Data Protection Policy for Marketing and Customer Register
Last updated: 11 June 2018
1. Data controller
Business ID: FI20782003
Tel. +35810 439 2400
2. Contact person
3. Name of the register
Marketing and customer register of Pixact Ltd.
4. Purpose of use of personal data
Forming new and taking are of existing customer relations.
In terms of forming new customer relations, i.e. marketing, the processing of personal data is based on the legitimate interest of Pixact Ltd. In terms of taking care of existing customer relations, the processing of personal data is based on the performance of a contract between Pixact Ltd. and the customer.
5. Data content of the register
The register contains our customers’, our potential customers’ as well as their contact persons’ personal data.
At the most, the following data is saved in the register: name, phone number, e-mail address, title, status of customer relation, information on the services ordered by the customer as well as information on the fulfillment, delivery and invoicing of the order.
6. Regular data sources
Regular data sources include the websites and marketing material of customer companies, the customer themselves and the personnel of the customer company.
7. Regular disclosing of the data
The data are not regularly disclosed to any third parties.
8. Transferring data outside of EU or ETA
In the storing and processing of personal data Pixact utilizes service providers whose servers may be located outside of the EU or ETA. Pixact only utilizes service providers that it has deemed safe and trustworthy and that have assured to fulfil the requirements of the GDPR in both data processing and transfer. These service providers are Pipedrive, Dropbox and Visma.
9. Data protection and retention
The register is only stored and the data processed on the servers of service providers whose data protection policy ensures the appropriate protection of the data. These service providers are Pipedrive, Dropbox and Visma. The services are fault-tolerant and enable the restoring of data in the event of a failure. The data are protected by passwords and can only be accessed by those members of the Pixact staff whose access to the data is justifiable by their position or work tasks at Pixact.
In addition to the service providers mentioned above, some of the data is stored and processed on the mobile phones of the Pixact staff as required for contacting customers. The data saved on the mobile phones are protected by one of the locking mechanisms provided by each phone. Special attention is paid to the safe use of the mobile phones.
In the event of a personal data breach Pixact will do its best to inform data protection officials of the breach within 72 hours of finding out about the event. Data subjects will be informed if the breach poses a rick to the rights and/or freedom of the data subject. Breaches, their effects and the actions taken will be documented.
The data defined in this policy will be stored until they are no longer relevant to Pixact Ltd. Useless and dated data are removed from the register regularly. Data are also removed when requested by the data subject if there is no justified reason not to.
10. Rights of the data subject
Data subjects have the right to forbid the use of their personal data for marketing purposes. Additionally, data subjects have the right to receive a copy of their saved personal data, demand that incorrect data are updated, receive information on the processing of the personal data, oppose the processing of the personal data, demand that the processing of the personal data is limited, cancel their consent for the processing of the personal data when the processing is based on consent and demand that the data are transferred to another data controller. The requests of data subjects are fulfilled if there is no justifiable reason to deny them. Pixact always informs data subjects of any reasons that prevent the fulfilling of their requests and provides the data subjects with information on their rights.
Data subjects also have the right to make a complaint about the processing of the personal data to a data protection official if they feel that the data has not been processed in accordance with the prevailing law. The complaint can be addressed to the designated data protection official or to the official of that EU country in which the data subject lives or works.
All requests related to the rights of data subjects can be made to Pixact via e-mail, in written form or orally using the contact information provided under point 1. Pixact can ask the data subject to prove their identity or specify the request before handling it. Data subjects have the right to receive a reply to their requests within 1 month if there is no justified reason to extend the reply period.
11. Changes to this data protection policy
We reserve the right to update this data protection policy without a separate notification. Any changes are valid from the moment that they are updated into this file.