1 — General
- what personal data we collect;
- how we use the data;
- how we collect the data;
- what is the legal basis for processing the data;
- who controls and processes the data;
- how do we protect the data;
- data transfers outside the EU; and
- what rights you have regarding your data.
2 — How do we use the personal data we collect?
We may collect your data:
- to create or maintain customer relationships;
- to offer services, products or other legitimate interests to you;
- to provide services, products or other legitimate interests to you;
- to develop services, products or other legitimate interests;
- to fulfil requirements of a contract to which you are a party,
- to take steps to create such a contract;
- to fulfil requirements of any legal obligations that we are a subject for; or
- to pursue any other legitimate interests that do not override your interests or fundamental rights and freedoms that require protection of your data.
3 — What personal data do we collect?
We may collect:
- your contact details (such as name, email and phone number);
- your company details (such as company name and job title);
- your communication details (such as chat transcripts, email correspondence, text messaging and meeting memos);
- your usage details (such as how you use our website and our other services and products);
- your relationship details (such as details you have shared with us while using our services and products, and details you have given us access to fulfil requirements of a contract); or
- your any other legitimate personal data.
4 — How do we collect personal data?
We may collect personal data about you:
- from publicly available sources (such as web or social media);
- from yourself as you communicate with us or use our products and services;
- from the sources you have given us access to fulfil requirements of a contract;
- from shared partners, service providers and other third parties; or
- from your representative.
5 — What is the legal basis for collecting personal data?
There is always a legal basis for collecting and processing your data. The legal basis for processing your data may be:
- a freely given consent from you;
- performance of a contract; or
- fulfilment of our a third party's legitimate interest. These interests may be, for example, offering our services or products. However, these interests cannot override your interests or fundamental rights and freedoms that require the protection of your data.
6 — Who can access, control and process personal data?
The data is accessible, controlled and processed by the board of Koskinen & Co.
Some parts of the data processing have been outsourced to third parties. We do our best to ensure that the chosen data processors have appropriate security measures to protect your privacy and to comply with any applicable legislation.
It is possible that we or our service providers may transfer your data outside the EU/EEA-area. This may happen if for instance we or our service providers duplicate some data outside the EU / EEA area in the United States. Data is duplicated to keep your data safe even in situations where major servers fail.
Such a transfer is always conducted safely and according to applicable laws. We do our best to ensure that all necessary measures are taken to make sure that your data is not transferred to an entity outside the EU/EEA-area that does not fulfill the criteria regarding the processing of personal data set forth in applicable laws.
In addition, we adhere to the EU’s, US’ and Switzerland’s and United State’s Privacy Shield Framework principles. We do not use these principles as the legal justification for the transfer of personal data, taking into account the EU's Court of Justice’s decision in the case C-311/18. You can find more information from the US department of commerce's Privacy Shield website.
The European Commission has approved the use of model contract clauses as a means of ensuring adequate protection when transferring data outside of the EEA. By incorporating model contract clauses into a contract established between the parties transferring data, personal data is considered protected when transferred outside the EEA or the UK to countries which are not covered by an adequacy decision. We rely on these model contract clauses for data transfers.
Your data may be processed by any number of the following third parties:
- any other sub-processor we have informed you about; or
- any other software or platform we use to communicate between each other.
Your data is not transferred elsewhere unless the performance of a contract that you are a party, other legal obligations that we are a subject, or a public authority demands otherwise.
7 — How is your personal data protected?
Your data is protected with appropriate security measures. The computers that are used to access your data have been encrypted. The access to the data processing services has been protected with two-factor authentication measures, where applicable, and with very secure passwords. Also, a VPN connection is used wherever possible to connect to these services.
8 — Is personal data transferred internationally?
Your data may be transferred outside of the EU or ETA by the third parties described above. It is likely that some parts of their data processing processes do transfer the data internationally. However, we have done our best to ensure that these third parties have their data servers within EU or ETA, or have appropriate security measures to transfer your data internationally.
10 — What are your rights to access and control your data?
- You have a right of access — You have a right to know whether we collect, control, and process your data or to know what personal data we collect, control, and process about you.
- You have a right to rectification — You have a right, without undue delay, to rectify inaccurate, expired, or incomplete data about you.
- You have a right to restrict processing — You have a right to restrict what personal data we process about you, how long we are consent to process it, and in what ways we are consent to process it.
- You have a right to data portability — You have a right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
- You have a right of erasure — You have a right, without undue delay, to ask for erasure of your personal data unless the processing is necessary for any legal obligations that we are a subject for, or for the performance of a contract to which you are a party.
- You have a right to object — You have a right to object to the processing of your data unless we have a compelling legitimate ground for processing data which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- You have a right to appeal — You have a right to appeal to the Office of the Data Protection Ombudsman.
You may exercise any of these rights by contacting us.
If the changes result in the expiration of the legal basis for collecting, controlling and processing your data, we make sure that the legal basis for collecting, controlling and processing your data is restored. Otherwise, your data will be deleted according to all applicable privacy laws and regulations.
12 — How may you contact us about your privacy?
Updated 12th of September, 2021