Published on 25.5.2018
1. General information
This Privacy Notice describes what personal data Digital Media Finland Oy (business ID: 2324881-8) (“Company”) collects, how the Company processes personal data, for what purposes the data is used and to whom the data can be disclosed. The Privacy Notice also informs about the obligations the Company follows when processing personal data.
We are dedicated to processing personal data in compliance with the European Union’s General Data Protection Regulation (2016/679) and other applicable privacy laws (together as “data protection legislation”). Taking care of data protection is part of our entire business.
This Privacy Notice is applicable to all services offered by the Company, and to Company’s websites and social media services. In addition to customers’ personal data, the Privacy Notice also applies to processing of personal data of potential customers. The Privacy Notice also applies to the processing of personal data of representatives of our customers, service providers and other business partners.
“Personal data” refers to any information about natural person (“data subject”), which allows a person to be directly or indirectly identified as an individual person, as defined in the General Data Protection Regulation. Information about the data subject that may not be identified, directly or indirectly, is not personal data.
2. Controller and contact information
Controller: Digital Media Finland Oy
Mannerheimintie 20 B, 6th floor, 00100 Helsinki
Contact person: Virpi Martikainen
Contact details: email@example.com
3. Purpose and legal basis for the processing of personal data
The personal data is processed for example for the following purposes:
- Ordering the Company’s services and maintaining, developing and ensuring the quality of Company’s services and for communication
- Creating services and managing orders and invoicing
- Business planning and development and customer satisfaction measurement
- Personalized customer service related to services, targeted customer communication and tracking of service usage
- Marketing and targeting marketing for customers and potential customers
- Carrying out statutory obligations, such as obligations under accounting legislation
- Ensuring the safety of the services
- Risk management and prevention of irregularities
The legal basis for the processing of the data subjects’ personal data is the contract between the Company and the data subject or the contract between the Company and the customer the data subject represents. The process of personal data is also based on statutory obligations such as accounting obligations and statutory reporting obligations, for example, to tax authorities. The processing concerning customer relationship and direct marketing is based also on the legitimate interest of the Company.
Electronic direct marketing is based on the data subject’s consent. The data subject has the right to withdraw his/her consent at any time (see later, Rights of the Data Subjects).
4. Processed categories of personal data, data content and sources of data
The Company only collects the data subjects’ personal data which is relevant and necessary for the purposes outlined in this Privacy Notice.
The following information is being processed from the data subjects:
- Contact information, e.g. data subject’s name, address, phone number, email and information on communication language.
- Information concerning the customer relationship, e.g. billing and payment information, and other information identifying the customer relationship.
- Customer transactions information and contract information, e.g. the data about the contract between the Company and the data subject or between the Company and the entity the data subjectrepresents, communication between the data subject and the Company, complaints and other transactions data, and other data relating to business relationships.
The personal data is necessary to perform the contractual and legal obligations and to provide Company’s services.
Sources of data:
Primarily, personal data is collected from the data subjects for example during the customer relationship and in the events organized by the Company. The data subject may have also given the data for the Company for example by ordering the electronic newsletter, using the social media services or on the Company’s website.
The Company may use external service providers for marketing who process data subject’s contact details for marketing purposes.
The personal data may also be collected from the entity on whose behalf the data subject is acting. In addition, the data may be collected and upgraded within the limits of the law from the registers maintained by third parties.
5. Retention of the personal data
The Company will retain the personal data for as long as is necessary to fulfil the purposes outlined in the Privacy Notice unless a longer retention period is required by law (for example regarding obligations and responsibilities related to special legislation, accountancy or reporting) or unless the Company needs the information for drafting or presenting a claim or for a legal defence or for resolving a dispute of a similar nature.
The retention time and the retention criteria for personal data varies from the category of the personal data which is depending on the purpose of the use of the particular personal data category.
The personal data will be processed for the duration of the customer and contractual relationship and for a necessary time after the end of the customer and contractual relationship. Regarding the entities, the retention of the data subject’s personal data is linked to the length of time the data subject is acting as a representative of the entity. The personal data will be deleted within a reasonable time after the concerned role ends.
The personal data necessary for marketing purposes will be maintained for as long as the data subject has not withdrawn his/her consent to electronic direct marketing or the data subject has not objected the use of personal data for the marketing purposes.
When the personal data is no longer needed as defined above, data is deleted within a reasonable time.
6. Processors of the personal data and other recipients
The Company may, in accordance with this Privacy Notice, outsource the process of personal data to the service providers and subcontractors.The processing of personal data includes, for example, IT systems and financial management service providers as well as providers of debt collection and law services, supply service providers and service providers producing other services. In addition, the consults of the Digital Media Finland Oy may process the personal data when accomplishing the consulting assignment. The Company ensures with adequate contractual obligations that personal data is processed properly.
The data may be disclosed under special circumstances to the authorities such as tax authorities, insurance companies and Company’s contracting partners to fulfil statutory and contractual obligations..
The Company may also have to disclose personal data of data subjects’ in case of emergencies or in other unexpected situations to protect human life, health and property. Additionally, the Company may have to disclose the personal data of the data subjects if the Company is part of legal proceedings or other dispute resolution proceedings.
If the Company is involved in a merger, business acquisition or other transaction, it may be required to disclose the personal data of the registered to third parties.
7. Transfer of personal data outside EU/EEA
Personal data will not be transferred outside the European Union or the European Economic Area.
8. Principles of protection of personal data and safety of process
The Company processes personal data in a manner that seeks to ensure in every situation the proper security and privacy of personal data, including the protection against unauthorized processing and accidental loss, destruction or damage.
The Company uses appropriate technical and organizational safeguards to protect this, including the use of firewalls, encryption techniques and safe device facilities, proper access control and guidance for personnel and subcontractors involved in processing personal data. All persons processing the personal data are obliged to keep personal data confidential.
The Company may, according to this Privacy Notice, outsource the process of personal data to the service providers when the Company ensures with sufficient contractual obligations that personal data is processed properly and lawfully.
9. Rights of data subjects
The data subjects have the rights set out in the data protection legislation.
Right to access and verify data
The data subject has the right to obtain a confirmation if personal data is processed.
The data subject has the right to verify and access personal data about himself or herself and to request to receive the data in writing or electronically.
Right to correct and erase data
The data subject has the right to demand to correct any incorrect or incomplete personal data. The data subject has also the right to request to remove his/her data under the current data protection legislation.
The controller also removes, corrects and completes incorrect, unnecessary, incomplete or outdated data on its own initiative when controller notices such data.
Right to data portabilityand to restrict and object processing
The data subject has the right to request to transmit his/her data to another controller under the current data protection legislation.
The data subject has the right to request to restrict processing of personal data in accordance with the conditions set out in the data protection legislation. Additionally, in case where the personal data is suspected to be incorrect and cannot be corrected or removed or there is confusion about the removal request, the Company will restrict access to the data.
The registered has the right to object processing personal data for certain purposes, such as marketing.
Right to withdraw consent
If the processing of personal data is based on data subject’s consent, the data subject has the right to withdraw consent at any time. Additionally, the data subject has the right to withdraw consent given for electronic direct marketing. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Execution the rights of the data subjects
The requests about rights of the data subjects shall be made in writing or in electronic form and shall be addressed to the controller (contact information in the section 2 in Privacy Notice).
The identity shall be confirmed prior providing the data. We can inquire additional information to fulfil the above-mentioned requests. The request shall be answered within a reasonable time, and if possible, within one month from presenting the request and confirming the identity.
If the data subject’s request is denied, the data subject shall be informed about the refusal in writing. The Company may refuse the request (such as deleting the data) because of the statutory obligation or the statutory right of the Company.
The data subject can leave the email list at any time by clicking on the “Cancel newsletter subscription” / “unsubscribe” link in the email.
10. Right to lodge a complaint to the supervising authority
The data subject shall have the right to lodge a complaint to the local data protection supervisory authority if the data subject considers that his/her personal data has been processed against the current applicable data protection legislation.
11. Changes to the Privacy Notice
Digital Media Finland Oy develops its services continuously and due to that might be forced to change and update this Privacy Notice. The changes might also be based on the amendments of the legislation. We recommend reviewing the content of the Privacy Notice regularly. If the changes contain new purposes for personal data processing, we will notify in advance and will ask for consent if necessary.