Privacy Notice of the Client and marketing register of Primrose Oy

1. Controller

Primrose Oy
Business ID: 2798698-1
Unioninkatu 24
00130 HELSINKI
primrose@primrose.fi
(hereinafter ”us” or ”Primrose”)

2. Contact person for register matters

Marjukka Nuppola
marjukka.nuppola@primrose.fi

3. Name of register

CLIENT AND MARKETING REGISTER

4. What are the legal basis and purpose of processing personal data?

The basis for the processing of personal data is the execution of the contract between us and you or our legitimate interest in developing our operations and conducting direct marketing.

The purpose of personal data processing is:

  • delivery and development of our products and services (contract execution and legitimate interest),
  • fulfilling our contractual and other promises and obligations (contract execution),
  • managing our client relations (contract execution and legitimate interest),
  • organizing events (legitimate interest),
  • analyzing and profiling the behaviour of a client or other data subject (legitimate interest),
  • electronic and other direct marketing (legitimate interest),
  • targeting of advertising in our company’s own and other parties’ onlineservices (legitimate interest).We use automatic decision-making (including profiling) to identify e.g. personal profiles and online behavior of registered users. We use this information for e.g. marketing targeting and service development.

5. What data do we process?

We process the following personal data of the client or other registered person, such as a prospect, in connection with the client register:

  • information about the company and the company’s contact persons such as Business ID * and names of the company´s contact persons* and contact information*;
  • client and contract information such as information about past and current contracts and orders *, other transaction information;
  • information relating to performing commissions and other service such as the name of the inventor, address, email, phone number and nationality*;
  • possible direct marketing prohibitions and consents
  • various technical informaiton regarding website user such as IP-address and cookie information,
  • profiling information collected from website usage such as which pages the user has browsed and for how long,
  • any other information collected separately from the registered person.

Providing personal data marked with an asterisk (*) is a prerequisite for the creation of our contractual relationship and/or client relationship. Without the necessary personal data, we cannot deliver the product and/or service.

6. From where do we receive information?

We receive information primarily from the following sources: from the data subject and from contact information service providers and other similar trusted parties.

In addition, personal data can be collected and updated for the purposes described in this privacy notice also from publicly available sources and based on information received from authorities or other third parties within the limits of applicable legislation. Such data updating is done manually or by automatic means.

7. To whom we disclose and transfer data and whether we transfer data outside the EU or EEA?

Personal data can be disclosed to partners/subcontractors to the extent that it is necessary for the assignment given by the client. In processing personal data, we use subcontractors working for us, to whom we transfer personal data for processing. We have outsourced IT management to an external service provider, on whose managed and protected server personal data is stored.

In general, we do not disclose personal data outside of the EU or European Economic Area (“EEA”).

In case our commission requires applying patent or utility model or managing such rights outside the EU or EEA, we need to disclose personal data to international or local registration authorities and/or IPR representatives, law offices or equivalent service providers outside the EU or EEA.

8. How do we protect the data and for how long do we store the data?

Only our employees who have the right to process client data for their work are entitled to use the system containing personal data. Each user has their own username and password for the system. The information is collected in databases that are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked rooms and only certain pre-designated persons can access the data.

We keep personal data for as long as is necessary due to the purpose of use of the personal data. Information stored in the client register is processed and stored for the duration of the client relationship or service delivery and for three (3) years thereafter. Information stored for marketing purposes is processed and stored until the information is updated or the data subject prohibits marketing.

We regularly assess the necessity of data retention, taking into account the applicable legislation. In addition to this, we take reasonable measures to ensure that no incompatible, out-of-date or incorrect personal data is stored in the register regarding the purposes of the processing. We will correct or delete such information without delay.

9. What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of erroneous data, if there are legal grounds for that. You also have a right to withdraw or change your consent.

As a data subject, you have the right to object to or request the restriction of the processing of your data in accordance with the data protection regulation (as of 25 May 2018) and to file a complaint about the processing of personal data with the supervisory authority. Insofar as the data subject has himself submitted information to the client register, which is processed on the basis of the consent or mandate given by the data subject, the data subject also has the right to receive such information for himself, as a rule, in machine-readable form and the right to transfer this information to another data controller.

For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our legitimate interest. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

As a data subject, you also have the right at any time and free of charge to object to the processing, including profiling as far as it relates to direct marketing.

10. Who can you be in contact with?

All contacts and requests concerning this privacy notice must be submitted in writing to the email address of the contact person set out in section two (2).

11. Changes in the Privacy Notice

Should we make amendments to this privacy notice we will place the amended notice on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you kindly review these privacy protection principles from time to time to ensure you are aware of any amendments made.