Customer Contact Data Protection Statement
Effective date: 25 May 2018
European Union general data protection regulation ((EU) 2016/679) compliant version
Siili Solutions Oyj ("Siili", also "we", "us", "our"; Finnish Business ID 1979903-5) and its subsidiaries (together "Siili Group") place the highest value on protecting your personal data. This Customer Contact Data Protection Statement ("Statement") explains our commitment to keep your personal data ("Customer Contact Data" included partners) confidential and secure. Further, it explains how we process your Customer Contact Data in connection with any business transaction or measure ("Transaction") carried out with Siili Group by you or related to you as an employee or other representative of a Siili Group customer company. Siili Group organizes processing of all its Customer Contact Data in a single data file, Customer Contact Data File. Siili is the data controller of your Customer Contact Data. Hence, Siili is responsible for your personal data processing and defines the purposes and means for the processing of your Customer Contact Data. Other companies belonging to Siili Group act as data processors on behalf of Siili.
Additional and more detailed data protection information applicable to your Customer Contact Data is available in:
- Siili Customer Contact Data Protection Description ("Description", all references to this Statement include also the contents of the Description unless otherwise stated case by case).
In case of possible discrepancy, the information provided in the Description prevails the information presented in this Statement.
Siili processes your Customer Contact Data always in accordance with all applicable laws.
Please read this Statement carefully before committing to any Transaction with Siili Group. By committing to any Transaction with Siili Group, you express your understanding to our processing of your Customer Contact Data in accordance with this Statement. Otherwise, we expect that you will discontinue the Transaction and not to provide or cease providing us with your Customer Contact Data. Please note, that absence of your Customer Contact Data might prevent Siili Group from starting or completing any Transaction with you.
Lawfulness of Processing of Your Customer Contact Data
Depending i.a. on the maturity of Siili Group business relationship with you or Siili Group customer company you represent, the processing of your Customer Contact Data by us is legally based primarily on:
- Our legitimate interest as processing of our Customer Contact Data is an obligatory enabler for conducting our business activities in compliance with any applicable laws; and/or
- Contractual relationship either directly with you or indirectly with the Siili Group customer company you represent.
Additionally, we may exceptionally need to collect and process certain Customer Contact Data belonging to special categories (see section "Customer Contact Data Siili Collects and Processes" below) – such personal data can be collected and processed by us:
- With your consent only.
You have the right to withdraw your consent at any time. To do so, please contact us with the contact information provided below or in the Description.
Siili Data Collection Methods
Depending on the Transaction, you may be required to personally submit to us your Customer Contact Data. This may occur through completing and submitting a web form available in any of our application interfaces available to you. Additionally, your Customer Contact Data collection may also occur interactively with you in a phone call, business meeting or with other non-computerized means common in any Transaction between you and Siili Group.
Additionally, we may also collect your Customer Contact Data from third parties such as from the Siili Group customer company you represent, any employees of Siili Group and/or other persons providing services for Siili Group. Finally, our data collection may also occur by collecting digitally information concerning your behavior within any digital services of Siili Group.
Customer Contact Data Siili Collects and Processes
Basic Customer Contact Data typically collected and processed by us consists mostly of your name, business address and your other contact details, such as email addresses and telephone numbers. We collect also information linking you to the relevant Siili Group customer company such as the company name and your position or title in it. Depending on the case, we also collect any necessary information related to Transactions between you and Siili Group, including information necessary for executing financial transactions between Siili and its customer companies and case by case with you. Such information includes information on projects and assignments where you and Siili Group have acted together. We may also collect information on your business feedback and interests and expectations towards Siili Group.
In case you use our digital services, we collect behavioral data concerning such activities of you.
We do not generally collect or process any Customer Contact Data belonging to special categories, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sex life. As an exception to this, we may collect and process information concerning allergies or dietary requirements and expectations for organizing refreshments and catering e.g. in customer meetings, receptions and trainings including those of Siili Academy.
Detailed information concerning the types of collected and processed Customer Contact Data is available in the Description.
Siili Purposes of Processing
We process your Customer Contact Data to enable our Transactions with you and consequently with Siili Group customer companies. In practice this means mostly enabling marketing, sales and provisioning Siili Group services and products (including related communication and correspondence) to you and Siili Group customer companies. Further, we process your Customer Contact Data to develop our business and internal operations, including our IT environment.
We do not utilize your Customer Contact Data in automated decision-making.
Detailed information about our purposes of uses of your Customer Contact Data is available in the Description.
Retention of Your Customer Contact Data
Generally, we retain your Customer Contact Data ten years from the last Transaction between you and Siili Group. This general retention rule is based on i.a. laws regulating expiration of debts, possible long warranty periods related to our services and products as well as traditionally long-lasting business relationships with our customer companies. Furthermore, possible needs related to litigation purposes also justify the retention of your Customer Contact Data.
However, the above retention rule is always subject to differing requirements included in any mandatory laws applicable to your Customer Contact Data. Therefore, in some cases, retention period may be shorter or longer than the above-mentioned.
Notwithstanding the above, the retention of your Customer Contact Data may always be extended due to existing or imminent need of any company belonging to Siili Group to establish or exercise legal claims or defend itself against legal claims related to Customer Contact Data.
Disclosures and Transfers of Customer Contact Data
We do not generally disclose any Customer Contact Data to be independently used by other data controllers outside Siili unless required by mandatory law (such as to tax and other authorities). As an exception, personal data related to Siili Academy training (i.a. participation and course information) can be disclosed to our trusted business partners for provisioning training certifications and maintaining information on them.
We may transfer your Customer Contact Data to/from other Siili Group companies or to/from third parties (e.g. subcontractors) who process Customer Contact Data on behalf of us for the purposes described in this Statement. In this way, we do not release the Customer Contact Data from our effective control.
As we operate internationally, due to necessary technical and practical requirements, your Customer Contact Data may be processed by other Siili Group companies or subcontractors located outside the European Union or European Economic Area (incl. Switzerland). Hence, countries to which your Customer Contact Data may be sent to or accessed from may have a data protection standard differing from the country in which we are situated. In all such situations involving such international transfers of Customer Contact Data, the processing of Customer Contact Data shall be in accordance with applicable legislations (including justified by EU Commission standard contractual clauses) and our data processing policies and instructions.
We may also need to share your Customer Contact Data with a purchaser or potential purchaser of our business. Such sharing does not occur regularly, but should it be necessary, we will share only smallest possible amount of your Customer Contact Data and always in the limits of applicable legislation.
We may provide aggregate statistics about our customer companies and related persons as well as Transactions to reputable third parties, but these statistics are anonymized and will not include your Customer Contact Data.
Transmission of information in the internet is not completely secure. Therefore, we cannot fully guarantee the security of your Customer Contact Data transmitted to us. All such transmissions are at your own risk. Once we have received your Customer Contact Data, strict procedures and security features will be used to prevent unauthorized and illegal access, alteration and denial of use of your Customer Contact Data.
We may occasionally place information on your computer which allows us to recognize your computer. This information is commonly known as a “cookie”. Typically, cookies enable collection of certain information regarding your computer, including your IP address, your computer’s operating system, your browser type and the address of any referring sites. Cookies are intended to improve availability and quality of Transactions and your co-operation with Siili Group. A separate Cookie Statement explains the cookies in detail (references to Statement above and below include also the contents of the Cookie Statement unless otherwise stated case by case). In case of possible discrepancy, the information provided in the Cookie Statement prevails over information of this Statement and the Description.
Your Rights Concerning Data Processing
At any time, you have the right to:
- Object the processing of your Customer Contact Data on the grounds of our legitimate interests or for direct marketing purposes; and
- Unsubscribe (opt-out) yourself from any direct marketing of Siili Group.
At any time, you have also the following rights:
- Gain access to your Customer Contact Data;
- Verify the accuracy of your Customer Contact Data and at your request, have your incomplete, inaccurate or outdated Customer Contact Data modified or erased;
- Under certain circumstances, be forgotten by us;
- Under certain circumstances, have the processing of your Customer Contact Data restricted;
- Receive your Customer Contact Data which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller; and
- Lodge a complaint with a supervisory authority (in Finland Data Protection Ombudsman).
Also, at any time, you have the right to:
- Withdraw your consent to processing of your Customer Contact Data.
To use your rights, contact us to the contact information provided below or in the Description. For more detailed description of your rights, please refer to the Description.
Our applications and digital sources related to Customer Contact Data available to you may, from time to time, contain links to and from the websites of our partner networks and advertisers. If you follow a link to or from any of these websites or digital sources, please note that they are separate from our websites and digital sources and do not operate under this Statement or any other of our data protection practices, but have their own privacy policies, data protection statements or similar announcements and practices. We do not accept any responsibility or liability for these policies, statements, announcements and practices or the lack of them or your use of such websites or digital sources. Please check these policies, statements, announcements and practices and/or any other data protection documents before you submit any Customer Contact Data to these websites.
New Versions of This Statement
We may change or amend this Statement as necessary and recommend therefore, that you revisit this Statement regularly.
Siili Contact Information
If you want to contact us in data protection related matters (concerning a specific Transaction or in general), please send us e-mail at dataprotection [at] siili.com.
Additional Customer Contact Data specific data protection contact information (including mailing address and telephone numbers) are available in the Description.