DATA PROTECTION NOTICE FOR CLIENT AND MARKETING REGISTER
The purpose of this notice is to provide privacy information required by the EU General Data Protection Regulation (“GDPR”) to both the data subject and to the supervisory authority.
1. DATA CONTROLLER AND CONTACT DETAILS
August Associates Oy
Tel: +358 9 681 2560
Contact person: Andreas Lindholm
2. NAME OF THE REGISTER
The name of the register is August Associates’ client and marketing register.
The register covers August Associates’ clients, prospective clients, and other parties who receive marketing communication.
3. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
The purpose of use (and legal basis) is:
- Providing and developing consulting services (legal basis: legitimate interest of the data controller, fulfilment of a contract)
- Maintaining a client relationship, including providing information about current topics and events (legal basis: legitimate interest of the data controller, fulfilment of a contract)
- Client acquisition and direct marketing of services and employment opportunities (legal basis: legitimate interest of the data controller)
4. CATEGORIES OF PERSONAL DATA
The following categories of personal data are processed:
- Basic information: name and contact details, title, employment/occupation
- Client information: information regarding the contractual relation between the party and August Associates and the information regarding the communication between the parties
- Marketing event information: information needed to organize marketing events, such as special diet, allergies and other restrictions
- Interests: The interests and hobbies of the client / party who receive marketing communication
- Data from websites and electronic notices: monitoring the online behavior of a person in the website of August Associates and monitoring the use of services e.g. by means of cookies. The information collected may include, for example, the browsed page and visited pages of the user, network provider, IP address, location of the user, session ID, time and duration of the session, device model, unique device and/or cookie identifier, device operating system, screen resolution, channel (such as an application, a mobile browser or an internet browser) and the version of the web browser. The information collected from email notices include the reading of the notices, amount of openings, the time of the openings, opened links and the user IP address.
5. SOURCES OF PERSONAL DATA AND UPDATING
Personal data is collected from the data subject itself and also when the data subject uses the services of the data controller or attends to events organized by the data controller. Individuals may be added to the register, when the individual belongs to a group of people to which marketing actions will be allocated. Personal data may also be collected and updated based on emails sent by the data subject to the personnel of August Associates. Personal data may also be collected and updated based on information from publicly available sources and third parties, such as:
- Suomen Asiakastieto Oy, Talouselämä and Bisnode Finland Oy
- Other partners, service providers and stakeholders, as well as networks providing contact information for user groups
6. RECIPIENTS AND GROUPS OF RECIPIENTS OF PERSONAL DATA
Personal data may be disclosed to authorities in statutory situations.
7. TRANSFERRING PERSONAL DATA
The data controller uses subcontractors in the processing of personal data. Personal data may be transferred to subcontractors for the purposes of e.g. providing services related to systems and/or tools or updating contact information.
Personal data is primarily process on servers within the EU/EEA. In case personal data is transferred outside the EU/EEA, appropriate measures under the GDPR are taken to ensure that personal information remains protected and secure. International transfers of personal data is done within the scope of EU-US Privacy Shield or by using EU Commission’s standard contractual clauses.
8. DATA RETENTION
The necessity of retaining client’s and prospective client’s personal data for sales and marketing purposes, as well as the data’s correctness, is reviewed annually. Unnecessary and outdated data will be erased in accordance with the reviewing of the data’s correctness, and also at other times when deemed necessary.
9. RIGHTS OF THE DATA SUBJECT
The data subject has the right to receive confirmation from the data controller as to whether or not personal data concerning the data subject are being processed, or whether personal data has been processed.
The data subject is entitled to receive a copy of the processed personal data and the personal data undergoing processing. The data subject has also the right to obtain from the controller the rectification or erasure of personal data concerning him or her and the data subject has the right to prohibit the processing of personal data for direct marketing purposes.
In certain cases, the data subject has also the right to request from the controller restriction of processing of personal data or otherwise object to processing. Furthermore, the data subject may require the transmission of the personal data, which he or she has provided to the controller in a machine-readable format based on the GDPR.
All requests mentioned here shall be provided in writing and signed to the above-mentioned representative of the controller.
Whether the data subject finds the processing of his or her personal data unlawful, he or she has the right to lodge a complaint with a supervisory authority.
10. RIGHT TO WITHDRAW CONSENT
Where processing of personal data of the data subject is based on consent, the data subject shall have the right to withdraw his or her consent. However, the withdrawal of consent may affect the usability and functionality of the service in question.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
11. THE PROTECTION OF THE REGISTER
The location and protection of the equipment for storing documents has been carefully maintained and the documents are stored in a secured space. The access control at the premises has been appropriately arranged.
The right to access to the documentation is within the personnel of August Associates, who have the obligation of confidentiality.