This Privacy Policy describes how we collect and use personal data of our customers, potential customers and other business contacts.

The information we collect

We mainly process personal data obtained directly from you. We may collect your personal data whenever you contact us, use our resources or visit our website (the “Site”). In addition, your personal data may be collected and updated from other sources, such as websites of associated companies, private and public registers, and other service providers (e.g. Suomen Asiakastieto Oy).

We mainly process the following types of information:

  • name, title, job description, company, postal address, email address, phone number;
  • customer history (e.g. contacts, assignments, feedback, information related to invoicing);
  • interests and profiling information to personalize our services;
  • information on the use of services, such as browsing and search history, cookies as stated in our Cookie Policy;
  • customer feedback and contacts;
  • direct marketing restrictions; and
  • any other information provided to us by our customers and business contacts or generated in the course of providing services.

Why we collect your data and legal basis for our processing

We process your personal data mainly for the following purposes based on your consent, our legitimate interest (e.g. customer relationship management, business development and marketing), a performance of a contract with you, or a legal obligation:

  • to develop the Site;
  • to provide newsletters and services and other communications which we think will be of interest to you;
  • to fulfill our contractual (and other) obligations;
  • to fulfill our legal responsibilities;
  • to manage and develop our business relationships, products and services;
  • to help us to identify new customers;
  • for direct marketing and statistical purposes, customer profiling and market surveys to personalize or otherwise improve our services and communications for the benefit of our customers.

How we protect your personal data

Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user.

Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.

Disclosures of personal data

We do not disclose or sell data to third-parties, unless disclosure is required by the law, formalities of public authorities, or for some other justified purpose. However, we may share information with our external service providers who are obliged to process the data on our behalf and for the abovementioned purposes, mainly to maintain our IT, customer and marketing systems.

Transfers of personal data outside of the EU/EEA

We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection, as required by the applicable data protection legislation.

How long we store your personal data

Your personal data will be stored for the purposes mentioned above as long as:

  • we have a meaningful business or other contact with you;
  • the data is necessary for the performance of a contract; or
  • as required by applicable laws and regulations.

However, we may retain your personal data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.

We regularly review the need for data storage and delete the data no longer necessary for the abovementioned purposes in a secure manner, taking into account the applicable legislation.

What are your rights and how to exercise them

You have the right, with the restrictions that follow from legislation, to:

  • access the personal data we process about you and request a copy of the data;
  • request that we make corrections to any incorrect or incomplete personal data about you in our records and in some cases, the erasure of your personal data;
  • request that we restrict the processing of your personal data only to storage, e.g. if you contest the correctness of the data or the lawfulness of the processing;
  • object to the processing of your personal data when the processing is based on our legitimate interest;
  • receive, under certain preconditions, your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and the right to transmit the data to another controller; and
  • withdraw your consent, if we are processing your data based on your consent.

To exercise your rights, requests must be made in writing to the email or the postal address indicated above. You may exercise your rights free of charge. However, we reserve the right to charge a reasonable fee in accordance with the applicable data protection legislation.

In addition, you always have the right to refuse the use of your personal data for opinion surveys, direct marketing and profiling in connection to such marketing. A refusal can be made at any time by using the email or postal address indicated above, or by unsubscribing from our mailing list by following the instructions included in our marketing emails.

If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.

Changes to our Privacy Policy

If we make any changes to our Privacy Policy, the updated Privacy Policy can be found on our website with an indication of the amendment date. Please review this Privacy Policy from time to time to stay updated on any changes. If the changes are significant, we may also inform you about this by other means, for example by sending an email.

Last updated in September 2018.