LAST UPDATED: SEPTEMBER 12, 2018
Privacy Notice for Analyse2 Oyj’s Customer and Stakeholder Register
(hereafter ”we” or ”Analyse²”)
2. CONTACT PERSON FOR THE REGISTER
jarmo.perala @ analyse2.com
3. NAME OF REGISTER
CUSTOMER AND STAKEHOLDER REGISTER
4. WHAT IS THE LEGAL BASIS, METHODS AND PURPOSE FOR PROCESSING PERSONAL DATA?
The basis of processing personal data is our legitimate interest (such as customer relationship management, invoicing, digital direct marketing), consent of a customer or performance of a contract or a legal obligation.
The purposes of processing personal data is:
We use automated decision-making (including profiling) to identify the data subject’s geographical location and performance at our website. We use this information for the following purposes:
The software in use on the website www.analyse2.com (“Site”) may automatically collect the following information that in certain circumstances may constitute personal data:
5. WHAT DATA DO WE PROCESS?
We process the following personal data of the data subjects in connection with the customer and stakeholder register:
Committing personal data marked with an asterisk (*) is a requirement for our contractual and/or customer relationship. Without necessary information we are not able to provide our service.
6. FROM WHERE DO WE RECEIVE DATA?
We collect information primarily from the data subject, business contact persons or from publicly available sources.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
7. TO WHOM DO WE TRANSFER DATA TO AND DO WE TRANSFER DATA OUTSIDE OF EU OR EEA?
We process information ourselves and use subcontractors who process personal data on behalf of and for us.
We disclose personal data to:
We or our subcontractors transfer personal data outside of EU/EEA. We have taken care of suitable safeguards, such as EU-U.S. Privacy Shield, for the transfer.
8. HOW DO WE PROTECT AND HOW LONG DO WE STORE THE DATA?
We have implemented relevant technical and organizational measures for data security. The data flow between Analyse² and the customer is strongly encrypted in the services offered by us.
The personal data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons. Only those of our employees who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system.
We store the data as long as it is necessary for the purpose of processing taking into account the legal basis and other relevant circumstances (such as using the rights of a data subject).
We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
9. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
As a data subject you have an access right to personal data stored in the register conserning you and a right to require rectification or erasure of the data. You also have a right to withdraw or amend your consent.
As a data subject, you have a right, according to EU General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
Based on your particular situation you have a right to object profiling and other processing of personal data concerning you when processing is based on our legitimate interest. In connection to your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request only by a legitimate basis.
As a data subject you have the right to object processing at any time free of charge, including profiling in so far as it relates to direct marketing.
10. WHO CAN YOU BE IN CONTACT WITH?
All contacts and requests concerning this privacy notice shall be submitted in writing or in person to the person mentioned in section two (2).
11. CHANGES IN THE PRIVACY NOTICE
Should we make amendments to this privacy notice, we will place the amended statement on our website with an indication of the amendment date. If the amendments are significant we may also inform you about this by other means, for example, by sending an email or placing a bulletin on our homepage. We recommend that you review this Privacy Notice from time to time to ensure you are aware of any amendments made.