Privacy Policy

Processing of the personal data of IISY Oy’s customers, representatives of customers and potential customers as well as the personal data of cooperation partners and representatives of partners

WHO PROCESSES YOUR DATA?

IISY Oy (Business ID: 2855140-2)
Address: Karaportti 5, 02610 Espoo

WHO CAN YOU CONTACT IN QUESTIONS RELATED TO DATA PROTECTION?

If you have any questions related to data protection or you wish to exercise your rights, you may contact:

Antti-Jaakko Alanko
antti-jaakko.alanko@iisy.fi
Tel: +358 406 404 667

WHAT PERSONAL DATA DO WE PROCESS?

If you are our customer, a representative of our customer or potential customer, our cooperation partner or our cooperation partner’s representative, we process the following personal data:

  • First and last name
  • Email address
  • Postal address
  • Telephone number
  • Employing company/organisation
  • Position within the company or organisation / duties
  • Communications with you
  • Information on our meetings

If you are our customer or a representative of our customer or potential customer, we also process the following personal data:

  • Data on your participation in our events
  • Your marketing consents and prohibitions
  • Information on newsletter and blog subscriptions
  • Information you have provided on a contact form or otherwise

If you have access to our FREESICLOUD cloud service, we process the following data:

  • Email address
  • Password to the FREESICLOUD cloud service
  • Logs on the use of the service

If you visit our website (www.iisy.fi, www.iisycloud.fi), we will process data collected by means of cookies on, inter alia, from where you are visiting our website, which parts of our website you are visiting, and which browser you are using. More information on the use of cookies is provided in our Cookie Policy.

FOR WHAT PURPOSES AND ON WHAT GROUNDS DO WE PROCESS YOU PERSONAL DATA?

We process your personal data in order to manage your customer relationship or the customer relationship between us and the company you represent. We also process your personal data for analysing, planning and developing our business and services.

In addition, we process your personal data for planning, targeting, sending, developing and carrying out marketing and organising client events.

If you are our co-operation partner or represent such a partner, we process your data for the purposes of co-operation.

The basis for the processing of personal data is a customer relationship or the preparation of a contract, or our legitimate interest based on an actual or potential contractual relationship. Sending of blog posts or electronic direct marketing may be based on your consent.

FROM WHERE DO WE OBTAIN YOUR PERSONAL DATA?

We collect personal data primarily from yourself. We can also receive your data from the company you represent, our partner or our customer.

If you are a representative of our customer or potential customer, we might also have obtained your information from a website, other public sources or a commercial operator providing information on companies and their representatives.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We do not share personal data with outsiders except where required by Finnish legislation or authorities.

In the processing of personal data, we can use the following service providers which process your personal data on our behalf:

  • IT system providers and other IT service providers;
  • billing service providers;
  • communication service providers;
  • service providers for website maintenance; and
  • providers of marketing services.

JOINT CONTROLLERS

We and Facebook Ireland are joint controllers in relation to our company page. We have entered into the Controller Addendum with Facebook Ireland (https://www.facebook.com/legal/controller_addendum ) to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint processing. We have agreed that we provide you with the information given in this section and we have agreed that between us and Facebook Ireland, Facebook Ireland is responsible for enabling your rights under Articles 15-20 of the GDPR with regard to your personal data stored by Facebook Ireland. The contact details of Facebook Ireland and its Data Protection Officer can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy. When you enter into our Facebook page via Facebook link on our website or visit, like or comment our Facebook/Instagram page or follow our Instagram page we process jointly your data to collect user information. This user information is collected for marketing purposes and to develop our Facebook/Instagram page and services. That further information on how Facebook Ireland processes personal data, including the legal basis Facebook Ireland relies on and the ways you can exercise your rights against Facebook Ireland, can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy.

We and LinkedIn Ireland are joint controllers in relation to our LinkedIn page. We have entered into the Controller Addendum with LinkedIn Ireland (https://legal.linkedin.com/pages-joint-controller-addendum ) to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint processing. We have agreed that between us and LinkedIn Ireland, LinkedIn Ireland is responsible for enabling your rights pursuant to the GDPR with regard to your personal data stored by LinkedIn Ireland. The contact details of LinkedIn Ireland and its Data Protection Officer as well as information on the processing of personal data carried out by LinkedIn Ireland including your rights towards LinkedIn Ireland can be found in LinkedIn Ireland’s Data Protection Policy at https://www.linkedin.com/legal/privacy-policy . When you visit, like or comment our LinkedIn page we process jointly your data to collect user information. This user information is collected for marketing purposes and to develop our LinkedIn page and services.

DO WE TRANSFER YOUR PERSONAL DATA TO A THIRD COUNTRY?

We use in marketing and customer administration tools where your data is stored in the data servers located in the USA. We do not transfer personal data outside the EU or the EEA otherwise. The data transfers are based on the standard contractual clauses of the European Commission.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

We will store the personal data for as long as is necessary for the purposes for which they are processed or for complying with our legal obligations. We regularly review the necessity of keeping the data and delete data when they no longer are necessary for the purpose they were collected.

If you have subscribed to our blog or consented to electronic direct marketing, we will send you blog posts or electronic direct marketing until you withdraw your consent.

SAVED DATA AND WHAT COOKIES ARE USED FOR

We (IISY Oy, Business ID: 2855140-2, address: Karaportti 1, 02610 Espoo) use cookies and other similar technologies on our websites www.iisy.fi and www.iisycloud.fi A cookie is a small text file that can be placed on your device when you visit a website.

With the cookies, we collect information on the terminal devices you use and your behaviour on our website, such as information on from what page you have accessed our website, what your IP address is, which browser and browser version you are using, and which part of our website you have been browsing and when. We use this information to enable the operation of the website (e.g. sending of a contact form), to analyse the website (e.g. web analytics and development of the website) and to target and optimise advertising.

HOW YOU CAN AFFECT THE USE OF COOKIES

When you enter our website, a selection bar appears at the bottom of the site where you can choose whether to accept cookies or not.

You can also disable cookies at any time by changing your browser settings. You may also remove existing cookies if you so wish.

THIRD PARTIES

In addition to our own cookies, our website contains cookies from third parties such as social media services, analytics providers and providers of advertising technology.

We use Leadoo’s tracking service to follow what users are doing on the site and combine this behavioral data with other data we can gather from e.g. chat interactions. Leadoo uses etag tracking in order to hook together the same users behavior over several sessions. Please check out Leadoo Marketing Technologies Ltd’s Privacy Policy (https://leadoo.com/privacy-policy/) for more information on what is tracked and what your rights are. Leadoo works as the Processor and we work as the Controller for the data in terms of GDPR. You can stop the tracking by emptying your browser’s cache after the visit. For more on how Leadoo works as a GDPR compliant processor, see https://leadoo.com/privacy-policy-processor/

Some of the third parties process cookie data for their own purposes as data controllers (e.g. social media services and Google). The third parties’ own terms apply to such cookies. E.g. Google’s privacy policy is available here: https://policies.google.com/privacy?hl=fi.

COOKIE DURATION

Some of the cookies we use are session cookies, in which case cookie data is deleted once the browser is closed. Some of the cookies we use are persistent cookies, in which case cookie data will remain on your device even after the browser is closed. In general, persistent cookies will remain on the device for 1-24 months.

WHAT RIGHTS DO YOU HAVE?

You can contact antti-jaakko.alanko@iisy.fi. to exercise your rights

Right of access

You have the right to obtain from us a confirmation as to whether we process personal data concerning you. You also have the right to access personal data concerning you as well as information on the processing of your personal data as set out in the General Data Protection Regulation.

If you exercise your right to access the information, we will provide you with a copy of the personal data we process. If you request multiple copies, we may charge a reasonable fee for them based on administrative costs.

Right to rectification

You have the right to request us to rectify any incorrect data without undue delay. You also have the right to have incomplete personal data completed by providing a supplementary statement.

Right to erasure

You have the right to obtain from us the erasure of personal data concerning you without undue delay if:

  • your personal data are no longer needed for the purposes for which they were collected or otherwise processed;
  • you withdraw consent on which the processing is based and there are no other legal grounds for the processing of such data;
  • you object to the processing of your personal data on ground relating to your particular situation and there are no legitimate grounds for processing, or you oppose the processing of your personal data for direct marketing purposes;
  • we have processed personal data unlawfully; or
  • personal data have to be erased for compliance with a legal obligation we are subject to.

Right to restriction of processing

You have the right to obtain from us restriction of processing so that your personal data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another person if:

  • you contest the accuracy of your personal data, in which case we will restrict processing for a period enabling us to verify the accuracy of your personal data;
  • we process your personal data unlawfully and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
  • you have objected to the processing of your personal data on grounds relating to your particular situation and you wait for the verification whether our legitimate grounds override the grounds of your objection.

Right to data portability

You have the right to receive the personal data provided to us by you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller if

  • our processing is carried out by automated means; and
  • the processing is based on your consent or is necessary for the performance of our agreement or for the implementation of pre-contractual measures upon your request.

The right to data portability is limited to conduct which does not adversely affect the rights and freedoms of others.

Right to object to processing of personal data

You have the right to object to the processing of your personal data on grounds relating to your particular situation if there are no legitimate grounds for the processing.

Further, you have the right to object to the processing of your personal data for direct marketing purposes and to cancel ordered blog. You can prevent the sending of electronic direct marketing, customer letter or blog by clicking the adjacent link cancel subscription.

RIGHT TO WITHDRAW CONSENT

To the extent that the processing of personal data is based on your consent, you have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing we have carried out prior to withdrawal.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

You have the right to lodge a complaint with the Data Protection Ombudsman if you think that your rights under the General Data Protection Regulation have been infringed in the processing of the personal data. The supervising authority in Finland is Data Protection Ombudsman (www.tietosuoja.fi ).

HOW DO WE ENSURE DATA SECURITY IN THE PROCESSING OF PERSONAL DATA?

We ensure data securityas required in the law. The systems containing your personal data are secured by personal user credentials, passwords and user rights.

Any materials maintained manually are in premises to which unauthorised access is prevented.

Only those of our personnel who need to process your personal data to perform their working duties have access to your personal data.