This Privacy Notice applies to our practices regarding the collection, use and disclosure of the personal data in connection with PrivacyDesigner. We may update this Privacy Notice due to changes in our processing operations or in applicable legislation. An updated privacy notice will be available here on our website and all other contact points where we obtain personal data directly from you.
If you have any questions regarding our privacy practices, this Privacy Notice or you wish to exercise your rights as a data subject, please contact us at heikki.tolvanen@privacyant.com.
Who are we?
We are PrivacyAnt Ltd., a company established in Finland with a registered address at Franzeninkatu 21 A, 00500 Helsinki. In privacy matters, you can contact our Chief Legal Engineer Heikki Tolvanen at heikki.tolvanen@privacyant.com.
How and where do we obtain your personal data?
When you interact with us, we are collecting your personal data. Depending on the interaction, you might provide personal data to us by your self, or we can collect it automatically. We have listed below the most common situations where we obtain your personal data:
When you visit our website, we automatically gather sever log file information that contains certain personal data of yours, such as your IP-address and time of visit.
When you contact us or we contact you, we collect your personal data such as the time and the details of the communication between us.
When you request a demo of PrivacyDesigner, we obtain your personal data such your contact details and information about your company.
When you send us feedback or request support for PrivacyDesigner, we obtain your personal data such as your contact details and the details of your inquiry.
Publicly available sources. When searching for new leads and potential customers, we might search your contact information from your company’s website, social media or other publicly available sources.
When you enter into an agreement with us, we will obtain certain information such as your name, title and the company you work for.
When you sign up for our newsletter.
When you interact with our advertising on different channels.
For what purposes do we use your personal data?
As a business, we use your personal data for mainly three main purposes: to provide our services, finding new customers and to conduct our marketing activities. We will make sure that these activities are conducted in ways that you would be reasonably expecting. We have no interest of participating the surveillance capitalism activities and therefore decided not to use any tracking on this website. After all, our mission is to help companies with their privacy challenges, not to create new ones for them.
To provide our services and keep PrivacyDesigner running.
For example, in order for you access our website or other services, we need to process your IP-address. We process certain log information in order to analyse, report and improve our services and to diagnose potential issues with our servers. In addition, we need to process your login credentials for ensure your access to PrivacyDesigner. If you subscribe to PrivacyDesigner, we naturally store and process your contact details along with some details about your employer.
Lawful bases: We believe we have legitimate interests to process your personal data to provide the services you have requested. When you subscribe to PrivacyDesigner, the processing of your personal data is necessary to perform the contract between us to take steps prior to entering into such contract.
To conduct normal day-to-day business activities.
As a business, we have commercial interests to grow and make PrivacyDesigner the #1 tool for privacy. Therefore you might receive a cold email, phone call or other message from us. Naturally this means that we will process your contact details in order to communicate with you.
Lawful basis: We believe we have legitimate commercial interests to conduct normal day-to-day business activities including sales. We have made sure that these activities will have as minimal impact as possible to your privacy.
Newsletter and marketing.
As we believe we have created something great, we want the world to know about it. This means you might see our advertisements on different channels such as social media. We do not share any personal data with our advertisement partners, but we use certain criteria to target our advertising, for example to people with a job title as “data protection officer”. We also want to keep you updated on our latest developments and features unless you have indicated you wish to opt-out from such communication.
Lawful basis: We believe we have legitimate commercial interests to conduct normal day-to-day business activities including sales. We have made sure that these activities will have as minimal impact as possible to your privacy.
How long do we keep your personal data?
As a general rule, your personal data will be deleted once we don’t need it for the purposes it was collected, unless there is a legal obligation for us to retain it for longer periods.
Log file information is stored for 24 months unless we have a valid legal reason to retain such information for longer periods, for example if we need to investigate any fraudulent behaviour.
Contact details are stored within our CRM for as long as we have a business relationship with you or your employer. If you are a sales lead and we do not enter into an agreement with you, your contact details will be removed within 24 months upon last communication with you.
Customer support data and inquiries are stored for 24 months unless there is a valid legal reason to storing such data for longer periods, e.g. we might need such information to verify a business transaction afterwards.
Data about business transactions, such as agreed contact details, emails or other sales communications are stored for as long as we have a business relationship with you + 10 years.
Newsletter subscriptions are stored until your consent to receive such communication is withdrawn.
Job application information we store for 6 months.
Please note that we might anonymize certain personal data in a shorter periods of time than listed above, if we don’t have any reason to retain it in a form that enables us or any 3rd party to identify you.
Do we disclose your personal data to third parties?
We have put a great effort to limit the number of our service providers to what is strictly necessary for providing our services to you and to keep your information under our full control. As we can’t do anything by ourselves, we have to use a limited number of 3rd parties that we share your information with in connection with the services. We have made contractual arrangements with these companies to ensure they will process your personal data only on our behalf and never for their own purposes. At the moment, the following third parties are used in the processing of your personal data:
- UpCloud Oy.
We use UpCloud as an infrastructure provider. We use their data centres and servers to host our IT-systems and store your personal data.
Location: Finland - CRM Service Oy.
We use CRM Service to provide us with the CRM. They host the CRM system in their own data center in Finland.
Location: Finland - Montel Intergalactic Oy.
Montel provides us with external help for software development and IT-system maintenance.
Location: Finland
In addition, your personal data will be shared with 3rd parties in the following situations:
- If PrivacyAnt becomes involved in a merger, acquisition or any form of sale of all or some of our assets, we may share and/or transfer your personal data in connection with the evaluation of and entry into such transactions.
- When required by law. In some scenarios, we may have to disclose your personal data when responding to lawful requests made by public authorities or law enforcement agencies.
- When disclosing your personal data is necessary to protect the rights or safety of PrivacyAnt, our partners, our customers or you.
- In any other case where we have obtained your consent.
What rights do you have as a data subject?
Under the General Data Protection Regulation, you have certain rights relating to the processing of your personal data and below we have summarised those rights. Please be aware that some of these rights are not absolute and there are certain limitations when they apply. For any questions or information about this Privacy Notice or your rights as a data subject, please contact us at heikki.tolvanen@privacyant.com.
Right to access your information. You have the right to request at any time, a confirmation whether we are processing your personal data or not. In case we are processing your data, you have the right to access and receive a copy of such information.
Right to correct your personal data. If you believe that the information we store on you is incorrect our out- of-date, you may contact us and request to correct such information.
Right to be forgotten. You have the right to request us to delete your personal data and we will do so, except we have a legal obligation to store it or when we have a legitimate reason to retain it. For example, we need certain information to verify a business transaction or to defend or to prepare against a legal claim.
Right to restrict processing. You have the right to ask us to suspend processing of your personal data, for example if you need such information for the establishment, exercise or defence of legal claims and you don’t want us to delete such information in accordance with our retention times.
Right to transfer your personal data. You have the right to get your personal data in a commonly used, machine-readable format so you can transfer such data to another company.
Right to object processing. You have the right to object processing of you personal data and we will cease the processing except when we believe we have legitimate reason to continue processing. At any time, you may object any processing that we conduct for direct marketing purposes.