(Last updated June 26th, 2019)
1. Controller and contact details
Platform of Trust Oy (business ID 2980005-2)
c/o Suomen Tilaajavastuu Oy
Tarvonsalmenkatu 17 B
Data Processing Officer’s contact details:
mail: Platform of Trust Oy
Data Protection Officer
c/o Suomen Tilaajavastuu Oy
Tarvonsalmenkatu 17 B
2. Data subjects
Data subjects are contact persons of Platform of Trust Oy’s (“We” or ”Supplier”) customers and potential customers, users of Supplier’s services, and users of Supplier’s website. Customers are companies, entrepreneurs, or consumers.
3. Basis for and purpose of personal data processing
We will principally collect personal data from you directly when they contact us and use our services. We also collect data on our customers and their contact persons from public sources and registers.
We use web analytics services to collect visitor data on our website in order to analyse and develop our web resources, as well as target relevant marketing and customer communications to visitors.
4. Which personal data is collected and from what sources?
We collect and process in the customer and marketing communication register mainly our customers and potential customer’s representatives and contact persons’ personal data. The register contains the following data on the contact persons for our customers and potential customers:
- name, email address, telephone number, job title
- name and contact details of the company/organisation
- mailing list subscription data
- consents and bans on direct marketing and customer communications
- pages opened and brochures requested by the user on the website
- information on any customer and direct marketing communication sent by email and whether the message has been read
- user profile
- user ID and pass word for the Platform of Trust service
- information on data linkages made or accepted by the user in the service
- information on electronic identification of a user (when identified and how)
- log files on logging into Supplier’s service and on using the service
- messages sent to customer support and processing data on the related customer support ticket
- other information related to the purpose of the register that can be linked to the data subject, such as data collected on the use of the website during the use of the service (e.g. the user’s IP address, time of the visit, pages visited, browser type used, website that directed the user to the website, and the server that the user used to access the website).
We typically receive the following information directly from the contact persons of our customers:
- name of the customer company, first and last name of the contact person, work email address, telephone number
- permissions and/or bans on the contact person in electronic direct marketing and customer communications
- classification data provided by the contact person (e.g. interests)
- information provided on contact forms
- customer feedback data, contact messages, and consents
We will process, for example, the following personal data of the user in connection with the use of services and websites:
- IP address or other ID
- Subscription, invoicing, and delivery data
- Data collected through cookies
- Data collected on the use of our online services
- Data collected on the use of our customer support channels
The following data on the user in particular is received from other sources:
- Data related to the use of social media, such as LinkedIn, Facebook and Twitter, e.g. ‘liking’ our website
5. Regular disclosure and transfer of personal data
We may use subcontractors for personal data processing. We may convey personal data to its partners for direct marketing purposes within the limits of applicable legislation.
6. Transfers outside the EU and EEA
Personal data is not principally conveyed outside the European Union (EU) or the European Economic Area (EEA), unless necessary for the technical implementation of data processing, e.g. when the data subject sends or receives messages by email or other online-based transmission service.
Supplier may use in customer and marketing communications and in customer support ticket management third-party data systems and cloud services, the personal data processing of which can be partly implemented outside the EEA. To the extent that Supplier’s subcontractors implement data processing outside the EEA, Supplier will ensure that the transfer of personal data outside the EEA is completed in accordance with the applicable legislation.
7. Storage period of personal data
Personal data contained in the customer and marketing communication register is stored for as long as Supplier will need it for the above purposes.
8. Rights of data subjects
As a data subject, you have the right to inspect the personal data concerning yourself and demand that any incorrect data be corrected or deleted. However, we can, within the limits of law, restrict your right to access data that contains the personal data of others, is a business secret of ours or our customer, or is related to the safety features of the service.
You have the right to request that your personal data be deleted in situations specified in the General Data Protection Regulation (“GDPR”), if:
- you cancel your previous consent and there is no other legal basis for processing the data concerned besides your consent
- you object to the processing of your personal data, and there is no legal basis for continuing the processing
- processing the data is illegal
- you are under 18 and your personal data was collected in connection with providing information society services.
In situations specified in the GDPR, you have the right to object to the processing of your data or to request that the processing of your data is restricted. If you consider the processing of your personal data to be illegal, you can submit a complaint on the processing to a competent authority.
9. Data security
The right to use the customer and marketing communication register is restricted to appointed persons only, who need the information concerned in their work tasks. Each user has his/her own user name and password. Personal data is principally stored in databases and data systems located within the European Economic Area that have the appropriate technical and organisational measures in place, to protect the personal data against misuse and disclosure.
If you have questions regarding this privacy notice or you wish to exercise your rights, please contact Supplier’s data protection officer by using the above email or postal address.
We may make changes to this privacy statement from time to time without a separate notice. Any changes made are listed in the “last update” section at the beginning of this privacy notice.