PRIVACY POLICY
Privacy and cookie policy updated 24. Sep 2024; version 1.3
1.GENERAL INFORMATION
With this privacy policy Scaled Group provides information to data subjects on the processing of their personal data, as required by the EU General Data Protection Regulation (“GDPR”) and the Finnish Data Protection Act. In addition, this privacy policy contains general information regarding Scaled Group’s data protection principles for Scaled Group’s customers and other stakeholders.
2. CONTROLLER AND CONTACT INFORMATION
Name: Scaled Group Oy (Finnish Business ID 3191168-3; “Scaled”)
Street address: Keilaranta 3, FI-02510 Espoo, Finland
E-mail address: privacy@scaled.fi
Contact person: Mr. Risto Reinikka (risto.reinikka@scaled.fi / +358 50 598 28 37)
3. NAME OF REGISTER
Scaled Group’s customer and stakeholder register
4. PURPOSE AND LEGAL BASIS FOR PERSONAL DATA PROCESSING
Scaled processes personal data for the following purposes on the following legal bases:
Performance of a contract: Scaled processes information provided by customers to fulfill agreements entered into with customers. Without the personal data Scaled would not be able to provide its products and services as requested by the customer, process orders, enable login to customer accounts, verify customer transactions, contact the customer regarding contract matters, provide technical support or invoice for its products and services.
Consent: Scaled will ask website visitors for their consent to the use of cookies and other similar technologies. Scaled may also request the consent of the data subject if the purpose for the processing changes. In addition, Scaled may, with the data subject’s consent, process other personal information related to the customer or community member relationship.
Legitimate interest: Scaled processes information for the purposes of marketing its products and services to relevant companies, delivering and improving its products and services, analyze the use of its products and services, carry out customer surveys, target content, advertising and marketing messages, organize events, prevent and detect misuse, and file and defend legal claims. These purposes are necessary for Scaled’s business and justified by the objective link between the data subject and Scaled and thus in Scaled’s legitimate interest. For specific personal reasons, the data subject has the right to object processing personal data on him/her, when the processing is based on Scaled’s legitimate interest.
Legal obligation: Scaled may be required to process certain personal data to comply with a legal obligation, for example in connection with its obligation to maintain bookkeeping material.
5. DATA CONTENT OF REGISTER
The register contains personal data on the following groups of data subjects:
Representatives for B2B customers
Representatives for suppliers, partners, prospective customers and other stakeholders.
Registered community members.
Persons who have been in contact with Scaled.
The following information may be processed in connection with the register:
Basic company information such as business name, business ID, postal address, visiting address, e-mail address and telephone number.
Basic information on the contact person, decision-maker, community member or other data subject, such as name, position or profession, address, e-mail address and telephone number.
Information relating to the customer relationship or other relevant connection to Scaled, such as language, customer number, purchased products and services, time of delivery, other information related to the delivery of products and services, complaint information, seller information in relation to agreements.
Information relating to use of products, services and benefits, such as the browser, IP address, device ID, time of visit, visited pages and browsing history.
Information on billing, payment and debt collection.
Information on direct marketing consents and prohibitions.
Information on preferred forms of communication and information on changes in the information.
Information relating to communication, such as e-mails, chat history and call recordings.
Log-in information for online services; event and user analysis data.
Data generated on the basis of trade register extracts and other similar registers.
Other information provided by the data subject, such as contact requests or forum messages, or other information processed with the consent of the data subject.
6. PERSONAL DATA SOURCES
Personal data is obtained primarily from the data subjects themselves. Scaled may, however, also receive information from authorities, credit information companies, contact information service providers and other similar reliable sources. Scaled may also collect and update personal data for the purposes described in this privacy policy from publicly available sources such as newspapers and other news sources, professional social media networks and company websites, as well as based on information received from third parties within the limits of the applicable legislation. In addition, personal data may be collected when using Scaled’s products and services or by using data enrichment services.
7. DISCLOSURES AND TRANSFER OF PERSONAL DATA
Personal data may be shared with Scaled’s group companies. Personal data may be transferred to service providers used by Scaled who then act as Data Processor on behalf of Scaled remaining as Data Contoller. Furthermore, personal data may be disclosed to the authorities in accordance with the legal obligations of Scaled.
Scaled does not transfer personal data outside the EU/EEA as a part of its operations (for example to the United States). Scaled is committed to only use such service providers as its data processors who are also committed not to transfer personal data outside of EU/EEA. Scaled makes sure that the personal data in question is appropriately protected and as required by the privacy legislation in force at the time for example by using the European Commission standard contractual clauses.
8. RETENTION OF PERSONAL DATA
Scaled stores the data as long as it is necessary for the purpose of processing the data. Once the purpose and legal basis for the processing has ended, the data is erased in accordance with applicable legislation.
The personal data relating to customers will be deleted when the measures, obligations and responsibilities related to the data have ended and the claim period related to the customer relationship has expired. Customer data is typically retained for a period of five (5) years from the end of the customer relationship.
9. DATA PROTECTION METHODS
The use of systems or electronic registers containing personal data is restricted to Scaled employees and suppliers only, who work under a non-disclosure agreement and are bound by data protection requirements.
The data is collected into databases protected by firewalls, passwords and other technical measures.
Any printed and other physical material is kept in a locked space that is accessible by authorized personnel only.
Persons authorized to access personal data receive regular training related to data protection, and data protection arrangements are audited regularly.
10. RIGHTS OF DATA SUBJECT
The data subject has certain rights related to personal data that Scaled processing on him/her, including the following:
right to obtain information on the processing of his/her personal data
right of access to his/her data
right to rectification of his/her data
right to the erasure of his/her data
right to restrict the processing of his/her data
right to object to the processing of his/her data
right to withdraw his/her consent where Scaled processes data based on the data subject’s consent (withdrawing the consent does not affect the lawfulness of any processing carried out before the withdrawal of the consent)
right to lodge a complaint with the supervisory authority
Not all of these rights can be exercised in all situations, depending on factors such as the basis for the processing of personal data.
A data subject that wishes to exercise any of his/her rights referred to above is encouraged to contact Scaled by use of the e-mail address privacy@scaled.fi. In order to ensure effective processing of the request, the data subject is advised to specify the request in detail and describe the context accurately. Scaled may request additional information regarding the requests, as well as reliable identification of the person making the request.
11. CHANGES TO PRIVACY POLICY AND COOKIE POLICY
Scaled reserves the right to change the privacy policy and cookie policy at any time and recommends that all customers, community members, other stakeholders and website visitors review the contents of these policies regularly.
