Privacy policy

Auntie Solutions Ltd. privacy policy statement

1 GENERAL
Auntie Solutions Oy (hereinafter “Auntie”) shall comply with the EU General Data Protection Regulation (2016/679) and other applicable data protection legislation (collectively, the “data protection legislation”).

This privacy statement applies to all services provided by Auntie. In addition to customers’ personal data, this privacy statement applies to the processing of personal data of potential customers who are interested in the services. This privacy statement applies to the processing of personal data by Auntie’s corporate customers and end customers who are using the service.

“Personal Data” shall mean any information relating to a natural person (“data subject”) which can be directly or indirectly identified as defined in data protection legislation.

2 CONTROLLER
Auntie Solutions Oy, Business ID 2734094-5,
Workery West, 6th Floor,
TRIPLA,
Firdonkatu 2, 00520 Helsinki.

3 DATA PROTECTION OFFICER
E-mail: dpo@auntie.fi

4 PURPOSE AND GROUNDS FOR THE PROCESSING OF PERSONAL DATA
Auntie will only collect personal data from data subjects that is relevant and necessary for the purposes described in this privacy statement.

The primary basis for the processing of personal data is the customer relationship between the Auntie customer and Auntie, the customer’s consent, the order given by the customer or any other appropriate connection.

The personal data of corporate customer representatives may be processed for the following purposes:

Management, implementation, development and monitoring of customer relationships, customer service and related communications.
Customer relationship analysis, grouping and reporting, service management and billing, marketing purposes, loyalty program implementation, and other purposes related to overall customer and Auntie business development.
Collecting and processing customer feedback and customer satisfaction information.
Conducting market surveys and opinion polls. Conducting scientific impact research.
The profiling purposes are described in more detail in section 10 of this privacy statement.

The personal data of the final customer of the service may be processed for the following purposes:

Management, implementation, development and monitoring of customer relationships, customer service and related communications.
Analyzing, grouping and reporting customer relationships and other purposes related to overall customer and Auntie business development.
Collecting and processing customer feedback and customer satisfaction information.
Conducting scientific impact research.
Auntie may outsource the processing of personal data to service providers, with Auntie ensuring, through adequate contractual obligations, that the processing of personal data is in accordance with, and within the limits set by data protection law.

5 CONTENTS OF THE REGISTER
It may include, among other things, the following information about corporate customer representatives:

  • Name, nickname, customer number, phone number, email address, and billing information.
  • Service usage and purchase information, marketing and communications implementation
    information for various communication channels such as online services and automated services.
  • Content produced by the data subject, such as customer feedback and additional information about him/herself such as customer wishes, satisfaction, interests, hobbies or other similar information.
  • Services requested and used by the data subject with payment information.
  • Information on persons who have had dealings with the data subject.
  • Other requests or memos regarding professionals, services, operational units, and other matters.
  • Consent (consent to data storage) and other choices (service selection).
  • Other customer-related information, such as information that may be linked to the customer about the use of the website, such as the user’s IP address, the time of visit, the pages visited, the type of browser used (e.g., Internet Explorer, Chrome), and the web address from which the user entered the web page and the server from which the user entered the web page.
  • Necessary information relating to the use of identification and certification tools and services.
  • Information related to the processing of the data, such as the recording date and the data source.

    It may include, among other things, the following information about end customers:
  • Name, customer number, phone number, email address.
  • Service usage and purchase information, communications implementation information for various service channels such as online services and automated services.
  • Content produced by the data subject, such as customer feedback and additional information about him/herself such as customer wishes, satisfaction, interests, hobbies or other similar information.
  • Services requested and used by the data subject with payment information.
  • Information on persons who have had dealings with the data subject.
  • Other requests or memos regarding professionals, services, operational units, and other matters.
  • Consent (consent to data storage) and other choices (service selection).
  • Other customer-related information, such as information that may be linked to the customer about the use of the website, such as the user’s IP address, the time of visit, the pages visited, the type of browser used (e.g., Internet Explorer, Chrome), and the web address from which the user entered the web page and the server from which the user entered the web page.
  • Necessary information relating to the use of identification and certification tools and services.
  • Information related to the processing of the data, such as the recording date and the data source.

    The provision of personal information is primarily necessary to fulfill the contractual and legal obligations between Auntie and the data subject and for producing and delivering Auntie’s services and managing customer and business relationships. If the data subject does not provide the necessary personal information, for example, the conclusion or performance of a contract or the fulfillment of legal obligations may be hindered.

6 RETENTION PERIOD FOR PERSONAL DATA
Auntie will process personal data for the duration of the customer and contract relationship and for the necessary period after the end of the customer and contract relationship. The end date is determined from the most recent service contact of the data subject based on Auntie’s key business figures.

Auntie will retain personal data for as long as is necessary for the purposes defined in this privacy statement, unless there is a legal obligation to retain personal data for a longer period of time (for example, responsibilities and obligations under specific legislation, accounting or reporting obligations). Auntie may retain information for a longer period of time if it is required, for example, to exercise a legal claim, to defend a legal claim, or to settle a similar dispute.

Auntie will remove the personally identifiable information 24 months after the end of the contractual relationship unless the customer specifically requests that the information be kept for the purpose of monitoring the performance of the service.

Auntie will retain the personal information necessary for marketing as long as the customer is the subject of the marketing and has not objected to the use of the personal information for marketing purposes.

7 REGULAR SOURCES OF INFORMATION
Primarily, the following sources will provide information about the corporate customer representative and the end customer:

From the data subject him/herself and through the events related to the customer relationship, use of services, communications and transactions.

The party providing the identification, address, update, or other similar service.

8 REGULAR DISCLOSURE AND DATA TRANSFERS OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA
Customer information will not be disclosed to Auntie or to any other party involved in the production, development or maintenance of Auntie’s services or communications, except as expressly provided in this agreement, express consent, and/or specific regulations. By way of exception, personal data may be disclosed to authorities in situations required by law and justified situations. In the event of emergencies or other unexpected circumstances, Auntie may be required to disclose the personal data of registered persons in order to protect human life, health and property. In addition, Auntie may be required to disclose the personal information of data subjects if the company is involved in legal or other dispute resolution proceedings.

Customer data is not transferred outside the European Union / the European Economic Area.

9 DESCRIPTION OF PRINCIPLES FOR REGISTER PROTECTION
Auntie processes personal data in a manner that ensures the appropriate security and protection of personal data at all times, including protection against unauthorized processing and against accidental loss, destruction or damage.

Auntie will use appropriate technical and organizational safeguards to ensure this. Only employees whose job description includes the use of the registers are authorized to use them. All persons processing personal data are bound by the obligation of professional secrecy with regard to the processing of personal data.

Any printed material will be stored in a locked location which is accessible only to authorized individuals. Access to digital material is only possible with the personal username and password of an authorized employee, professional, or partner. There are different levels of access and each user is given sufficient, but only the necessary access to carry out their tasks.

10 PROFILING
We may utilize automated decision making in some circumstances such as finding the right Auntie-service and Auntie-professional for the user.

The information given for the purposes of using the service is not used in marketing.

11 THE DATA SUBJECT’S RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA AND DIRECT MARKETING (RIGHT TO OBJECT)
Based on his or her personal situation the data subject has the right to object to profiling and other processing. The data subject may lodge an objection in accordance with section 13 of this privacy statement. At the time of the claim, the data subject must identify the specific situation on the basis of which he or she objects to the processing. Auntie may refuse to comply with a request on the grounds provided by law.

The data subject has the right to object to the use of the data for certain processing, such as direct marketing. The data subject may grant consent or prohibition to Auntie for direct marketing on a per-channel basis, including profiling for direct marketing purposes.

12 OTHER RIGHTS OF THE DATA SUBJECT IN THE PROCESSING OF PERSONAL DATA
12.1 Data subject’s right of access (right to inspection)
The data subject shall have the right of access to the data stored concerning him or her and, upon request, the right to receive information in writing or in electronic form. The request for inspection must be made in accordance with section 13 of this privacy statement. The right to inspection may be denied on the grounds provided by law. The use of the right to inspection is, in principle, free of charge.

12.2 The right of the data subject to request rectification, erasure or restriction of processing
To the extent that the data subject is unable to correct the data him/herself, a request for rectification shall be made in accordance with section 13 of this privacy statement.

The data subject has the right to demand correction of incorrect or inaccurate information. In addition, the data subject has the right under the applicable data protection law to request the erasure of his or her data.

Subject to the conditions of data protection law, the data subject shall have the right to request a restriction on the processing of personal data. In addition, in a situation where personal information that is suspected to be incorrect cannot be rectified or erased, or there is confusion about the request for erasure, Auntie may restrict access to the information. The data subject shall also have the right to require the controller to restrict the processing of his or her personal data, for example when the data subject is waiting for Auntie to respond to a request for rectification or erasure of his/her data.

Auntie also takes the initiative to erase, rectify and complete any unnecessary, incomplete or outdated personal data for the purpose of processing that it detects.

12.3 The right of the data subject to transfer data from one system to another
In addition, the data subject has the right under the applicable data protection law to request the transfer of his or her data to another controller.

12.4 Right of the data subject to lodge a complaint with the supervisory authority
The data subject shall have the right to lodge a complaint to the data protection authority (https://tietosuoja.fi/en/home) if the data subject considers that the data controller has not complied with applicable data protection legislation.

12.5 Other rights
If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw his or her consent by notifying Auntie in accordance with section 13 of this privacy statement. Withdrawal of consent does not affect any processing that took place before the withdrawal. If the data subject’s request cannot be granted, the data subject shall be informed in writing. Auntie may refuse a request (such as erasure of data), due to the statutory obligation or the statutory right of a company, such as a service obligation or claim.

The data subject has the right to object to the processing of personal data carried out on the basis of our legitimate interest on the basis of a specific personal situation.

13 CONTACT
The data subject should contact Auntie Solutions Oy, Workery West, Firdonkatu 2, 00520 Helsinki, or for any queries related to the processing of personal data and the exercise of their rights. Where appropriate, Auntie may ask the data subject to specify his/her request in writing and, if necessary, the identity of the data subject can be verified before taking any further action.
14 AMENDMENTS TO THE PRIVACY STATEMENT
Auntie is constantly improving its services and as a result, this Privacy Statement may need to be amended and updated. Changes may also be based on changes in legislation. Auntie recommends that you regularly review the contents of this Privacy Statement. Changes will be announced on the Auntie website and substantial changes will be communicated to data subjects when necessary.

The Privacy Statement was published on 29.9.2021 as version 1.5. This statement replaces version 1.4 of April 9th 2020.

Version management: Version, change, date
1.1. First version, 28.11.2018
1.2. Change of responsible person 4.10.2019
1.3. Change of address 1.8.2020
1.4. Data deletion schedule. No data transfer outside the EU. Profiling removed. The data subject’s rights to object to data processing based on a legitimate interest were added. 9.4.2021

1.5. Updated DPO information.