Business ID: 2867568-3
For what purposes is personal data used and what is the legal basis for processing personal data?
We collect, store and process your personal data only for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. The main purposes and the applicable legal basis for processing personal data are:
Marketing. We collect and use personal data for marketing purposes, including marketing analytics, direct email marketing (based on consent) as well as targeting advertising in search engines and social media channels. A person can at any point prohibit direct marketing by sending email to firstname.lastname@example.org. We do not sell or rent personal data to third parties for marketing purposes, but we may use third party services providers in executing marketing activities.
Customer Communications, Feedback and Handling Complaints. We use personal data for communicating with existing customers, responding to requests, providing notifications to users relating our service, handling feedback as well as possible complaints about our service or products. The main legal basis for this processing is fulfilling contractual obligations, possibly also our legitimate interest.
Analytics; Developing our Service and Business. We are keen to develop our service and offering to ensure that we can provide great user experiences and customer value. That’s why we may use personal data also for business development purposes within our own business field. The legal basis for this processing is our legitimate interest.
Fulfilling Other Contractual and Legal Obligations. Personal data may also be collected and used for fulfilling other contractual or legal obligations, such as responding to requests made by authorities.
What personal data is collected and from which sources?
The personal data we collect, store and use are mainly provided by you when you become a user of our service, purchase products or register for our marketing newsletters. We may also collect personal data about our website visitors with Google Analytics to analyze our website use, develop it further and for targeting relevant marketing content for our customers, users and website visitors. Some personal data may also be created during the use of our service.
We mainly collect and store personal data relating to potential or existing users or customers of our service and products.
The main categories of personal data collected, stored and used by us contain the following:
- Email address
- Team name
- Delivery address and details (for ordered products)
- Consent or prohibition of direct marketing
- Consent regarding privacy and visibility settings of the user account
- Pictures and video links
- Other content created by the user during the use of service
Who processes personal data and is it transferred to anyone else?
Personal data is mainly stored in electronic format and people within our organization have access to personal data.
However, we use service providers and subcontractors in different parts of our business, so these companies may have access to our personal data based on contracts we have with them. We use third party services especially in the following areas: website hosting and maintenance, website development, website analytics, email marketing, surveys and processing of payments. We understand that these companies may be considered as data processors under applicable privacy laws, so we make sure that the confidentiality of your personal data is secured with contracts and data processing terms and conditions.
We may also disclose personal data to fulfill our other contractual or legal obligations or when a legal authority requires a disclosure. We could also disclose personal data if we would be a party in a business sale, such as a merger or an acquisition.
We do not sell or rent personal data to third parties for marketing purposes.
Is my data transferred outside the EU?
By default, your data is not transferred outside the EU. However, considering that we store personal data basically only in electronic form, some of the service providers we use, such as website hosting, email marketing and cloud storage services providers, may be located outside the EU.
If personal data is transferred outside the EU, we make sure that the data transfer fulfills the requirements set by applicable laws. This means that (1) the transferee must be located in a country with adequate safeguards (as decided by the EU commission from time to time), (2) the transferee must be Privacy Shield certified (if a US-based company), (3) or the transfer must be made by using the model clauses published by the EU commission.
How long is my data stored?
We will not store your personal data for longer period than is necessary for its purpose or required by contract or law. If personal data is processed only based on consent, we delete the data when a person withdraws her consent. Personal data may also be deleted after a person requests deletion (and we have no other processing condition). The retention period of personal data may also be based on laws (e.g. bookkeeping, tax laws) or legal claim periods. We may also update personal data from time to time.
How is my data stored and kept secure?
Your data is stored on the servers provided by our service providers, which are secured according to general industry standards and practices. We choose established services providers who are also known for having high data security standards. We consider and keep your personal data confidential. Access to your personal data has been protected with user-specific logins, passwords and user rights. Our premises are also safe and secured.
Is it mandatory to provide personal data? What happens if I don’t give it to you?
As we provide a paid digital service and can also sell products through a webshop, a certain minimum processing of personal data is required, otherwise we cannot identify you as a user, process payments and deliver ordered products. So if you want to become a customer and make a contract with AgiNotes, certain personal data must be shared with us.
What rights do I have relating my personal data?
Access to data
As a user of our service, most of the customer or personal data can be directly accessed, updated and/or deleted by you by logging into our service. In addition to that, you have the right to have confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.
Withdraw your consent
If we process personal data based on your consent, you can at any time withdraw your consent by notifying us, for instance by sending email to email@example.com.
Right to have errors corrected
You have the right to request that we correct any inaccurate or outdated personal data we have about you.
Right to prohibit direct marketing
You have the right to request that your personal data is not processed for direct marketing purposes by sending us email to firstname.lastname@example.org.
Right to object processing
If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.
Right to restrict processing
In certain situations you have the right to require that we restrict processing of your personal data.
Right to data portability
If we process your personal data based on your consent or fulfilling of a contract, you have the right to require transfer of the data you have provided to us to another services provider in a commonly used electronic format.
How can you use your rights?
You can execute and use your rights by contacting us, for instance by sending email to email@example.com or by contacting us by using the contact details below. In such case, we ask you to provide us your name, contact details, phone number as well as documentation for verifying your identity (e.g. signed request letter or copy of and ID, but without social security code or other details that are not necessary). If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervisory authority (tietosuojavaltuutettu).
Who can I contact in privacy matters?
Business ID: 2867568-3
PL 30, 40951 MUURAME
Tel: +358 50 514 9399
The contact person at AgiNotes in privacy matters is Mari Oksanen.