Fidelix Privacy Policy

Privacy policy

Privacy Notice for the Business Customer, Partner and Stake­holder Register of Fidelix Oy

1. Controller

Fidelix Oy (Business ID 1770269-0)
Address: Myllynkivenkuja 1, 01620 VANTAA
Phone number: 092501288
(hereafter ”Fidelix Oy” or ”we”)

2. Contact person for register matters

Name: Mikko Alppivuori
Address: Myllynkivenkuja 1, 01620 VANTAA
Email: privacy@fidelix.com

3. What is the purpose and the legal basis for processing personal data and what data do we process?

PERSONAL DATAPURPOSE OF PROCESSINGLEGAL BASIS
Basic information such as name, customer number, username and/or other unique identifier, password and language;
Contact details such as e-mail address, phone number, home address
Information on the company and its contact persons such as names, titles and contact information of contact persons.
Producing, offering and developing our servicesOur legitimate interest
Same as above.Fulfillment of our contractual and other undretakings and obligationsImplementation of the agreement
Same as above.Electronic direct marketing (incl. electronic surveys)Consent (private persons) or our legitimate interest (businesses)
Same as above.Management of our customer relationship or potential customer relationship incl. organizing events, sending customer satisfaction surveysOur legitimate interest
Consents and prohibitions regarding direct marketingElectronic direct marketing (incl. electronic surveys)Consent (private persons) or our legitimate interest (businesses)
Personal Data collected in connection with events and trainings such as event registration, special diets, billing informationOrganizing events and trainings and sending invitationsOur legitimate interest, consent
Data related to the customer relationship or a potential customer relationship, partners and agreements such as information on past and current agreements and assignments, offers made, contact information, billing informationFulfillment of our contractual and other undretakingsFulfillment of the agreement
Same as above.Taking care of, developing and maintaining the customer relationship; responding to communications from potential customers and making offeOur legitimate interest
Information on the technical connection and the terminal used such as IP address, device ID or other identifiers and cookiesAnalyzing behaviourConsent

4. From where do we receive the data?

We receive information primarily from the following sources: yourself, authorities, credit information companies, contact information providers, and other similar trusted parties.

In addition, data is obtained from information collected when access rights are created and entered into the controller’s systems, as well as from data collected from users’ devices during use.

Additionally, personal data may be collected and updated for the purposes described in this privacy notice from publicly available sources and from authorities or other third parties in accordance with the applicable legislation. Such updating of data is performed manually or by automated means

5. To whom do we disclose and transfer data, and do we transfer data outside the EU or the EEA?

We may disclose personal data to the extent permitted and required by applicable law, for example, to group companies as well as legal and financial or other similar consultants who act as independent controllers of the data. Personal data may be disclosed to authorities which have a legal right to obtain information from the register.

We have outsourced the processing of personal data to subcontractors for the following services:

– Marketing
– IT management
– Financial management
– Business (e.g. services and trainings provided by us)

We have ensured the protection of your data by making the necessary contracts with the subcontractors. We cannot name all our subcontractors, in part due to projects in development, so we have decided on naming only the types of subcontractors.

We do not primarily transfer personal data outside the EU/EEA. However, the marketing and IT management systems we use may allow the service provider to access data from outside the EU/EEA. When personal data is processed outside the EU or the EEA, we will ensure that the subcontractor is committed in complying with the EU Commission’s standard clauses on the processing of personal data.

6. How do we protect the data and for how long do we store it?

Access control, data encryption, log monitoring, security policies, backup policies, operational control, technical restrictions as well as the detection of data security deviations and possible data security breaches are utilised in the Company’s premises. Persons handling documents are bound by a confidentiality obligation.

Only those of our employees, who on behalf of their work duties have the right to process personal data, are entitled to use the systems containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected with firewalls, passwords, and other technical measures. The database and its backups are kept in locked premises and only predesignated persons have access to the data.

We assess the need to store data regularly considering the applicable legislation. Additionally, we take all the reasonable measures to ensure that no data, which is incompatible for the purposes of the processing, obsolete or incorrect, is stored in the register. We correct or erase such data without delay.

7. What are your rights as a data subject?

You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. You may also inspect your data stored in the register and update and edit these by means of a technical access, username, and password. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.

On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is the legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

8. Who can you contact?

The contacts and requests concerning this privacy notice must be submitted in writing or in person to the person mentioned in section two (2).