Privacy statement

1. Data controller

Contact information:
Ubigu Oy (2762483-3)
Hämeenkatu 14 C 17
33100 Tampere
info@ubigu.fi
www.ubigu.fi

Data controller contact person:
Ilpo Tammi
+358 50 434 7939
ilpo.tammi@ubigu.fi

2. Data controller name

Ubigu Oy’s customer, user and marketing register.

3. Purpose of the register

The personal data of Ubigu Oy’s customers and website users who have requested additional information and/or an offer about the company’s services are processed in connection with the handling of orders and assignments, marketing of products and services, service development, customer surveys, contacts, invoicing, collection, reporting and other measures related to customer management.

The purchase and transaction data and location data processed in the register can also be used for profiling and targeting marketing measures and customer communications that are of interest to the registered person. Personal data is also processed in connection with participation in events and other marketing measures.

4. Legal basis for processing personal data

The controller processes personal data on the basis of an agreement made with the customer in order to implement the agreement or to take measures prior to the agreement. The processing of personal data for the purpose of managing the customer relationship and for marketing is possible on the basis of the controller’s legitimate interest under the customer relationship.

5. Personal data stored in the register

The groups of individuals whose data may be processed are the contact persons of the employer organization that is or has been a customer of the controller, persons who have been in contact with the controller, users of the services provided by the controller, participants in training and events organized by Ubigu Oy, or those who have given marketing permission.

The register may process, among other things, the following data groups of information necessary for the purpose of use of the register:

a) basic information of the employer organization that is or has been a customer of the controller, such as name and contact information (address, email address, telephone number) and the name and contact information of the contact person.
b) information related to the customer relationship between the controller and the data subjects, such as order information, information about meetings and emails, possible direct marketing permits and prohibitions, and other communication between the parties and information related to the service.
c) the data of the registrant related to the use of the controller’s services, such as first and last name, employer and email address, which the user has provided.
d) the contacts of the registrant with the customer service on the controller’s website.
e) the first and last name of the registrant who has registered for the controller’s training and events, as well as any contact information and other information provided. The registration information for the event entered by the registrant himself may include, among others, the following information: email, telephone number and address.

6. Regular data sources

Information provided by the customer, the customer information system and billing database, information from customer relationship management and customer service systems, user and usage data of the services, partners, and companies and authorities that provide services related to personal data.

7. Regular data transfers

The data will not be transferred for marketing purposes outside of Ubigu Oy. We have ensured that all our service providers comply with data protection legislation.

Ubigu Oy may outsource the processing of your personal data to companies outside the company, which may also be located in countries outside the European Union and the European Economic Area, such as the United States. These companies may process personal data to provide infrastructure and IT services, or other services. In such cases, sufficient data security and register processing is ensured by the EU-U.S. – Privacy Shield – arrangement, or by contract using model clauses approved by the EU Commission.

8. Basics of register protection

The data is stored in a technically protected manner. Physical access to the data is prevented by access control and other security measures. Access to the data requires sufficient rights and multi-step authentication. Unauthorized access is also prevented by, among other things, firewalls and technical protection. Only the controller and separately designated technical personnel have access to the register data. Only designated persons have the right to process and maintain the register data. Users are bound by a duty of confidentiality. The register data is securely backed up and can be restored if necessary. The level of data security is audited at frequent intervals, either through external or internal auditing.

9. Cookies

What is a cookie?

The controller uses cookies on its website. A cookie is a small text file that the internet browser stores on the user’s device.

Use of cookies on websites

The controller only uses technical cookies on its website, the use of which is mandatory for the functionality of the website. Cookies that store user data are not used on the website.

Blocking the use of cookies

The user can specify in their browser settings whether the user wants to accept or deny the use of cookies. The user can also specify the browser setting to notify the website about the use of cookies, in which case the user can accept the use of cookies on a case-by-case basis. If the user blocks the use of cookies, this may affect the functionality of the controller’s website.

10. Embedded content from other sites

Articles on this site may contain embedded content (e.g. videos, images, articles, etc.). Opening embedded content from other sites is comparable to a visitor visiting a third-party site themselves.

These sites may collect information about you, use cookies, embed third-party tracking cookies, and monitor your interaction with the embedded content, including monitoring your interaction if and when you are logged in as a user on the site.

11. Data subject rights

The data subject has the following rights, requests for which should be made to the following address: info@ubigu.fi

Right of inspection

The data subject may inspect the personal data we have stored.

Right to rectification

The data subject may request the rectification of incorrect or incomplete data concerning him/her.

Right to object

The data subject may object to the processing of personal data if he/she believes that the personal data has been processed unlawfully.

Prohibition of direct marketing

The data subject has the right to prohibit the use of data for direct marketing.

Right to erasure

The data subject has the right to request the deletion of data if the processing of the data is not necessary. We will process the deletion request, after which we will either delete the data or provide a justified reason why the data cannot be deleted.

Withdrawal of consent

If the processing of personal data concerning the data subject is based solely on consent, and e.g. customer or membership, the data subject may withdraw consent.

The data subject may appeal the decision to the Data Protection Ombudsman

The data subject has the right to demand that we restrict the processing of the disputed data until the matter is resolved.

Right of appeal

The data subject has the right to file a complaint with the Data Protection Ombudsman if he or she feels that we are violating the applicable data protection legislation when processing personal data.
Contact information for the Data Protection Ombudsman: www.tietosuoja.fi/fi/index/yhteystiedot.html