1. Data controller
Phone: +358 010 526 3190
2. Contact person responsible for the register
Markus Haataja, CTO
Phone: +358 40 582 0957
3. Data register name
Eventilla customer and marketing register.
The data of the Data controller’s customers and prospects and their representatives is processed in the register in ways described below.
4. Data content of the register
The register might include data about the data subject according to the following groups:
- Phone number
- Company and its address
- Commonly available classification data
- Classification data disclosed by the data subject
- Subscription, billing and delivery data
- Data about subscribed services and changes to them
- Data collected with cookies
- Data collected from social media channels
- Data about the device the data subject is using, such as device type, browser, IP address, and other device data
- Possible other data that has been collected with the data subject’s consent
5. Purpose and basis for processing personal data
The Data controller processes personal data for the following purposes:
- To maintain and manage customer relationships
- For customer communications
- In order to fulfill the rights and obligations of the data subject and the Data controller
- For purposes related to online services
- For research purposes
- For marketing the Data controller’s and its affiliates’ services
- In order to fulfill the legal obligations of the Data controller
The legal grounds for the Data controller to process personal data according to the EU’s General Data Protection Regulation are:
- Data subject’s consent
- Performance of a contract
- Data controller’s legitimate interest
- Legal requirements
6. Register’s regular sources of data
Personal data is collected from the following sources:
- The data subjects themselves (such as via LianaCMS website contact forms or social media services)
- The Data controller’s website (newsletter subscriptions, material downloads, event registrations)
- Through the tracking pixels in the Data controller’s newsletters
- The data about the data subject that is collected during contract process
- Data collected from customer meetings
- Data subject’s service usage
- Data controller’s customer data register
- Other possible situations where the data subject discloses their data to the Data controller
- Data from public sources, such as company websites, trade register, Leadfeeder or social media channels (such as LinkedIn)
- Through cookies and other equivalent technology
In addition, the Data controller utilizes Google Ads and Analytics, Microsoft Ads, Leadfeeder, Moz and Liana®Marketing Automation services to collect website visitor data in order to analyze and improve the website and target the visitors with relevant marketing. Data is automatically saved in the register when a visitor leaves their data on the website or utilizes eventilla.com service.
7. Regular data disclosure
As a rule, the Data controller does not disclose data subjects’ personal data to third parties. Data can be disclosed when the authorities require, in order to meet contractual obligations or to the extent that has been agreed with the data subject. In some cases, the personal data of data subjects might be disclosed to subcontractors or affiliates of the Data controller. These organizations process the data confidentially and based on a separate written agreement according to the written instructions from the Data controller.
The Data controller can disclose statistical or anonymized data that cannot be connected to the data subject.
8. Transferring data outside the EU or EEA
Data can be transferred and stored on a server outside the EU or the European Economic Area in order to be processed by the Data controller or for the Data controller by the Data controller’s affiliate, in accordance with the Finnish Personal Data Act, the EU General Data Protection Regulation and the Finnish Data Protection Act.
If personal data is transferred outside the EU/EEA, it will in all circumstances have legal grounds:
- The European Commission has ruled that the particular receiver country has a sufficient level of data security;
- The Data controller has taken the proper protective measures for transferring personal data by using data security Model Contractual Clauses approved by the European Commission (of which a copy will be delivered by request);
- The data subject has given their consent particularly for transferring personal data; or
- There are other legal grounds for transferring personal data outside the EU/EEA, such as the Privacy Shield framework approved by the European Commission for the United States.
9. Data storing time
10. Data subject rights
The data subject has the following rights. Requests to exercise these rights should be directed to the address in item 2. The data controller might ask the person making the request to prove their identity. The Data controller will provide the requested data within the timeframe provided in the EU’s General Data Protection Regulation.
- The right to access your own data
The data subject has, at any given time, the right to check the data that has been collected of him or her.
- The right to rectify data and the right for erasure (the right to be forgotten)
By the data subject’s request, the Data controller rectifies, erases or complements faulty, insufficient, unnecessary or outdated personal data to the extent that is necessary for the processing of data. The Data controller can also rectify, erase or complement data from their own initiative.
- The right to withdraw consent
With regard to personal data collected on the basis of consent, the data subject has the right to withdraw the consent they have previously given for processing their personal data.
- The right to data portability
The data subject has the right to transfer the data they have provided to another data controller when the processing is based on consent or a contract and when it is technically possible. The Data controller will in these cases transfer the data in a structured, commonly used and machine-readable format. The Data controller is not responsible for the compatibility of the data format with the recipient’s system.
- The right to restrict processing and the right to object
If the Data controller processes personal data based on the grounds of public interest or legitimate interest, the data subject has the right to object to the processing of their personal data to the extent that there are no significant grounds for processing the data that would override the rights of the data subject or the processing of data is not necessary to settle a legal claim.The data subject has the right to prohibit direct marketing including profiling analyses conducted for the purposes of direct marketing. Each direct email marketing message sent by the Data controller has a link that allows the data subject to prohibit direct messaging to their email.The data subject has the right to restrict the processing of their personal data if the data is faulty, the processing is illegal or the data is no longer necessary.
- The right to appeal
The data subject always has the right to appeal to the relevant supervisory authority or to the supervisory authority of the EU member state where the data subject is living or working if the data subject considers that the Data controller has not processed personal data in accordance with the applicable data protection laws.
11. Register security principles
Personal data is stored as confidential material. The Data controller’s data network and hardware where the register is located are protected by a firewall and other necessary technical measures. The Data controller ensures that the stored information, as well as server access and other information critical to the security of personal data, is treated confidentially and only by the employees whose job description it is included in.
The Data controller utilizes cookies on its website to improve user experience and to carry out targeted advertising. Cookies are small text files that are sent as a request by the browser to the user’s computer and stored there.
The cookies used by the Data controller are related to marketing automation system (Liana®Marketing Automation), targeting advertising (Google Ads and Microsoft Ads), analyzing and monitoring website visitor data (Leadfeeder) and social media channels used by the Data controller (including LinkedIn, YouTube, Twitter, Instagram and Facebook). These software save data about, for example, what pages a person visits, how long a person stays on a website, how a person ended up on a site and which links a person clicks.
Cookies can be disabled by changing the settings that can be found from most browsers. Data subjects are asked to take note that after these changes the online service might not function without disruption.