Privacy Policy Digitalist in Finland (original) (raw)

We process personal data in accordance with this privacy statement and applicable legislation, always maintaining confidentiality. The legally binding version is in Finnish. In case of discrepancies, the Finnish version shall prevail. All legal claims will be assessed under Finnish law and in the Finnish language.

Customer Relationship Management, Sales, and Marketing Under the aforementioned heading, "we" and "Company" refer to Digitalist Experience Ltd. and Digitalist Open Tech Finland Ltd. as joint controllers. Together, we process the personal data of our business clients and partners' contacts (hereinafter referred to as "Contact" or "You"). The joint controllers have agreed on the division of responsibilities, and Digitalist Experience Ltd. has been designated as the primary responsible party for communications and notifications to data protection authorities.

Customer Experience, Usability, and User Research Under the aforementioned heading, "we" and "Company" refer solely to Digitalist Experience Ltd., which alone is responsible for the handling of personal data of those participating in the research (hereinafter, "Research Participant" or "You"). In this context, there is no joint controllership with Digitalist Open Tech Finland Ltd., and all responsibility for the protection and processing of personal data rests solely with Digitalist Experience Ltd.

‍‍1. Data Controller.

1.1. Customer Relationship Management, Sales, and Marketing

Joint Controllers:

Digitalist Experience Ltd. (Business ID 0997039-6)
Siltasaarenkatu 18-20 C, 9th floor
FI-00530 Helsinki, Finland

Digitalist Open Tech Finland Ltd. (Business ID 3246952-4)
Siltasaarenkatu 18-20 C, 9th floor
FI-00530 Helsinki, Finland

Contact person for matters related to the register: dataprotection@digitalistgroup.com

1.2. Customer Experience, Usability, and User Research

Data Controller:

Digitalist Experience Ltd. (Business ID 0997039-6)
Siltasaarenkatu 18-20 C, 9th floor
FI-00530 Helsinki, Finland

Contact person for matters related to the register: dataprotection@digitalistgroup.com

2. Division of Responsibilities Among Joint Controllers

Digitalist Experience Ltd. and Digitalist Open Tech Finland Ltd. act as joint controllers for customer relationship management, sales, and marketing. We have agreed upon the following responsibilities regarding the processing of personal data:

• Primary responsibility for data processing: Digitalist Experience Ltd. has the primary responsibility for the processing of personal data, including the collection, storage, and protection of personal data.
• Contacts: Data subjects may contact either Digitalist Experience Ltd. or Digitalist Open Tech Finland Ltd. Digitalist Experience Ltd. coordinates all responses and actions related to the exercise of data subjects' rights.
• Notifications and communications with the data protection authority: Digitalist Experience Ltd. serves as the primary contact for data protection authorities.

3. Changes to This Privacy Policy

We may update and modify this privacy policy at any time. The latest version of the privacy policy is always available on our website. If there are new purposes for the processing of personal data, we will inform you in advance and request your consent if necessary.

4. Processed Personal Data, Purpose of Processing, and Legal Basis

4.1. Customer Relationship Management, Sales, and Marketing

We process the following personal data of the Contact Person:

4.2. Customer Experience, Usability, and User Research

We process the following personal data of the Research Participant:

*Our intention is not to collect personal data from minors without the consent of a guardian. However, it is not always possible to accurately verify the age of a research participant, which is why our database may contain personal data of minors. We reserve the right to prevent participation in the research by a person who is or is reasonably suspected to be a minor. We ask that minors do not participate in our research without the consent of a legal guardian. If you are a minor, you must be able to prove, upon request, that you have the consent of your legal guardian.

**Participation in our researches may be compensated with a participation fee. Typically, such a fee is a gift card, movie ticket, merchandise/product prize, or similar. The payer of the participation fee can be either us, our partner or the commissioner of the research. The payer is responsible for the participation fee, its delivery, and any related notification obligations, registrations, etc., required by law. We reserve the right to define the content, type, and value of the participation fee for each research and may, if necessary, refrain from paying/delivering the participation fee.

***In some of the researches we conduct, prizes may be drawn among participants. In such cases, we act as the drawer and the commissioner of the research acts as the organiser. Participation details and the organiser can be found in the rules of the specific draw. The organiser is responsible for the draw prize, and any related notification obligations, lottery tax, etc., required by law. The draw prize is delivered by either the drawer or the organiser.

5. Methods of Collecting Personal Data

5.1. Customer Relationship Management, Sales, and Marketing

We collect personal data of Contact Persons from:

• the individuals themselves
• professional directories
• public registers
• social media platforms (such as LinkedIn)
• websites of client companies
• registrations for events
• direct communication, such as emails or phone conversations
• organised events/seminars, etc.
• contracts
• recommendations from other clients or partners

5.2. Customer Experience, Usability, and User Research

We collect personal data of Research Participants depending on the research from:

• the individuals themselves
• recruiters for the research
• clients commissioning the research
• public data registers (such as databases from the Population Register)

6. Disclosure of Personal Data

6.1. Customer Relationship Management, Sales, and Marketing

We do not forward the contact person’s personal data to third parties. Exceptions to the above:

• We may occasionally disclose the contact person’s personal data to other companies within the same group (for more information on the companies in the group, see our Registration Document, in Finnish), as well as to certain service providers and subcontractors. These parties help us carry out various functions necessary for the processing of your personal data. In such transfers, we ensure through necessary measures (such as contracts) that the parties receiving the personal data are properly committed to data protection and process the data on our behalf only for the purposes described in this statement.
• We may disclose the contact person’s personal data to competent authorities if required by law, court order, or competent authorities.
• We may disclose the contact person’s personal data to legal advisors if criminal or improper conduct is suspected.
• We may disclose the contact person’s personal data to a buyer if we are involved in a corporate or business transaction.

6.2. Customer Experience, Usability, and User Research

We do not forward the research participant’s personal data to third parties as such. We provide the results of the research including possible photographs to the client commissioning the research, but always in a way that the identity of the research participants cannot be discerned. Exceptions to the above:

• We may provide the client commissioning the research with recordings (video / audio) made in connection with the research.
• We disclose the personal data of the recipient of the participation fee to either the tax authorities if we pay the participation fee.
• We disclose the personal data of the winners of the draw prizes to the client commissioning the research only if the client handles the delivery of the draw prizes.
• We may occasionally disclose the research participant’s personal data to other companies within the same group (for more information on the companies in the group, see our Registration Document, in Finnish), as well as to certain service providers and subcontractors. These parties help us carry out various functions necessary for the processing of the research participant’s personal data. In such transfers, we ensure through necessary measures (such as contracts) that the parties receiving the personal data are properly committed to data protection and process the data on our behalf only for the purposes described in this statement.
• We may disclose the research participant’s personal data to competent authorities if required by law, court order, or competent authorities.
• We may disclose the research participant’s personal data to legal advisors if criminal or improper conduct is suspected.
• We may disclose the research participant’s personal data to a buyer if we are involved in a corporate or business transaction.

7. Transfer of Personal Data Outside the EU or EEA

7.1. Customer Relationship Management, Sales, and Marketing

We generally do not transfer the contact person’s personal data outside the EU/EEA. Exceptions to the above:

• Some of our service providers may be located outside the EU because we store and process the contact person’s personal data primarily in digital form, through cloud services.
• In the event that we transfer the contact person’s personal data outside the EU, we ensure the security of that data transfer and use GDPR-required safeguards, such as standard contractual clauses, adequacy decisions, or other similar mechanisms. More information on the safeguards we use for transfers can be obtained by contacting us using the contact details under “Data Controller.”

7.2. Customer Experience, Usability, and User Research

We generally do not transfer the research participant’s personal data outside the EU/EEA. Exceptions to the above:

• However, some clients commissioning our research may also be located in countries outside the EU and EEA.
• Some of our service providers may be located outside the EU because we store and process the research participant’s personal data primarily in digital form, through cloud services.
• In the event that we transfer the research participant’s personal data outside the EU, we ensure the security of that data transfer and use GDPR-required safeguards, such as standard contractual clauses, adequacy decisions, or other similar mechanisms. More information on the safeguards we use for transfers can be obtained by contacting us using the contact details under “Data Controller.”

8. Data Security and Protection

8.1. Customer Relationship Management, Sales, and Marketing

The Contact Person’s personal data are properly protected against unauthorised access, accidental or unlawful destruction, alteration, disclosure, transfer, or other illegal processing. This data is stored in a password-protected and firewall-secured cloud service or database. Access to this personal data is granted only to our employees whose duties or roles include processing this information.

‍

Any physical documents (e.g., signed consent forms) are stored in a locked space accessible only to those employees who have a work-related right to process such data.

‍

If we use artificial intelligence for analysis and summaries, we anonymize the personal data.

8.2. Customer Experience, Usability, and User Research

The Research Participant's personal data are properly protected against unauthorised access, accidental or unlawful destruction, alteration, disclosure, transfer, or other illegal processing. This data is stored in a password-protected and firewall-secured cloud service or database. Access to this personal data is granted only to our employees whose duties or roles include processing this information.

Any physical documents (e.g., signed consent forms) are stored in a locked space accessible only to those employees who have a work-related right to process such data.

If your name or other personal information appears in the recordings (video / audio), we will edit the recording to remove the information before any possible onward transfer. We aim to update or delete unnecessary, incorrect, or outdated contact person's personal information at least once a year.

‍9. Retention of Personal Data

9.1. Customer Relationship Management, Sales, and Marketing

The retention period for the Contact Person’s personal data may vary depending on the purpose of use, the legal basis for processing, and circumstances. We retain the Contact Person’s personal data (also applicable to subcontractors or partners) only as long as:

• necessary for the respective purpose
• required by legislation

We delete the Contact Person’s personal data unless there are legal grounds for retention, if:

• the data subject withdraws their consent, if the collection of such personal data was based on consent
• the data subject requests the deletion of such personal data
• the data subject’s information becomes outdated or incorrect

9.2. Customer Experience, Usability, and User Research

The retention period for the Research Participant’s personal data may vary depending on the purpose of use, the legal basis for processing, and circumstances. We retain the Research Participant’s personal data (also applicable to subcontractors or partners) as long as:

• Registration data for researches: we need the registrations to conduct the research
• Personal data, consents, and confidentiality agreements: the material related to our research is necessary
• Photographs: our illustrative material exists
• Recordings (video / audio)and derived materials (screenshots and transcriptions): are necessary for managing our research projects, but no longer than one year from the date of recording
• Participation fee information and its receipt form: there is a legal right or obligation to retain some of your personal data, e.g., for our tax or accounting obligations (6 years), or to prevent fraud
• Contact details for the draw: as specified in the rules of the draw
• Other information provided in our researches: is necessary for managing our research projects

If we have transferred materials to the client commissioning the research, the client becomes an independent data controller, and all responsibility for the retention and deletion of the transferred materials is entirely transferred to the new data controller.

‍10. Cookies and Their Use

10.1. General

Cookies are small text files that are transferred to your device—such as a computer, smartphone, or tablet—when you visit websites. They enable and enhance the functionality of web services, making browsing smoother. Cookies allow us to develop our website’s functionality, better understand how visitors use our site, and provide you with a more personalised browsing experience. The information collected through cookies cannot be linked to your personal or contact details, nor do they allow access to or copying of information on your device.

We use the following types of cookies:

• Essential Cookies (Always Active): These cookies are necessary for the basic functions of our website. They enable secure access to our site and the use of its basic features, such as shopping cart functions. Since these cookies are essential for the website to function, they cannot be refused.
• Performance Cookies: These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us understand which pages are the most and least popular and see how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous.
• Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
• Targeting Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.

You have the right to choose which types of cookies you allow to be used. Except for essential cookies, you can modify your cookie settings at any time from our website’s cookie settings. Please note that restricting cookie settings may affect the functionality of the site and your user experience. For more information on managing and deleting cookies in different browsers, you can find it at How to Enable and Disable Cookies on Every Web Browser [Guide].

Our services may include links to third-party websites or services. These websites may use cookies, web beacons, or similar technology, so you should check and accept the respective website’s cookies before using the website, as we do not have access to third-party cookies or similar technology.

If you have any questions about our cookie policy, please contact us using the contact details provided in the “Data Controller” section.

10.2. Customer Relationship Maintenance, Sales, and Marketing

We use cookies to gather information on how visitors use our website. We also use them to develop our services and website, analyse website usage, and target and optimise our marketing.

If you have any questions about our cookie policy, please contact us using the contact details provided in the "Data Controller / Customer Relationship Maintenance, Sales, and Marketing" section.

10.3. Customer Experience, Usability, and User Researches

We use cookies on websites that have forms for research registration, consent, confidentiality, and receiving participation incentives.

If you have any questions about our cookie policy, please contact us using the contact details provided in the "Data Controller /Customer Experience, Usability, and User Researches" section.

‍11. Your Rights

11.1. General Information

Applicable data protection legislation grants you several rights, which we are committed to respecting in our operations. Under certain conditions set by law, you have the following rights related to your personal data:

1. The right to request us to provide you with a copy of the personal data we hold about you and certain information related to the processing of these personal data. You have the right to receive one (1) copy of your personal data free of charge. For additional copies requested, we may charge a reasonable fee to cover the administrative costs of the request.
2. The right to request us to update your personal data or correct any incorrect personal data.
3. The right to request the deletion of your personal data in certain situations, for example when your personal data is no longer needed for the purposes for which it was originally collected or processed.
4. The right to request us to restrict the processing of your personal data in certain situations, for example, when you dispute the accuracy of the personal data or we no longer need the personal data for their original processing purposes, but the data is needed to establish, exercise, or defend legal claims.
5. The right to object to our processing based on our legitimate interests.
6. The right to withdraw your consent to processing at any time when our processing is based on your consent. Please note, however, that this does not affect the processing that has taken place before the withdrawal of consent.
7. The right to receive your personal data in a structured, commonly used, and machine-readable format, and the right to transfer this data to another data controller.
8. The right to lodge a complaint with the local competent supervisory authority, which in Finland is the Data Protection Ombudsman (www.tietosuoja.fi).

11.2. Customer Relationship Maintenance, Sales, and Marketing

If you wish to exercise any of the above rights, you can do so by contacting us using the contact details provided in the "Data Controller / Customer Relationship Maintenance, Sales, and Marketing" section. We may need to request additional information about your identity before we can fulfil your request to ensure that you are entitled to make the request.

11.3. Customer Experience, Usability, and User Researches

If you wish to exercise any of the above rights, you can do so by contacting us using the contact details provided in the "Data Controller / Customer Experience, Usability, and User Researches" section. We may need to request additional information about your identity before we can fulfil your request to ensure that you are entitled to make the request.

‍12. Questions and Answers

12.1. Customer Relationship Maintenance, Sales, and Marketing

‍Where did you get my contact information?

• See the methods of collecting personal data in section 4.1.

How can I have my contact information removed so that I no longer receive invitations to participate in researches?

• Contact the person listed in the “Data Controller” section.

What personal data do you have about me?

• See the personal data processed in section 3.1.

How can I check what personal data you have about me?

• A request for inspection must be sent to us in writing using the contact details provided in the “Data Controller” section. You can exercise your right of inspection once a year free of charge.

How can I withdraw my consent?

• Contact the person listed in the “Data Controller” section. Please note, however, that this will not affect processing that has taken place before the withdrawal of consent.

12.2. Customer Experience, Usability, and User Researches

‍Where did you get my contact information?

• Your contact information was obtained either directly from you when you registered to participate in a research or responded to a desire to participate through a research panel, or you are a client in a customer relationship.

How can I have my contact information removed so that I no longer receive invitations to participate in researches?

• Primarily contact the person inviting you to the research and secondarily the person listed in the “Data Controller” section.

How do you contact me?

• We typically contact potential participants by email and, in exceptional cases, by phone.

How do you ensure that my identity is not disclosed to the client commissioning the research?

• We never link your contact information to the responses you provide, so you cannot be identified from the research data processed.

What personal data do you have about me (related to this research)?

• See the personal data processed in section 3.2.

How can I check what personal data you have about me?

• A request for inspection must be sent to us in writing using the contact details provided in the “Data Controller” section. You can exercise your right of inspection once a year free of charge.

How can I withdraw my consent?

• Primarily contact the person inviting you to the research and secondarily the person listed in the “Data Controller” section. Please note, however, that this will not affect processing that has taken place before the withdrawal of consent.