Corporate Spirit Ltd (hereinafter referred to as “CS”)
Business ID: 1990870-5
Spektri Business Park, TRIO, Metsänneidonkuja 8, FI-02130 Espoo
Logomo Konttori, Köydenpunojankatu 14, FI-20100 Turku
2 Contact details of the person responsible for data protection
People & Business Development Director, Quality Manager
Corporate Spirit Ltd
In matters pertaining to the register, please contact: firstname.lastname@example.org.
3 Privacy statement description
This privacy statement in accordance with articles 13 and 14 of the General Data Protection Regulation (679/2016/EU) describes how the controller processes personal data pertaining to the management of a commercial customership, potential customership or some other business relationship, service marketing and customer communications as well as personal data related to the implementation of customer feedback, opinion polls or marketing surveys.
The group of data subjects comprises the personal data of the consumers of commercial services provided by the controller or its Group companies or the representatives of companies or organisations belonging to the target group of the services.
4 Personal data to be processed
The following categories of personal data are collected and processed regarding the data subjects:
- The data subject’s identification and contact information, such as name or job contact information (postal address, e-mail address, phone number), the data subject’s profession/job title, term of employment
- Information related to a customership or other business connection, such as customer number, data creation or update dates, customership management or communications information (order information, feedback, recordings of contact with the customer), customer segmentation categorisations, the data subject’s work history based on public sources
- Marketing and sales promotion details, such as direct marketing consent or refusal, marketing measures
- Information pertaining to the organisation represented by the data subject, such as the organisation’s contact information, standard industrial classification, organisational size or revenue information
- Information regarding participation in events organised by the controller
- Information related to the management of electronic services, such as newsletter subscriptions, technical information sent by the data subject’s browser to the controller’s server (for example, browser, browser versions, IP address and the page from which the data subject entered the controller’s site) or cookies, when they include personal data as well as the usage data of the service features
- Personal user IDs or access right specifications for the survey platform’s demo version
- Responses related to customer feedback, opinion polls or marketing surveys
5 Regular sources of personal data
Personal data is collected from the data subject, from the controller’s different services used by the data subject and in connection with different marketing activities.
Personal data may also be collected and updated from the controller’s Group companies’ registers, the controller’s partners’ registers as well as companies and authorities who provide services related to personal data. Furthermore, data pertaining to the representatives of corporations may also be collected from the Trade Register, the online services of businesses as well as other available public sources.
6 Purpose and legal basis of the processing of personal data
Personal data is processed to manage a commercial customership or potential customership or some other business relationship, for service marketing and customer communications as well as customer feedback, opinion polls and marketing surveys.
Within the parameters of the applicable legislation, personal data may be processed for the marketing purposes of the controller’s Group companies or partners carefully selected by the controller (for example, for direct marketing, opinion polls or marketing surveys). Data is only disclosed to partners for purposes that support the customer and marketing register’s business concept and which are compatible with the register’s purpose of processing.
The legal basis of personal data processing is a justified benefit created by the management of a commercial customership, the entry into force of related contractual relationships and, for example, the improvement of customer service or the development of new services.
7 Disclosure or transfer of personal data
In principle, personal data may only be disclosed for purposes that support the customer and marketing register’s business concept and a purpose of use of that is compatible with the register’s purpose of use.
At the controller’s discretion and within the parameters of and obligations set by the established legislation, personal data may be disclosed, for instance, to the controller’s Group companies or partners, unless the data subject has expressly forbidden it. Personal data is only disclosed to a partner that is committed to operating in accordance with the GDPR.
Based on the established legislation, data may also be disclosed pursuant to the requirements set by competent authorities or other parties or for historical or scientific research as long as the personal data has been converted into a non-identifiable format.
If the controller sells or otherwise restructures its business operations, data may be disclosed to the buyer in connection with the M&A transaction.
In addition, personal data may be transferred to the controller’s partners who process personal data on behalf of the controller and in accordance with the controller’s instructions. In this case, the controller’s partner shall not have the right to process the personal data for its own purposes.
In the main, data is not transferred outside the EU’s member states or the EEA unless necessary for the purpose of processing personal data or the technical implementation of data processing. In this case, the transfer of data shall be in conformity with the requirements set by the data protection legislation.
8 Protection of personal data
The controller uses appropriate technical and administrative data security measures to ensure the security of personal data. Personal data is stored in both electronic databases and manually maintained materials.
Electronically processed databases are protected by firewalls, passwords and other technical measures widely used in the data security sector. Manually maintained and processed materials are located on premises with no unauthorised access.
9 Retention period of personal data
Data subjects’ personal data is only stored for as long as necessary for the implementation of the purposes specified in this privacy statement.
10 Rights of the data subject
As a data subject, the data subject shall have the following rights based on the data protection legislation:
- The data subject shall have the right to request from the controller access to and rectification of the data subject’s personal data. A rectification request should be specified such that an error in the personal data can be easily detected and remedied.
- The data subject shall have the right to request the deletion of their personal data within the limits of and in accordance with the applicable data protection legislation.
- The data subject shall have the right to request the restriction of or object to the processing of their personal data within the limits of and in accordance with the applicable data protection legislation.
- The data subject shall have the right to transfer their data from one system to another, that is, to obtain their personal data in a structured, commonly used format and transfer it to another controller within the limits of and in accordance with the applicable data protection legislation.
- The data subject shall have the right to file a complaint with the national data protection authority (in Finland, the Data Protection Ombudsman) or another data protection authority within the EU or the EEA, if the data subject deems that their legal rights pertaining to the processing of their personal data have been violated.
Data subjects may direct the above-mentioned requests regarding the implementation of their rights to the e-mail address referred to in section 2.
11 Changes to the privacy statement
The controller is continuously developing its operations. For this reason, the controller reserves the right to make changes to this privacy statement by posting relevant notifications via the controller’s channels of communications and website. The changes may also be based on legislative changes. The controller recommends that you read the contents of the privacy statement on a regular basis and revisit them from time to time.
The links below provide further information on the type of data we collect, the purpose for which we use the collected data as well as the way we process and store the data.