PRIVACY

PRIVACY POLICY / CLIENT AND LEAD REGISTER

Controller: 
Valtti Kumppanit Oy ( 2720318-2)
Tekniikantie 14
02150 ESPOO
FINLAND

Data Protection Officer:
Jari Taskinen, tel. +358 (0)400 885 455, tietosuoja@valtti.com

Data subjects:
Keeping the register involves processing personal data of representatives of the clients and potential clients of Valtti Kumppanit Oy (“the Company”). 

Purposes and grounds for the processing:
Personal data of the Company’s existing clients are primarily processed in order to manage their accounts. The Company also processes personal data for sales and direct-marketing purposes as well as to disseminate information about the Company’s products and services.

Personal data of the Company’s potential clients are mostly processed for direct-marketing and other sales and marketing-related purposes.

Depending on the circumstances, the processing is based on either the Company’s legitimate interests in the context of marketing in particular or the clients’ contractual relationship with the Company. 

Categories of personal data: 

Keeping the register involves processing the following types of personal data of representatives of the Company’s clients and potential clients:
•    name, gender, date of birth and title
•    contact information (e-mail address, telephone number and address)
•    company name, business ID and address information
•    account information (user ID, records of orders and the use of services and billing information)
•    information provided by the data subjects themselves (e.g. decision-making powers: IT expert / business manager)

Typical sources of information:

The Company collects personal data from the data subjects themselves (e.g. by telephone or e-mail or via the Company’s online channels) and based on login data and user activity. 

The Company may also get personal data from third-party marketing service providers and lists of participants at the Company’s events. In addition, the Company gets updates to personal data from the authorities and various businesses that provide such services.

Typical situations in which personal data may be disclosed and transmitted:
The Company may transmit clients’ and potential clients’ personal data to its sales and marketing partners who may only processes the data for the purpose of providing marketing services to the Company. The Company always ensures that its partners do not process any personal data transmitted to them for any other purpose.

Transmissions to non-EU/EEA countries:

There may be circumstances in which the Company must transmit clients’ and potential clients’ personal data to specific parties established outside of the European Union or the European Economic Area on the basis of personal data processing laws. Our website (www.valtti.com) is built on a US-based platform provided by HubSpot, Inc., and information entered in connection with downloads off the website or into event attendance or contact request forms submitted via the website may be transmitted in accordance with the EU–US Privacy Shield framework (for more information, see https://www.privacyshield.gov/welcome). 

Storage period:
Clients’ personal data are kept for as long as they remain clients of the Company and for up to two years from the date on which the client account is closed. Personal data may also be kept for longer if the applicable laws or the Company’s contractual obligations towards third parties stipulate a longer storage period.

Potential clients’ personal data are kept for as long as the data subject remains in a position related to the product or service that the Company is marketing, unless the data subject has opted out of direct marketing. Even in these cases, however, a note about the opt-out may be stored in the register. Personal data may also be kept for longer if the applicable laws or the Company’s contractual obligations towards third parties stipulate a longer storage period.

Data subjects’ rights:
Data subjects have the right to prohibit the use of their personal data for direct-marketing purposes at any time. Data subjects may consent to direct marketing via specific channels and opt out of direct marketing via others (e.g. opt out of marketing e-mails but consent to receiving marketing letters by post).

Pursuant to the applicable data protection laws, data subjects have the right, at any time, to
•    obtain confirmation as to whether or not their personal data are being processed;
•    access their data and check the accuracy of any personal data of theirs that the Company is processing; 
•    request corrections to inaccurate or incorrect personal data and additions to incomplete data;
•    request that their personal data be erased;
•    object, on grounds relating to their particular situation, to the processing of their personal data in so far as the processing is based on the Company’s legitimate interests; 
•    receive their personal data in a machine-readable format and transmit those data to another controller provided that the personal data in question were submitted to the Company by the data subject himself/herself, the Company is processing the data on the basis of a contract and the processing is carried out by automated means; and 
•    restrict the processing of their personal data. 

All requests for exercising data subjects’ rights must be sent as stipulated under ‘Communication’ below. The Company may ask a data subject to supplement their request in writing and verify their identity before taking action on their request. The Company may also refuse to act on a request for a legitimate reason.

Complaining to supervisory authorities:
Any data subject who feels that the Company has not processed their personal data in accordance with the applicable data protection laws may file a complaint with the competent supervisory authority or, if the data subject resides or works in another EU Member State, to the supervisory authority of that country.

Information security:
The register is protected by personal passwords. The register is also subject to the Company’s general information security policy, which governs all data held in the Company’s information systems. The Client and Lead Register can only be accessed by specific employees.

Cookies:
The Company’s website uses cookies. A cookie is a small piece of data that a user’s web browser stores on their computer or other device when the user visits a website. This allows the browser to notify the website of returning users. All modern websites use cookies in order to provide a more personalised browsing experience.

Cookies are device-specific and can only be read by the server that created the cookie. As cookies are linked to the user’s browser and cannot, as a rule, be shared across browsers or devices (unless a browser, accessory or other application specifically enables sharing), users generally need to manage their cookie preferences separately in each browser. Cookies cannot be used to run software or spread viruses or other malicious code that could harm the user’s device or compromise their files. Individual users cannot be identified purely on the basis of cookies.
For more information about the use of cookies on our website, see https://valtti.com/en/use-cookies.

Communication:
Please send all requests for exercising data subjects’ rights, any questions concerning this Privacy Policy and other enquiries by e-mail to tietosuoja@valtti.com. Data subjects may also approach the Company in person or by letter at the following address:
Valtti Kumppanit Oy
Jari Taskinen
Tekniikantie 14 
02150 ESPOO
FINLAND 

Changes to the Privacy Policy:
This Privacy Policy may be revised from time to time if, for example, the applicable laws change. The policy was last updated on 4 September 2019.