Privacy Notice for software
LAST UPDATED: SEPTEMBER 12, 2018
Privacy Notice for Analyse2 Oyj’s Customer and Stakeholder Register
1. CONTROLLER
Analyse2 Oyj
Hatsinanpuisto 8
02600 ESPOO
010 4233040
(hereafter ”we” or ”Analyse²”)
2. CONTACT PERSON FOR THE REGISTER
Jarmo Perälä
Hatsinanpuisto 8
02600 ESPOO
jarmo.perala @ analyse2.com
3. NAME OF REGISTER
CUSTOMER AND STAKEHOLDER REGISTER
4. WHAT IS THE LEGAL BASIS, METHODS AND PURPOSE FOR PROCESSING PERSONAL DATA?
The basis of processing personal data is our legitimate interest (such as customer relationship management, invoicing, digital direct marketing), consent of a customer or performance of a contract or a legal obligation.
The purposes of processing personal data is:
- the delivery and development of our products and services,
- fulfilling our contractual and other promises and obligations,
- taking care of the customer relationship,
- analyzing and profiling behaviour of a customer or other data subject,
- digital marketing.
We use automated decision-making (including profiling) to identify the data subject’s geographical location and performance at our website. We use this information for the following purposes:
- analysing and profiling by automated processing methods the behaviour of the data subject,
- analysing and auditing the use of our website,
- providing features available at the website,
- market research purposes, and
- operating and improving our products and services.
The software in use on the website www.analyse2.com (“Site”) may automatically collect the following information that in certain circumstances may constitute personal data:
- The logging technology used on the Site automatically collects the URL of the site from which you came and the site to which you are going when you leave the Site. We also collect the Internet protocol (IP) address of the device you use to access the Service, information about the operating system of your device, as well as the name of your Internet service provider.
- We may place a “cookie” on the hard drive of the device that you use to access the Site. Cookies are text files that are saved on the hard drive of your device by means of your browser, enabling us to recognize your browser for purposes such as saving your preferences and directing relevant content to you. Most of the currently available browsers give you the option of managing cookies by, for example, disabling them entirely, accepting them individually, and deleting saved cookies from your hard drive. We would like to remind you that if you completely disable cookies on your browser, you might not be able to use some features of the Site.
- Google Analytics is an element of the Site. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the website, the Internet Protocol address, and the type of operating system used in the devices used to access the Site.
- You can opt out of Google Analytics by using browser plugin
https://www.google.com/ads/preferences/plugin/ provided by Google.
5. WHAT DATA DO WE PROCESS?
We process the following personal data of the data subjects in connection with the customer and stakeholder register:
- Basic information on the data subject such as firstname* and lastname*;
- Information necessary for offering our services such as username* and identification number*;
- Contact information on the data subject subject such as email*, mobile phone, company address, city and the home country;
- Information on company and company’s contact persons such as Business ID*, fistname*, lastname*, relevant contact details* and the job title;
- Information necessary for billing purposes;
- Information related to the analytics services at our website such as the geograpchical location or performance of the data subject (as described in detail in chapter 4);
- Information on the customership and the contract such as past and current contracts and orders and other relevant information of the customership;
- Information related to the service(s) provided by Analyse² such as supervising and performance monitoring information;
- Information related to the direct marketing consents and prohibitions provided by the data subject
- Other possible information collected based on the data subject’s consent such as necessary data collected in relation to events organized by Analyse².
Committing personal data marked with an asterisk (*) is a requirement for our contractual and/or customer relationship. Without necessary information we are not able to provide our service.
6. FROM WHERE DO WE RECEIVE DATA?
We collect information primarily from the data subject, business contact persons or from publicly available sources.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
7. TO WHOM DO WE TRANSFER DATA TO AND DO WE TRANSFER DATA OUTSIDE OF EU OR EEA?
We process information ourselves and use subcontractors who process personal data on behalf of and for us.
We disclose personal data to:
- public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties;
- our subsidiaries and affiliates; or
- a subsequent owner, co-owner or operator and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets or other corporate reorganization.
We or our subcontractors transfer personal data outside of EU/EEA. We have taken care of suitable safeguards, such as EU-U.S. Privacy Shield, for the transfer.
8. HOW DO WE PROTECT AND HOW LONG DO WE STORE THE DATA?
We have implemented relevant technical and organizational measures for data security. The data flow between Analyse² and the customer is strongly encrypted in the services offered by us.
The personal data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons. Only those of our employees who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system.
We store the data as long as it is necessary for the purpose of processing taking into account the legal basis and other relevant circumstances (such as using the rights of a data subject).
We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
9. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
As a data subject you have an access right to personal data stored in the register conserning you and a right to require rectification or erasure of the data. You also have a right to withdraw or amend your consent.
As a data subject, you have a right, according to EU General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
Based on your particular situation you have a right to object profiling and other processing of personal data concerning you when processing is based on our legitimate interest. In connection to your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request only by a legitimate basis.
As a data subject you have the right to object processing at any time free of charge, including profiling in so far as it relates to direct marketing.
10. WHO CAN YOU BE IN CONTACT WITH?
All contacts and requests concerning this privacy notice shall be submitted in writing or in person to the person mentioned in section two (2).
11. CHANGES IN THE PRIVACY NOTICE
Should we make amendments to this privacy notice, we will place the amended statement on our website with an indication of the amendment date. If the amendments are significant we may also inform you about this by other means, for example, by sending an email or placing a bulletin on our homepage. We recommend that you review this Privacy Notice from time to time to ensure you are aware of any amendments made.