Privacy Notice for Roidu Customer and Marketing Register
Latest update on 10.10.2022
Hatanpään valtatie 2 a
+358 20 771 0870
(hereafter ”we” or ”Roidu”)
2. Contact person for register matters
Pasi Norolampi, Roidu Oy
Address: Hatanpään valtatie 2 a, 33100 Tampere, Finland
Phone number: +358 20 771 0870
3. Name of register
CUSTOMER AND MARKETING REGISTER
4. What is the legal basis for and purpose of the processing of personal data?
The basis of processing personal data is the performance of a contract and Roidu’s legitimate interest (e.g. customer relationship management, invoicing, direct marketing).
The purposes of processing the personal data are:
the delivery and development of our products and services,
fulfilling our contractual and other rights, promises and obligations,
taking care of the customer relationship and communications with the customers, organizing marketing events,
analyzing and profiling behaviour of a customer or other data subject such as a potential customer,
electronic and direct marketing,
targeting advertising in our and others’ online services.
We use automated decision-making (inc. profiling) to identify the data subjects’ online behavior and purchase habits and create profiles based on the information. We use this information to target marketing and develop our services.
5. What data do we process?
We process the following personal data of our customers, their employees or other data subjects (like individuals participating in our trainings and events) in connection with the customer and marketing register:
Information of company and company’s contact persons such as name and Business ID of the company and names, contact details, country of residence, language of use, username and/or other identifying identifier, password, role/title and professional interests of the contact persons;
Information related to the account and licenses of the data subject such as Roidu account identities, software license information, access rights data;
Information related to event participation and trainings such as the name, date and location of the event, dietary or allergy information (only collected with the consent of the data subject);
Information supplied by the data subject him-/herself in Roidu’s services such as web form submissions, online discussion forum posts and profile information, feedback;
Information related to the behavior of the data subject in the services and website, which is used for profiling purposes such us the sites and services visited, the duration of visits/use, actions taken on the sites and in services;
Technical information about the data subject’s end devices such as IP address, MAC address and operating system;
Other possible information supplied by the data subject him-/herself.
6. From where do we receive data?
We receive personal data concerning customers primarily from the following sources: from the data subject him-/herself, the customer company the data subject works for and our resellers.
We receive personal data concerning potential customers primarily from the following sources: from the data subject him-/herself, our resellers and group companies, search engines, newspapers and other news sources, professional social media networks, contact information providers and company websites.
other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
7. To whom do we disclose data and do we transfer data outside of EU or EEA?
We process information ourselves and use subcontractors that process personal data on behalf of and for us e.g. providing support and maintenance to our customers, maintaining and hosting our cloud services, marketing services and IT environment as well as providing the hardware and network connections for our products and services.
We disclose personal data to our resellers. Data may be disclosed to authorities under compelling provisions.
8. Transfers of personal data outside the EU or EEA
Some of our trusted partners or service providers working for us are established or may have access to personal data outside the European Union or the European Economic Area (together “EEA”), so their processing of your personal data will involve a transfer of data outside the EEA. In these cases, we will take necessary steps to provide appropriate safeguards for international data transfers and to the extent necessary implement supplementary measures for protection of personal data as required by applicable laws.
This means that
personal data is transferred only to countries that have been deemed to provide an adequate level of protection of personal data by the European Commission (“countries with adequate protection”). For further details, see Adequacy decisions | European Commission (europa.eu)
with a service provider that is based outside countries with adequate protection, we will use specific contract clauses approved by the European Commission and implement necessary technical, organisational, or contractual supplementary measures to ensure that personal data
has the same protection as in EEA. For further details, see Standard Contractual Clauses (SCC) | European Commission (europa.eu)
9. How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their working duties are required to process customer data, have access to the systems containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are stored in locked premises and can be accessed only by certain pre designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing. Personal data about customers is processed and retained during the customer relationship and as long as we deliver services, and after the relationship or service provision has ended for three (3) years. Personal data about potential customers is deleted or updated when it is discovered to be outdated or the data subject is deemed unresponsive to the marketing.
We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
10. What are your rights as a data subject?
As a data subject you have a right to inspect the personal data conserning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent, in cases where the processing of the data is based on your consent.
As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object to the processing or request restricting the processing of your personal data. Additionally, you have a right to request your data to be delivered to you in a standard format, in case where the processing of data is based on your consent or a contract between us.
You also have a right to lodge a complaint with a data protection authority in your jurisdiction or with the power to investigate processing concerning your personal data.
For specific personal reasons, you also have a right to object to profiling and other processing concerning you, when processing of the personal data is based on our legitimate interest. In connection to your claim, you should identify the specific grounds on which you object to the processing. We can refuse to act on such a request on the basis of the privacy legislation.
As a data subject you have the right to object to profiling in so far as it relates to direct marketing.
11. Who can you be in contact with?
Should we make amendments to this privacy notice, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this privacy notice from time to time to ensure you are aware of any amendments made.