Privacy Policy

Tämä on Sitekick Oy:n tietosuojaseloste, joka koskee Sitekick Oy:n asiakkaita, potentiaalisia asiakkaita ja sidosryhmiä.

Laadittu 03.10.2019. Viimeisin muutos 19.07.2022.

1. Registrar

Company: Sitekick Oy
Business ID: 3019922-5
Address: Kauppakatu 15 F, 33210 Tampere
Email address: info@sitekick.fi

You can reach the contact person responsible for the register by email: tuomas.viikeri@sitekick.fi.

2. For what purposes is personal data processed?

Personal data is processed for the following purposes:

• managing, analysing and developing customer relations and customer service
• developing and delivering services
• customer and stakeholder communication
• marketing

The legal basis for the processing of personal data is the following subparagraphs of Article 6 of the EU General Data Protection Regulation:

• processing is necessary for the performance of an agreement to which you are a party or for the performance, at your request, of pre-contractual measures;
• processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by your interests requiring the protection of personal data or by your fundamental rights and freedoms;
• you have given your consent to the processing of your personal data for one or more specific purposes; and/or
• processing is necessary for compliance with a legal obligation of the registrar.

The registrar processes your data in order to perform a contract with you or with a company you represent.

The registrar has legitimate business interests, such as the right to promote its services through marketing and sales, and the registrar may use your contact information for direct marketing and sales on the basis of legitimate interests. Other legitimate interests for which the registrar may process your personal data include providing advice and other customer services to non-customers, further developing the business and investigating possible misuse.

If the processing is not based on a contractual need or legitimate interest, the registrar may ask for your consent to process your personal data in another way.

The registrar may also process your personal data where required to do so by law, such as under the retention obligation in the Accounting Act.

3. What kind of data do we process?

The personal data collected by the registrar may include, but are not limited to, the following types of information and any changes made to them:

Basic information on all registrants

• first name and last name
• contact details (phone number, email address, address)
• language
• company and its identification details
• site behaviour and analytics
• web address details
• communications to the registrant and other related activities
• direct marketing choices
• information on the use of the registrar’s digital services and content created by the registrant on the services (such as content created on the registrar’s social media accounts)
• information about cookies and similar activities sent to the registrant’s terminal equipment (such as computers and mobile devices) and the data collected by them, insofar as the data can be used to identify the registrant
• any recordings of customer service calls and recorded email and online conversations relating to customer service, for example on social media channels
• usernames and passwords related to the maintenance of the customer relationship and the services subscribed to
• other data relating to the customer relationship and the services subscribed to.

Data of registrants who have purchased, provided feedback and/or made a complaint about the controller’s services.

• the time and manner of the beginning and end of the customer or similar relationship
• customer promotions and offers and their use
• interests and other information provided by the customer
• the content of feedback and complaints, related correspondence and follow-up actions

4. From which sources do we collect your personal data?

The registrar receives much of your personal data from you at the beginning and during your relationship with us and from the software that you use to access our services.

The registrar may also obtain your personal data and their updates from public authorities and organisations that provide services for obtaining and updating personal and credit data, as well as from public directories and other public information sources, such as websites and social media channels. For marketing purposes, the registrar collects personal data from registrants in connection with various activations such as lotteries, competitions, surveys or events (by the registrar or their partners).

The registrar also receives personal data about company representatives from their colleagues, i.e. the company’s main contact person may also disclose personal data about other persons related to the use of the registrar’s services to the registrars.

The information stored in the register is obtained from the customer through, for example, messages sent via web forms, email, telephone, social media services, contracts, customer meetings and other situations where the customer discloses their information.

5. Who can we share your personal data with?

The registrar will not give, sell or otherwise disclose your personal data to outside third parties, unless otherwise stated below.

The registrar may share your personal data with third parties providing services to the registrar. These services may include, for example, customer service, software services, research, marketing and event production. The registrar may share your personal data for the purpose of collecting open payments and may, for example, transfer or sell unpaid invoices to third parties providing collection services.

The protection of your personal data is important to the registrar and we do not allow these parties to use your data for any purpose other than to provide the agreed services. We require these parties to protect the personal data of data subjects in accordance with this Privacy Policy and applicable law.

The controller may share your personal data with partners with whom the registrar manages and implements projects in cooperation.

The registrar may share your personal data with carefully considered third parties, for legitimate reasons, for joint or independent direct marketing purposes. Data may be shared for such purposes only where the intended use by the third party is not incompatible with the purposes of use set out in this Privacy Policy. In principle, a very limited amount of information will be shared, mainly the name and contact details of the individual for the purpose of contacting them.

The registrar may share your personal data in the context of an acquisition or other business reorganisation or when the service is transferred to another service provider. The registrar may share your personal data on the order of a court or similar authority.

6. Do we transfer your personal data outside the EU?

The registrar may use resources and servers located around the world to provide services. The registrar may therefore transfer your personal data outside the country where the services are used and possibly to countries outside the EU with different data protection laws.

In these cases, the registrar will ensure that there is a legal basis for the transfer and that the personal data is protected, for example by using standard contracts and processing agreements approved by the relevant authorities (where applicable), and by requiring compliance with appropriate technical and other data protection measures.

7. How long do we process your personal data?

The registrar will process your personal data for as long as the registrar has any of the grounds for processing described in section 3 of this Privacy Policy in force, and for a reasonable period thereafter.

The registrar may process personal data of customers for the duration of your customer relationship and until the end of the second year following the year of the decision. Thereafter, the registrar may transfer your necessary personal data to a marketing register and process you again as a potential customer.

The registrar may process the personal data of potential customers for the time being until you become a customer or until you request the removal of your data from the registrar’s marketing register.

8. Rights of the registrant

As a registered user, you have various possibilities to influence the processing of your personal data. As a general rule, we will comply with your request within one month. Please contact us at the contact details provided in section 1 of this Privacy Policy to exercise your rights. Your rights include (the extent of these rights depends on the basis on which your personal data are processed, i.e. not all the rights listed below will be available to you in all situations):

1. The right of access to personal data collected about you.
   In practice, this is done by providing you with a report on the personal data we have collected about you in a personal file, based on your valid and identified request.
2. The right to request the rectification or erasure of personal data collected about you.
   If you notice any errors or omissions in your data, you may submit a rectification request to us.
3. The right to request the erasure of personal data collected about you.
   We are obliged to delete the personal data you have requested from our personal records if one of the following criteria is met and there is no obligation to retain the data under any other law or regulation:
   the personal data are no longer necessary for the purposes for which they were processed;
   you withdraw your consent and there is no other lawful basis for the processing;
   you object to processing in relation to your particular personal situation and there is no legitimate ground for the processing or you object to the processing of your personal data for direct marketing purposes;
   your personal data have been processed unlawfully;
   your personal data must be erased in order to comply with a legal obligation under European Union law or Finnish law to which the controller is subject; or
   your personal data have been collected in connection with the provision of information society services, such as subscriptions to the controller’s digital information services.
4. The right to request restriction of the processing of personal data collected about you.
   You may request the controller to restrict the processing of your personal data if:
   you contest the accuracy of your personal data held by the controller;
   the processing is unlawful and you request restriction of use instead of erasure;
   the controller no longer needs the personal data concerned for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims;
   you have objected to the processing of personal data pending verification of whether the controller’s legitimate grounds override yours.
5. The right to object to the processing of personal data concerning you.
   Where the controller processes your data on the basis of a legitimate interest, you have the right to object to the processing of personal data concerning you on grounds relating to your particular personal situation. Anyone on the registers covered by this Privacy Notice has the right to object to the processing of their personal data for direct marketing purposes.
6. The right to have your data transferred from one system to another.
   If the automated processing of your personal data is based on consent or on a contract, you have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format, and the right to transfer those data to another controller.
7. The right to withdraw consent.
   If all or part of your personal data is processed in this register on the basis of your consent, you have the right to withdraw your consent.
8. The right to lodge a complaint with a supervisory authority.
   If a potential disagreement concerning the processing of your personal data cannot be amicably resolved between you and the controller, you have the right to refer the matter to the supervisory authority.

9. Which country’s legislation applies to the processing of your data?