1. Controller
Premico Group Oy and the applicable companies belonging to the same group of companies from time to time
Aleksanterinkatu 11, 00100 Helsinki
info@premico.fi
(herein ”we”, ”us”, ”our” or ”Premico”)
2. Contact person
Data protection matters
c/o Premico Group Oy
Aleksanterinkatu 11, 00100 Helsinki
info@premico.fi
3. General
In this privacy policy we tell how personal data of our clients, suppliers and other cooperation partners is processed in Premico’s operations.
4. What are the grounds for processing and what purposes do we process personal data for?
Premico collects and processes data on its clients, suppliers and other cooperation partners and their representatives in its operations. Such data is processed for the purpose of providing Premico’s services, managing client, cooperation and partner relationships as well as developing and marketing Premico’s operations and measuring customer satisfaction and the quality of customer service. As regards such purposes, the processing of personal data is based on contractual rights and obligations (such as contract related communications with the client), legitimate interests of Premico or a third party (e.g. marketing) or fulfilling Premico’s obligations based on law (for example, identification of customers). In some situations the processing of personal data can also be based on the consent given by the data subject (e.g. subscription of newsletters).
5. What data do we process?
We process such personal data of our clients, suppliers and other cooperation partners which is from time to time necessary for the above-described purposes of processing such as:
- Contact information: e.g. name, email, address, phone number, personal ID;
- Job related information: e.g. position, title and responsibilities;
- Information on the employer: e.g. business ID, contact and background information;
- Identification information: e.g. beneficiaries and passport copy
- Event information:g. participation details;
- Contacts by customer service and sales;
- Information on marketing messages: e.g. data on messages sent, opened and clicked;
- Data on subscription and downloads of guides and other material;
- Interests and lead points describing the use of content;
- Consents given for processing of personal data.
6. Where do we collect the data from?
As a rule, we collect personal data directly from the data subjects themselves and, for example, in connection with using our website, phone calls, emails, social media, customer surveys, logins to digital services and visits.
If necessary, personal data can also be collected from other sources such as employers based on client relationship and public sources. This may be necessary, for example, to pursue legitimate interests or fulfil contractual or legal obligations of Premico or a third party. For example, we can collect personal data through services that utilize commonly available sources from third parties we use. Such data collection may relate to the identification of data subjects, the identification of politically exposed persons, as well as fulfilling obligations related to the prevention of money laundering and terrorist financing laws. The collection and updating of data will be performed manually or by automatic means.
7. Where do we disclose and transfer personal data and do we transfer data outside of the EU or EEA?
We use subcontractors to process personal data. For example, we have outsourced our IT management to a third-party service provider, and personal data is stored in the servers managed and secured by such service provider. Premico may also disclose the above-described personal data to the affiliates and associated companies belonging from time to time to the same group of companies with Premico as well as consultants, clients and other contracting parties of such group companies where the disclosure is required by contractual obligations or other grounds for processing of the personal data.
Personal data may be transferred outside of the EU and EEA if it is necessary for the purposes or technical implementation of the processing of personal data. Transfers of personal data to clients, suppliers and other third parties will be subject data processing agreements in accordance with the applicable law such as EU’s General Data Protection Regulation. Transfers of personal data outside of the EU and EEA require compliance with the applicable data protection law and appropriate safeguards such as standard contractual clauses based on the European Commission’s applicable decision. Premico does not disclose personal data to other than the above-described recipients unless otherwise required by mandatory legislation.
8. How do we protect the data and how long do we store the data?
We have implemented and maintain appropriate technical and organizational measures to protect the personal data against accidental or unauthorized access, disclosure, destruction, loss, damage, manipulation and against other unlawful processing. Our data protection practices include physical measures, access management (e.g. user IDs, firewall, digital encryption technologies), logs, anti-virus software, prevention of DoS attacks and other necessary data security measures.
Personal data is processed confidentially in Premico’s operations. Access to personal data is limited to persons who need to access the personal data in order to carry out their work obligations.
We store personal data in an identifiable form only as long as is necessary for the applicable purpose of processing. When the personal data is no longer necessary for such purposes, we erase the data unless the applicable law requires us to store the data for a longer period. We assess the necessity of storing personal data on a regular basis considering the applicable law. In addition, we take reasonable measures to ensure that no incompatible, obsolete or incorrect personal data is stored considering the purposes of processing. We correct or erase such data without delay.
9. What rights to you have as a data subject?
As a data subject you have the right to
- know whether we process data concerning you and, if so, access it and information on the processing of personal data as required by law;
- require us to correct any inaccurate or incorrect data concerning you and to have incomplete personal data completed;
- obtain the erasure of personal data concerning you in accordance with law (for example, when data is no longer needed and there is no lawful ground to store such data);
- withdraw or amend the consent you have possibly given for the processing of personal data;
- request restriction of processing of your personal data in accordance with law and, for example, when you wait for a response to your request regarding correction of your data;
- object profiling targeted at you and, in accordance with law, other processing of personal data where processing is based on the controller’s legitimate interest;
- have your data transmitted to another system in situations regulated by the applicable law.
A data subject may also file a complaint with the competent supervisory authority if the data controller has not complied with the data protection legislation applicable to its operations. In Finland, compliance with data protection legislation is supervised by the Data Protection Ombudsman. If you want to file a complaint with the Data Protection Ombudsman regarding processing of personal data in Premico’s operations you can contact the Data Protection Ombudsman’s office as instructed in www.tietosuoja.fi
10. Contact information
Contacts and requests related to processing of personal data in Premico’s operations or this privacy policy shall be sent to Premico’s data protection officer described in Section 2.
11. Changes to the privacy policy
If we make changes to this privacy policy we will describe and date such changes below in this policy. If the changes are significant, we may also inform about them in other ways such as via email or by publishing the change on our website. We recommend that you visit our website regularly and pay attention to possible changes in the policy.
Changes:
2.3.2023: The privacy policy has been updated to improve readability, contact information of the data protection officer has been added and other cooperation partners have been added to the privacy policy.
16.05.2023; Added purpose for data processing: measuring customer satisfaction and ensuring the quality of customer service,
26.9.2023; Added a customer survey as a method of collecting personal data.
27.12.2023; Added examples to section 6.