of our information system regularly.

12 Information on Cookies and Similar Technologies

We use cookies on our website and on our Congrid service.

A “Cookie” is a commonly used small text file that the internet browser installs on your computer or other terminal when you visit a website. The browser sends information on your visit back to the website when you revisit it. All contemporary websites use cookies in order to offer you a more per-sonal browsing experience.

Each cookie is separately installed on each terminal you use and cookies can be read only by the server that installed the cookie. Because the cookie is bound to the browser, and is not distributa-ble between separate browsers or terminals in general (unless a browser, plugin or other application separately enable this), your choices relating to the management of cookies are applicable only to each separate browser. A cookie cannot control software, and it cannot be used as a medium for viruses or other malware, nor to harm your terminal of files. A single user cannot be identified solely through the use of cookies or similar technologies.

We use web analytics services offered by HubSpot Ireland Ltd and Google LLC (“Analytics Ser-vices”) on our website and service in order to analyse, how users use the website and service. Said Analytics Services function by using cookies. Please note that terms and conditions of the Analytics Services are applied to cookies installed by the Analytics Services. More information on the terms and conditions can be found from https://legal.hubspot.com/privacy-policy and https://policies.google.com/privacy. You can prevent the use of Analytics Services on your termi-nal(s) by contacting us in accordance with Section 13 below. Please note that if you decide to pre-vent the use of Analytics Services, it may affect your use of our website and service and hinder the functioning of their properties and functions.

13 Contacts

All requests concerning the use of the rights mentioned above, questions about this privacy policy and other contacts should be made by e-mail to the address privacy@congrid.com. You may also contact us through the contact function on our website, in person in our offices or in writing:

Congrid Oy
Kaisaniemenkatu 4
00100 Helsinki

If you wish to object to the processing of your personal data for direct marketing purposes, it can be done by clicking on a link found in each direct marketing message.