© All rights reserved. Powered by Taiga Concept
Controller: Taiga Concept Oy (hereinafter “Controller” or “we”)
| Contact person: Varpu Jokinen varpu.jokinen@taigaconcept.fi |
Whose personal data do we process?
The data subjects are contact persons and other representatives of our current and potential business clients and other stakeholders as well as other persons visiting our website.
How do we process your personal data?
For what purpose do we | What types of data do we | What is the legal basis for processing? |
Delivering our products and services to our clients; managing our business relationship with our clients and other stakeholders (such as communication with our stakeholders, invoicing, contract management, maintaining documentation on customers etc. as well as any other activities we may deem necessary in order to maintain our business relationship, sourcing and purchasing)
| Your basic information and contact details such as name, name of the company represented, position at the company, email address, phone number, customer number, username and/or other identifier and password; information regarding the actual or potential customer relationship such as past and current contracts and orders, user profile formed on the basis of customer relationship, our correspondence with you as well as other contacts, consents and prohibitions related to direct marketing, information related to events organized by us; information collected when using our services or our website such as information about your account, information about your device and browser, necessary cookies and data related to using them; information collected from other sources such as information collected from your company’s website and/or social media profiles as well as public register information. | Our legitimate interests, art. 6(1)(f) GDPR We have a legimate interest to manage and operate our business and to communicate with our client’s contact persons regarding our products, services and agreements. The legal basis for processing affects what kind of rights you have as a data subject, as certain rights are only applicable to processing based on certain legal bases. For additional information, see section 9 below. |
Developing our products and services, reporting (such as collecting statistics on and analysing the use of our products and services) | Information collected when using our services or our website (see details in list above), information provided by you in your feedback. | We have a legimate interest to analyze, improve and develop our producs and services. |
Marketing and promotion of our products and services as well as personalization and development of our marketing activities | Basic information, contact details, information regarding the actual or potential business and customer relationship, information collected from other sources (see details in lists above). | We have a legitimate interest to market and promote our products and services. |
Preventing, detecting and investigating fraud and other unlawful activities
| Basic information, contact details, information regarding the actual or potential business and customer relationship, information collected when using our services or our website (especially in cases of unusual activity on our website), information collected from other sources (see details in lists above). | We have a legitimate interest to detext and prevent unlawful activities. |
Processing and storage of personal data for accounting purposes and to comply with other legal obligations | Any personal data contained in our accounting material (e.g. your name, transaction details) | Legal obligation, art. 6(1)(c) GDPR |
Direct marketing | Your name, e-mail address and information about the types of communications you have chosen to receive. | Your consent, art. 6(1)(a) GDPR |
Improving your experience when using our website, personalization of our website, statistics and analytics, marketing optimization, provision of embedded third-party services | Cookies and data related to using them within the scope you have consented to in the cookie settings For additional information about our use of cookies, please see our cookie policy. |
|
Organizing events for our stakeholders | Information about your dietary restrictions when you attend events organized by us. | When processing information about your dietary restrictions, we rely on your explicit consent. (art. 9(2)(a) |
Where do we receive your data from?
We receive information primarily from you, the data subject, when you order products or services, subscribe to a newsletter or otherwise contact us. In addition, we collect information about your interactions with us and with our website. We may also receive personal data from our group companies.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and be based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.
Profiling and automated decision-making
You are not profiled and no automated decisions concerning you are made based on your personal data.
To whom do we disclose data, and do we transfer data outside the EU or the EEA?
In order to carry out processing described in this privacy notice, we use subcontractors that process personal data on our behalf. We ensure that our subcontractors ensure the security and integrity of the personal data by using non-disclosure and data processing agreements as well as strict information security requirements.
In order to detect and investigate unlawful activities or to respond to legal proceedings or lawful data requests, we may need to disclose your personal data to authorities (such as courts or law enforcement authorities) or other third parties.
We do not transfer personal data outside the EU/EEA.
How do we protect the data?
We commit to ensure that we and our service providers process personal data in a manner that ensures its security, integrity and confidentiality.
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the systems containing personal data. All users that are entitled to process personal data are required to use personal login details, and no shared credentials are used. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are physically stored at locked premises and can only be accessed by certain pre-designated persons. The persons processing data are bound by professional secrecy.
Our website may contain links to third party websites. If you use these links to leave our website, we do not have any control over such websites and cannot take responsibility over the protection of your personal data while visiting such websites.
How long do we store your personal data?
We store the data of our existing customers and other stakeholders for the duration of our business relationship and for 2 years after the end of the business relationship. Certain information may be stored for longer periods in accordance with statutory requirements or for purposes of legal claims.
Personal data of our potential customers is stored for as long as it remains relevant for our business purposes – however, our general retention period for marketing data is 2 years. Information concerning communication subscriptions and consents is stored as long as the subscription remains active.
We assess the need for data storage regularly considering the applicable legislation. In addition, we take care of reasonable actions to ensure that no incompatible, outdated or inaccurate personal data is stored considering the purpose of the processing. We correct or erase such data without delay.
What are your rights as a data subject?
You always have the right to:
Additionally, subject to certain conditions (left column), you may have the following rights:
When the processing is based on your (explicit) consent in accordance with art. 6(1)(a) and/or 9(2)(a) GDPR | You have the right to withdraw your consent at any time. |
You have withdrawn your consent, or if any other of the conditions listed in art. 17 GDPR are met | You have the right to have your personal data erased. |
You have contested the accuracy of personal data, or if any other of the conditions listed in art. 18 GDPR are met | You have the right to have the processing of your personal data restricted e.g. while your requests related to your personal data are investigated and resolved. |
When the processing is based on your consent (art. 6(1)(a) and/or 9(2)(a) GDPR) or on a contract (art. 6(1)(b) GDPR) and where the processing is carried out by automated means | You have the right to receive your data in a structured machine-readable format and transmit it to another controller (if it is technically feasible and as far as your request concerns information provided to us by yourself) |
When the processing is based on our legitimate interest in accordance with art. 6(1)(f) GDPR or when personal data is processed for direct marketing purposes | You have the right to object to processing of your personal data on grounds relating to your particular situation. You always have the right to object to processing of your personal data for direct marketing purposes. |
Who can you be in contact with?
All contacts and requests concerning the rights mentioned above and this privacy notice should be submitted in writing using the contact details provided in section 1 above.
Please note that when submitting a request concerning your rights, your request should include your name and contact details, and we may ask you to provide additional information in order to verify your identity. This information will not be used for any other purposes and will be deleted after identification.
We will respond to your contacts and requests related to your rights as a data subject within one month.