Data protection description
Data Protection Description regarding Helsinki Partners Ltd Partner, Customer and Cooperation Partner Data File
Helsinki Partners Ltd (Business ID 3209009-8)
00099 HELSINGIN KAUPUNKI
2 Contacts about data file
Helsinki Partners Ltd (business ID 3209009-8) (”HP” or ”Data Controller”)
00099 HELSINGIN KAUPUNKI
3 Name of data file
Helsinki Partners Ltd Partner, Customer and Cooperation Partner Data File
4 Purpose and grounds of processing personal data
Data subject’s personal data is processed based on
- a contract between HP and the data subject
- HP’s lawful interest (e.g. direct marketing) or
- data subject’s consent.
The purpose for the use of the data subject’s personal data is:
- maintaining, developing, analysing and creating statistics of the data subject’s use of HP websites
- customer communications and collection of customer feedback to and from data subjects
- implementing and collecting opinion and market surveys to and from data subjects
- direct marketing, targeting online advertising and profiling of data subjects
- planning and developing business operations and services to data subjects
- identifying users and management of access rights
5 Content of the data file and groups of data subjects
The data file contains the following personal data about data subjects (e.g. the decision-makers and contact persons, including subscribers of newsletters, persons who have submitted a request for contact and/or feedback, those participating in events):
- name, title, enterprise, postal address, e-mail address, telephone number
- data about the data subject’s work tasks and position in business life or a public task
- bans on direct marketing
- segmentation and profiling data
- login credentials and usage log of electronic services
- language the contact person has used
- different kinds of cookies
- customer history
- other possible necessary data for the data file’s purpose of use
6 Data files to be formed
The personal data that HP websites collect from data subjects form one or several data files as indicated hereunder:
- Helsinki Partner’s customer data file
- Helsinki Partner’s website data file
- Helsinki Partner’s marketing and communications data file
7 Regular sources of personal data
The personal data in the data file is regularly collected from the data subject based via different means (e.g. via telephone, in meetings or another similar way). The data subject may also submit data to HP based on their consent.
The data file is compiled in connection with the creation of the cooperation contract between HP and data subjects and data collected in other manners during the relationship.
Personal data may also be collected and updated from public and private registers.
8 Disclosure and transfer of personal data outside the EU or the European Economic Area
HP discloses the personal data of data subjects to its cooperation partners in order to promote the development of its customer companies’ business operations, realisation of investments and acquisition of solutions.
HP uses services of external service providers for certain tasks relating to the processing of the data subject’s personal data, such as maintaining newsletter subscription lists, the provision of certain digital services and the processing of data for marketing purposes.
If HP uses an external service provider’s services for processing of the data subject’s data, each service provider is obliged to enter into a separate data processing agreement with HP in which the external service provider’s obligations are agreed pursuant to applicable data protection laws.
HP may also disclose or transfer the data subject’s personal data to third parties, such as potential purchasers and/or their advisors or competent authorities, as they may be required from time to time. Such disclosures shall be conducted in accordance with applicable data protection laws.
The data subject’s personal data may be processed within the EU and European Economic Area. However, the data subject’s personal data may be transferred, transmitted, accessed or otherwise processed outside the EU and the European Economic Area, e.g. to the United States, or to other countries, when providing services to data subjects.
The appropriate level of data protection of personal data is always ensured when personal data is transferred outside the EU and European Economic by applying the safeguards required by applicable data protection laws (e.g. standard contractual clause stipulated by the European Commission).
9 Data file protection principles and data retention periods
Only the employees of HP who have the right to process the data subject’s personal data for their work performance, or sub-processors when applicable, are authorised to use the systems containing the data subject’s personal data.
All users have personal login credentials for the used systems containing personal data. The personal data is collected into databases that are protected using firewalls, passwords and other technological measures. Databases and their back-up copies are located on locked premises, and the personal data can only be accessed by certain pre-appointed persons.
The data subject’s personal data is retained as long as is necessary for the purposes set out in this Data Protection description. Primarily, personal data is retained as long as HP’s legimate or contractual interests require so and to the maximum extent permitted by law.
HP shall assess the necessity of retaining the data subject’s personal data regularly, in addition to which HP takes care of all reasonable measures used to ensure that the data file contains no incompatible, unnecessary, outdated or erroneous personal data of the data subject.
HP shall delete all personal data without immediate delay if HP has no legitimate, contractual or administrative grounds to process such personal data pursuant to this Data Protection description or any applicable legislation.
10 The data subject’s rights
Data subjects have the following rights based on the data protection laws.
Right of access to personal data
The data subject has the right to access their personal data recorded in the personal data files, and to verify that their personal data is no longer stored in the data files.
Right to information rectification
The data subject has the right to submit a request to HP to correct any and all errors regarding their personal data stored in the data files.
Right to request deletion of personal data
The data subject has the right to request deletion of their personal data from data files if there are no legal grounds for HP for processing such personal data.
Right to limit processing of personal data
The data subject may request that the processing of their personal data shall be restricted on the criteria stipulated in the currently applicable data protection laws.
Right of objection to the processing of personal data
The data subject has the right to prohibit HP from processing their personal data for the purposes of direct mail, distance selling and other direct marketing purposes and for the purposes of conducting market and opinion research.
Right to transfer personal data from one system to another
Provided that the data subject has submitted to HP information which is processed based on the data subject’s consent, the data subject shall have the right to receive such information in machine readable form and the right to transfer such information to another controller than HP.
Right to withdraw consent
If the processing of personal data is based on the data subject’s consent, the data subject shall have the right to withdraw their consent at any time.
The processing of the data subject’s personal data that has been processed prior to the withdrawal of the data subject’s consent does not become unlawful if the data subject later revokes their consent.
Right to appeal to the appellate authority
The data subject shall have the right to lodge a complaint with the competent supervisory authority if he or she considers that HP has not complied with the appropriate data protection laws. The national appeal body is the Office of the Data Protection Ombudsman
(in Finnish Tietosuojavaltuutetun toimisto) (www.tietosuoja.fi)
If HP requires data subjects to provide HP with personal data and the data subject does not provide such data to HP, HP will not necessarily be able to provide all services data subjects may require.
In such cases, HP shall not be responsible for any direct or indirect consequences the data subject incurs or may incur for not providing such personal data to HP.
HP does not perform automated decision making and profiling concerning data subjects’ personal data.
Cookies are small text files that HP websites store on the data subject’s computer, mobile device or other device when using HP’s websites.
When using HP websites, the data subject has the opportunity to choose which non-essential cookies he or she consents to. Necessary cookies can be set despite the data subject’s consent based on legislation.
The data subject can also change the settings of their browser and delete the set cookies from the browser after using HP’s websites.
Third party’s data protection descriptions
HP websites may contain links to external sites and content owned or operated by third parties.
When accessing such external sites or services, the data subject must read and accept any and all third party data protection descriptions. Such external sites or services are not subject to HP’s control. HP shall not be responsible for an external sites’ or services’ content or their processing of the data subject’s personal data.
If the data subject has any questions regarding HP’s Data Protection description or wishes to exercise their rights, please contact with HP at firstname.lastname@example.org.
HP may update this Data Protection description by reporting it on HP website or otherwise electronically.
This Data Protection description was last updated and is valid from 14.10.2021