Privacy Notice
This privacy notice applies to the collection, use, and disclosure of personal data in connection with PrivacyDesigner’s software, websites, and other services. We may update this privacy notice whenever we make changes to our personal data processing activities or when applicable legislation changes. The updated privacy notice will be available here on our website and at all other points of contact where we collect personal data directly from you as a data subject.
If you have any questions about our privacy practices, this privacy notice, or if you wish to exercise your data subject rights, please contact us at heikki.tolvanen@privacydesigner.com
Data Controller
The data controller is PrivacyDesigner Oy, located at Vallilankatu 13C 13, 80220 Joensuu, Finland.
The contact person for data protection matters is Chief Legal Engineer Heikki Tolvanen, available at heikki.tolvanen@privacydesigner.com
How and from where we collect personal data
We collect personal data in situations where you use our various services or contact us. As a rule, we obtain personal data directly from you, but in some cases, such as when you use our digital services, we may also collect personal data automatically.
Below, we have listed the typical situations in which we may collect your personal data:
When you visit our website, participate in our webinars, or use our digital services such as the PrivacyDesigner software, we automatically collect certain personal data, such as your IP address and the timestamp of your visit.
When you contact us, or when we contact you, we naturally collect personal data related to such interactions, such as the time and topic of the contact, as well as the content of our communication.
When you request more information about our services or a demo version of the PrivacyDesigner software, we collect your contact details and necessary information about your employer in order to arrange the presentation of our services and software.
When you provide us with feedback or request support related to the use of the PrivacyDesigner software, we naturally collect the content of your feedback or support request to better serve you and to contact you if necessary.
We may also obtain your contact details from publicly available sources when searching for new business opportunities. Such public sources include social media platforms like LinkedIn and the websites of organizations you represent.
When you enter into an agreement with us for the purchase of services, we naturally receive your personal data, such as your name, title, and the details of the organization you represent, for the purpose of signing the contract.
When you subscribe to our newsletter, we collect your email address for delivering the newsletter.
We also process your personal data in situations where you interact with our digital advertising on external websites.
For what purposes do we process your personal data?
As a software company, we process your personal data primarily for three main purposes: to deliver our services, to acquire new customers, and to carry out our marketing campaigns. We ensure that all such processing activities are conducted in ways you can reasonably expect.
We do not wish to support surveillance capitalism, which is why we have chosen not to use third-party tracking on this website. Our mission is to help companies address their privacy challenges, not to create new ones for them.
Service delivery and software maintenance
In order for you to use our websites or the PrivacyDesigner software, we need to process your IP address. We also collect certain log data to analyze the use of our services, improve them, identify potential issues, and generate internal reports on service usage. Additionally, we process your login information to ensure that you can access content intended specifically for you. If you are one of our contractual customers, we store the necessary information about you and the organization you represent.
Legal bases for processing
We believe we have a legitimate interest in processing your personal data to provide the services you have requested. When you use the PrivacyDesigner software, the processing of your personal data is necessary to grant you access to the software and to fulfill our contractual obligations.
Conducting daily business operations
As a company, we have commercial interests in growing our business and making the PrivacyDesigner software the best tool on the market for managing privacy and data regulation. To acquire new customers, you may receive an email, phone call, or other type of contact from us. Naturally, this means that we process your contact details and information about the organization you represent in order to reach out to you.
Legal bases for processing
We believe we have a legitimate interest in carrying out normal daily business operations, including customer acquisition. We have ensured that these processing activities have the minimal possible impact on your privacy.
Newsletters, webinars, and marketing
Because we believe we have created the best privacy management tool and supporting services on the market, we naturally want the world to know about them. This means you may see our advertisements across different channels, such as on social media. We do not share personal data with our advertising partners, but we may use certain criteria to target our ads, for example, toward individuals with job titles like “Data Protection Officer” or “DPO.”
We also want to keep you informed about our latest developments and features, unless you have chosen to opt out of such communications.
Legal bases for processing
We believe we have a legitimate interest in conducting normal business operations, including informing people about our services, carrying out marketing activities, and organizing webinars and training sessions. We have ensured that these activities have the minimal possible impact on your privacy.
How long do we retain your personal data?
As a general rule, your personal data will be deleted once we no longer need it for the purposes for which it was originally collected, unless we are required by applicable law to retain it for a longer period.
Log data is retained for 24 months, unless we have a valid legal reason to keep it longer, for example, if we need to investigate fraudulent activity related to our operations.
Contact details are stored in our CRM system for as long as we have a business relationship with you or your employer. If you have been identified as a potential customer but no contract is concluded, your contact details will be deleted within 24 months of the last interaction.
Customer support information is retained for 24 months, unless we have a valid legal reason to keep it longer. For instance, we may need such information to verify a business transaction retrospectively.
Information related to business transactions, such as agreed contact details, emails, or other sales-related communications, is retained for the duration of our business relationship with you plus ten years.
Newsletter-related information is retained until you unsubscribe from the newsletter.
Job applications and other recruitment-related information are retained for six months.
Do we disclose your personal data to third parties?
We have made significant efforts to keep the number of third parties involved in our operations as limited as possible. However, we cannot do everything ourselves, and therefore we use a small number of third parties with whom we share personal data in connection with our services.
We have entered into data processing agreements with these companies to ensure that personal data is processed solely on our behalf and not for their own purposes.
At present, the following third parties are involved in the processing of your personal data:
UpCloud Oy
UpCloud provides us with data center services. We use their data centers and servers to host our systems and, consequently, your personal data.
Location: Finland
Montel Intergalactic Oy
Montel provides us with external consulting support for software development as well as system and server maintenance.
Location: Finland
Abstrix GmbH
We use the webinar platform provided by Abstrix to organize our webinars.
Location: Germany
Microsoft Ireland Operations Ltd
We use Microsoft 365 (M365) for our internal communication, document management, and productivity tools. This means some personal data, such as email content and files containing personal data, is processed within the Microsoft cloud environment..
Location: Ireland
What rights do you have regarding your personal data?
Under the EU General Data Protection Regulation (GDPR), you have certain rights concerning the processing of your personal data. A summary of these rights is provided below. Please note that some of these rights are not absolute and may be subject to certain limitations.
If you have any questions about this privacy notice or your rights as a data subject, please contact us at heikki.tolvanen(a)privacydesigner.com
Right of Access
You have the right to request confirmation at any time as to whether we process your personal data. If we do, you have the right to access such data and to obtain a copy of it.
Right to Rectification
If you believe that any personal data we hold about you is inaccurate, outdated, or incomplete, you may contact us and request that such data be corrected.
Right to Erasure (“Right to Be Forgotten”)
You have the right to request that we delete your personal data. We will do so unless we are legally required or otherwise entitled to retain it. For example, we may need to keep certain data to verify business transactions or to defend against or prepare for legal claims.
Right to Restrict Processing
You have the right to request that we suspend the processing of your personal data, for instance, if you need the data for establishing, exercising, or defending legal claims and do not wish us to delete it according to our retention periods.
Right to Data Portability
You have the right to receive certain personal data concerning you in a structured, commonly used, and machine-readable format, and to transmit those data to another controller.
Right to Object
You have the right to object to the processing of your personal data, and we will stop such processing unless we believe we have a legitimate reason to continue. However, you may object to any processing carried out for direct marketing purposes at any time.
