Updated 9.9.2021 | Suomeksi
At Vitec Tietomitta Ltd, we are committed to protecting and respecting your privacy in accordance with applicable legislation, including the Data Protection Act (1050/2018) and the EU General Data Protection Regulation (GDPR) 2016/679. This Privacy Policy explains when and why we collect personal data, how we use it and how we keep it secure. This Privacy Policy applies to the processing of personal data in our customer relationship management system, and to how we use and apply personal data for sales, marketing, and fulfilling our obligations under customer contracts.
We may update the contents of this Privacy Policy from time to time and we encourage you to check this page regularly. Above this Privacy Statement is the date on which the Privacy Statement was last updated.
When do we collect and process personal data about you?
We collect your personal information when you use our services or products and enter your personal information into them, and when you communicate with us, for example, through correspondence, telephone, social media, or our websites. This also applies when you are dealing with us as a representative of a business. We may also collect your personal data when you or the company you represent enters into a contract with us.
Why do we collect and use personal data?
We use personal data to fulfil our obligations under contracts with customers, partners, and suppliers, and to provide our services and products. We also collect and use personal data for sales, marketing, and customer service purposes. We also collect information on suppliers and partners.
We may use your information for the following purposes:
- To provide, offer, and develop our services and products;
- To manage, maintain, and develop our customer relationships;
- Direct sales and marketing, including information about our products and services, events, activities, and offers of our partners' products and services. In the email newsletters we send you, you can opt-in or opt-out of direct marketing subscriptions and read our Privacy Policy;
- Tracking incoming requests and related communications (customer support, emails, chats, calls, and online forms);
- Targeting advertising on our own and other online services.
- Fulfilling our contractual obligations, such as order confirmation and similar; and
- Reporting disruptions to customer services.
What personal data do we collect and process?
We collect the following information:
- Name
- Telephone number
- Title
- E-mail address
- Company name and contact details
- Electronic signature
- Your feedback, such as comments, questions, and other communications with us
- Event and user analytics data; information about your login to the online service;
- Customer, other material connection and contractual information such as services purchased, including start and end dates, product delivery information, vendor information related to the contract, authentication information related to the use of services, and information about the use of services and benefits offered;
- Targeting data generated from trade and other registers.
- If you are a representative of your company, the details of the company you represent, including signatures
Our legal basis for using personal data
- Use of personal data on the basis of consent: The data subject may give his or her consent electronically by filling in a form when using our product or service. The consent is stored in our system in the data of the person concerned.
- Use of personal data on the basis of a contract: We may also use your personal data to perform our obligations under a contract between us.
- Use of personal data on the basis of a legitimate interest: Processing is in our legitimate interests for reasons relating to the management, administration or promotion of our business and your interests or rights do not override those interests.
How long do we keep your personal data?
We retain personal data for as long as necessary for the purposes for which the personal data is used, including (but not limited to) the duration of the customer relationship, unless applicable law requires a longer retention period. Sensitive data will be destroyed immediately upon termination of the purpose for which it was collected. We will regularly assess the necessity of data retention in the light of applicable law. In addition, we will take reasonable steps to ensure that no personal data relating to data subjects which are incompatible with the purposes of the processing, outdated or inaccurate are kept in the register. We will correct or destroy such data without undue delay.
Your rights to your personal data
As a data subject, you have the right to inspect the personal data concerning you that is stored in the personal data file (personal data report) and to request the rectification or erasure of inaccurate data, provided there are legal grounds for doing so. You also have the right to withdraw or modify any consent you may have given.
To the extent that, as a data subject, you yourself have provided data to the customer register which are processed on the basis of the consent or mandate given by the data subject, as a data subject you have the right to receive such data for yourself, as a rule in machine-readable form, and the right to transfer such data to another controller.
As a data subject, you have the right to object to or request restriction of the processing of your data and to lodge a complaint with a supervisory authority about the processing of personal data, in accordance with the GDPR.
For specific personal reasons, you also have the right to object to processing operations concerning you where the processing is based on our legitimate interests. In your claim, you must identify the situation on which you base your objection to the processing. We can only refuse to comply with a request related to an objection if the law gives basis for the refusal.
As a data subject, you also have the right to object to processing at any time and free of charge.
Do we share your data with anyone, and do we transfer your data outside the EU/EEA?
We will not share, sell, rent, or exchange your data with third parties without your consent, except as described below:
Third-party service providers working on our behalf:
To the extent permitted and required by applicable law, we may transfer your information to our resellers, agents, subcontractors, and other associated organisations for the purpose of providing services to you on our behalf.
We may use subcontractors to process personal data on our behalf, and we are responsible for ensuring that they agree to comply with this Privacy Policy and applicable data protection legislation by signing a data processing agreement.
In addition, personal data may be disclosed to our corporate group.
If the law requires it:
To comply with applicable law, legal process, or other legal requests, we may be required to disclose your personal information to public authorities or third parties. We may also disclose or otherwise process your personal information in accordance with applicable law to defend our legitimate interests and to combat fraud.
The processing of your personal data will in principle take place within the European Union and the European Economic Area. In some circumstances, we may also use subcontractors located outside the above-mentioned area. In case such subcontractors are used, the processing of personal data is always based on the transfer basis required by data protection legislation, such as valid model clauses approved by the EU Commission. You may ask us for a copy of the specimen files we use to transfer your data.
How do we protect your personal data?
We are committed to protecting your personal data by organisational and technical means as required by applicable data protection legislation. We also require the same from our subcontractors, and we will determine the appropriate data protection measures together with our subcontractors, taking into account technological developments, implementation costs, the nature, scope, and purpose of the processing, and the risks of the processing. These measures may include pseudonymisation of data, system stabilisation measures, ensuring the availability of personal data and regular testing of the systems used.
Access to the register where your personal data is stored requires a user ID issued by the administrator of the customer registration system. The administrator also determines the level of access to be granted to users. A personal password is required to launch the application. Access to the register and logins are monitored by means of log entries.
The data is collected in our centralised data systems, which are protected by firewalls and other technical means. Only predefined persons have access to the information systems. In addition, data is updated and deleted at predefined, regular intervals.
Data protection queries
All enquiries regarding data protection should be sent to viestinta.vingo@vitecsoftware.com.