CreditVisor (hereinafter referred to as “the Company” or “We/Us”) is committed to ensuring the confidentiality and data protection of the personal data it holds. This privacy statement applies to the personal data we collect and store in our client and marketing register (hereinafter referred to as “the Register”). This privacy statement describes the personal data we collect and how we process it. For more information on the processing of personal data, please contact our Data Protection Officer Lauri Aittamo ([email protected]).
2. DATA CONTROLLER AND DATA PROTECTION OFFICER
Name: CreditVisor Oy
Address: Konepajankuja 3, 00510 Helsinki
Telephone: +358 09 47655655
Business ID: 3126049-7
CreditVisor’s Data Protection Officer:
Email: [email protected]
3. DATA SUBJECTS
In the Register, we process the personal data of the contact persons of our clients and potential clients (marketing).
4. TYPES OF PERSONAL DATA
In the Register, we process the following personal data:
- your name and your job description;
- your contact details (e-mail address and phone number);
- your personal identity code; and
- you passport photo.
5. SOURCES OF PERSONAL DATA
We collect the personal data primarily from the data subjects themselves (e.g. your contact requests via our website and business cards handed to us). We also collect your personal data from public sources, such as the website of your own organization, phone number providers and social media (LinkedIn). We use a marketing partner to contact our potential clients. Our marketing partner has obtained their contact detail listings from public sources (e.g. Suomen Asiakastieto) or from its previous database.
6. GROUNDS, PURPOSES AND EFFECTS OF PROCESSING YOUR PERSONAL DATA
The processing of your personal is necessary to meet our legal obligations. We process your personal data in order to comply with the obligations set out in the Act on Preventing Money Laundering and Terrorist Financing (444/2017) and the Accounting Act (1336/1997). In addition to this, we process your data in debt collection agreements as required in the Act on the Registration of Debt Collectors (411/2018). On this basis, the personal data groups numbered 1, and 3-4 are processed, as specified in paragraph 4
The processing of your personal data is based on the legitimate interest of CreditVisor as specified below. On the basis of a legitimate interest, the personal data groups numbered 1 and 2 are processed, as specified in paragraph 4
If you are a representative of our existing client:
The purpose of handling your personal data is the development and sustenance of your organization’s customer relationship with CreditVisor. Your personal data is also handled for selling and directly marketing our products and services. By handling your personal data we are able to provide you better service and to develop our products and services to better meet our clients’ requirements. The handling of your personal data does not have any other effects on you.
If you are a representative of our potential client:
The purpose of handling the personal data of our potential clients’ representatives is the direct marketing of our products and services and other selling and marketing measures. These may include sending marketing messages via e-mail or social media and contacting you by telephone. The handling of your personal data does not have any other than marketing-related effects on you.
Your personal data will not be further handled for any other purposes than the ones mentioned above.
7. REGULAR DISCLOSURES AND TRANSFERS OF YOUR PERSONAL DATA TO THIRD PARTIES
We may disclose your personal data to our marketing partners. At the moment, these parties include: Hubspot Inc., Leadoo Marketing Technologies Oy, Clento Oy and Inhouse Group Oy.
Our partners may only process your personal data for the purposes of the measures to be taken on our behalf. We always ensure that our partners do not process transferred personal data for any other purposes.
We may also need to share your personal data with competent authorities in accordance with the legislation on the processing of personal data.
8. TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE EU OR THE EEA
We may transfer your personal data outside the European Union or the European Economic Areal to the following recipient: Hubspot Inc. (USA).
The European Commission has decided that an adequate level of data protection is ensured in the recipient country in question (equivalence decision). Hubspot Inc. has joined the EU/USA data protection framework and committed to comply with European data protection standards.
9. PRINCIPLES FOR THE RETENTION OF PERSONAL DATA
The following principles apply to the retaining of your personal data:
The personal data of a clients and their representatives shall be retained as long as the customer relationship continues. After that, we shall retain personal data for as long as necessary for the lawful purpose for which the data was collected. The storage period according to the Accounting Act (1336/1997) is six or ten years, depending on the material. We only store the type on information required by the Accounting Act.
The storage period of KYC (“Know Your Customer”) information, according to the Act on Preventing Money Laundering and Terrorist Financing (444/2017) is five years from the end of the customer relationship. The information obtained to comply with the reporting duty set out in the Act on Preventing Money Laundering shall be retained for five years after the end of a customer relationship or the execution of a transaction.
According to the Act on the Registration of Debt Collectors (411/2018), the debt collector must keep the documents and data related to the debt collection activity for five years after the end of the debt collection measures, unless a longer retention period is provided for elsewhere in legislation.
We also keep the data until the expiry of the limitation period for the filing of various claims in order to be able to defend ourselves against legal claims.
The personal data of our potential clients’ representatives shall be kept on the direct marketing register for as long as your serve in a position that matches the products or services marketed, and upon condition that you have not objected the use of your personal data for direct marketing purposes. In these situations, we may keep record that you have objected direct marketing. Your personal data may be stored for a longer period than above, if the applicable legislation or our contractual obligations towards third parties require a longer retention period.
10. RIGHTS RELATED TO THE PROCESSING OF THE DATA SUBJECT ‘S PERSONAL DATA
You may at any time object the use of your personal data for direct marketing purposes. You can also give us specific consents or objections (e.g. object marketing messages via e-mail, but allow them via post letters).
Also, in accordance with applicable data protection legislation, you have the right, at any time, to:
- be informed of the processing of your personal data;
- gain access to your data and inspect the personal data we process about you;
- require the rectification and completion of inaccurate personal data; and
- request the erasure of your personal data;
- withdraw your consent and object to the processing of your personal data to the extent that the processing of your personal data is based on your consent;
- object to the processing of your personal data on grounds relating to your particular situation to the extent that our legitimate interests are the basis for processing your personal data;
- receive your data in a machine-readable format and transmit the data to another controller, provided that you have personally provided the data to us, we process the data on the basis of a contract or your consent and the processing is carried out automatically;
- request the restriction of processing of your personal data.
To exercise the aforementioned right, you must submit your request to us in accordance with section “Contacts” of this privacy statement. We may ask you to specify your request in writing and verify your identity before processing the request. We may refuse to comply with your request on the grounds set out in applicable law.
You also always have the right to submit a complaint to the relevant supervisory authority or the supervisory authority of the EU Member State where you reside or work, if you consider that we have not processed your personal data in accordance with applicable data protection legislation.
11. THE REGISTER’S PROTECTION PRINCIPLES
We respect the confidentiality of your personal data. Any manual materials shall be stored in a locked space that can only be accessed by designated persons. Personal data processed digitally shall be protected and stored in our information system, which has limited access only to persons who need such data in order to perform their duties. These persons shall use their personal usernames and passwords.
We encrypt any personal data sent outside of our Company.
All requests for the exercise of the above rights, questions about this privacy statement and other contacts must be made by email to [email protected]. You can also contact us via the contact function on the website or in writing at the address below:
P.O. Box 104
FI-00101 Helsinki, Finland