How Helmee Imaging Oy uses customer data and marketing-related personal data

Privacy Notice – How Helmee Imaging Oy uses customer data and marketing-related personal data

This is a privacy notice for the purposes of the EU General Data Protection Regulation (the ”GDPR”). Last amended 22 May 2018.

1. Data Controller

Helmee Imaging Oy, Rantaperkiönkatu 1 D 13, FI-33100 Tampere, FINLAND – www.helmee.com

2. Contact details for issues concerning personal data

Sales Administrator, info@helmee.files.fi, p. 040 7698667

3. The purpose and legal basis for processing personal data

The purpose of processing personal data in connection hereto is to maintain customer contacts and to market Helmee’s products. The legal basis for processing the personal data is the performance of the customer agreement, or the customer’s request to take preparatory steps therefor (Article 6(1)(b) GDPR) and Helmee’s legitimate interest to market its products to its contacts (Article 6(1)(f) GDPR).

The information is not used for automated decision-making or profiling.

4. Personal data processed

Helmee processes such personal data as the data subject may give to Helmee. Such information includes name, title, company, billing information both for the data subject and the company, and, e.g., the names of the data subject’s or his/her company’s social media profiles, as well as information given on, e.g., business cards or in email footers. Additionally, Helmee will process information concerning the customers, orders, order changes and the like.

In addition to information obtained directly from the data subject, Helmee may also record information, e.g., the IP address used by the data subject, use of the Helmee website as well as content, likes and similar from social media accounts.

5. Regular sources of data

Data is mainly obtained from the data subject him- or herself through, e.g., web forms on the Helmee website, in customer meetings and contacts and in similar contexts. Some data may also be obtained from public sources such as from company information services or the data subject’s social media accounts.

6. Storage periods

The data is stored for the duration of any customer relationship and for two years thereafter. Should Helmee during this time have a reasonable belief that the data may be needed longer, e.g., for a potential dispute, the data may be kept until the relevant statute of limitations period has expired.

Marketing data that are not connected to a customer relationship are kept for two years or until the affected party asks that it be removed.

To the extent any customer’s or marketing contact’s personal data would be processed based on the consent of the data subject, the data subject may withdraw the consent at any time. Withdrawing consent does not affect the legality of any already undertaken data processing measures, however.

7. Regular disclosures of personal data; transfers outside the EU/EEA

Personal data may be transferred to data processors such as an external company sending a newsletter of behalf of the company, e.g., MailChimp. Information may also be disclosed to Helmee’s re-sellers, some of which are located outside the EU. Helmee has entered into data processing agreements pursuant to Article 28 of the GDPR with these entities. In respect of those re-sellers located outside the EU or the EEA, Helmee also entered into an agreement including the standard contract clauses referred to in 46(2)(c) of the GDPR to ensure the safe processing of personal data outside the EU/EEA also.

Helmee also uses external analytics services, such as Google Analytics, Leadfeeder, etc., that may operate both inside and outside the EU.

Data may be published only if this has been agreed-on with the customer.

8. Information security

Appropriate care will be used in the processing of personal data and any data processed via IT systems adequately protected. When data is stored on Internet servers, the devices’ physical and digital information security is ensured. Helmee will ensure that the save data, server access rights, and information critical to the safe storage of the data are dealt with confidentially and only by those members of staff for whose job functions it is necessary.

9. The right to inspect data and have incorrect data rectified

All data subjects have the right to inspect personal data Helmee holds about them and to require that incorrect or lacking information be updated. Should the data subject wish to inspect his or her personal data, or ask that they be corrected, a written request can be sent to Helmee using the contact details provided above. Helmee may ask the requesting person to identify him- or herself, where necessary.

Helmee will respond to the data subject without undue delay and in any event within a month.

10. Other rights in connection to personal data

The data subject also has the right to object to his or her personal data being processed and to ask that information concerning him or her be removed from the register. The data subject also has all other rights provided for in the EU General Data Protection Regulation, such as the right to have the processing of personal data restricted in certain cases. Requests should be sent to Helmee in writing using the contact details provided above. Helmee may ask the requesting person to identify him- or herself, where necessary. Helmee will respond to the data subject without undue delay an in any event within a month. Should the data subject consider that Helmee has processed his or her data unlawfully, the data subject may file a complaint with the data protection supervisor of his or her place of residence or work. In Finland, the data protection supervisor is the Data Protection Ombudsman (see tietosuoja.fi).