Sisters.fi site uses these cookies:
- Google cookies: Analytics and marketing
- Leadoo: Analytics, a chatbot with cookies
- Hotjar: Analyzing movement in the site
- Meta / Facebook: Marketing
- Instagram: Marketing
- InteractiveAds: Marketing
- Linkedin: Marketing
CUSTOMER REGISTRY – PRIVACY STATEMENT
According to the General Data Protection Regulation, the controller is obliged to inform the data subjects in a clear manner. This statement fulfils the information obligation. (Created on May 2nd, 2018)
1. Controller
Sisters & Company Oy
Miestentie 9
02150 Espoo
Business ID: 2164593-2
2. Person responsible for registering matters
Osnat Mangs
Sisters & Company Oy
Miestentie 9
02150 Espoo
Tel. + 358 9 7515 1200
Email: privacy@sisters.fi
3. Name of the register
Sisters & Company Oy:n asiakas-, yhteistyökumppani- ja markkinointirekisteri (Customer, Partner and Marketing Register of Sisters & Company Oy)
4. Purpose of processing personal data and data content of the register
The register is used for storing and processing customer and partner data of Sisters & Company Oy and information related to new customer acquisition.
The personal data can be used for the following purposes: Management and development of a customer relationship; new customer acquisition; management, realization, development, and follow-up of customer service and the related communications and marketing; analysis, categorization, and reporting of customers relations, as well as for other purposes related to the development of the controller’s business operations. The controller keeps the obtained data for as long as there are grounds for keeping them. Once there are no grounds for keeping the data, the controller erases them in an information-secure way.
The Sisters & Company Oy website uses cookies to improve service quality and develop the website content. A cookie is a small text file that the website stores in the user’s computer memory. The usage of cookies does not harm the computer or its data system.
By default, the data collected with cookies is anonymous. Based on the consent of the data subject, it is possible to attach personal information obtained from the data subject to the data collected with cookies and use this data for marketing that is specially targeted at the data subjects.
The data subject is not obliged to disclose the data referred to in this statement; however, a failure to supply certain personal data totally or in part may lead to a situation where the service provided by the controller cannot be used in its entirety.
The register may cover data that belong to the following categories:
- basic information on the person (name, date of birth, contact information);
- email address;
- social media user name or address;
- billing information, business ID;
- additional information the data subject has given with regard to marketing;
- website scrolling, usage and identity verification data.
Further, the change information of the aforementioned data may be processed in the register.
5. Grounds for maintaining and processing the register
Personal data are processed on the basis of consent by the data subject. Personal data can also be processed on the basis of the legitimate interest of the controller or a third party.
6. Regular data sources and information on the data subject’s right to object to the processing, automatic decision-making, and profiling
Personal data are collected from the data subject personally and from third parties subject to consent by the data subject.
The data subject has the right to object, on grounds relating to their particular situation, at any time, to the automatic decision-making and profiling of the processing of personal data concerning them, unless the controller can demonstrate compelling legitimate grounds for the processing, which override the data subject’s interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims. If the data subject objects to the processing of personal data for direct marketing purposes, the data shall no longer be processed for those purposes. Profiling a data subject shall be based on their specific consent.
7. Regular data disclosure and transfer of data outside of the European Union or the European Economic Area
Personal data can only be transferred outside the area of the European Union member states or the European Economic Area if the country in question can guarantee an adequate level of data protection. Data will not be disclosed to third parties unless it is to be processed for the service.
Sisters use the Constant Contact service for email marketing targeted at customers and partners. For Constant Contact data protection principles, please see the website: https://www.constantcontact.com/legal/privacy-statement .
The data subjects’ data are transferred regularly to the Constant Contact servers outside the EU for the purposes of sending newsletters.
Company contact information:
Constant Contact, Inc.
Waltham, Massachusetts (HQ)
Reservoir Place
1601 Trapelo Road
Waltham, MA 02451
Tel. 781-472-8100
Fax. 781-472-8101
Constant Contact Inc / Andy Hutchison
Chief Security and Privacy Officer
privacy@constantcontact.com
For further information on the states having an adequate level of data protection, see the European Commission website: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.
8. Principles of register protection and disclosure of data
A. Physical data
Physical data are stored in locked facilities and can only be accessed by persons authorized to process the data.
B. Data stored in digital format
Personal data included in the register are stored and backed up as confidential data securely. The controller’s organization has been given instructions on the use of the register, and access to the person register is limited in such a way that the data included in the register and stored in the IT system can only be accessed and used by those employees of the controller who are authorized to do so on the basis of their job description. The controller makes sure that the processors are committed to confidentiality either on the basis of their job description or an agreement.
The IT system is protected by data-protection software in the operating system. Access to the system requires every user of the register to enter their user ID and password. The data on the website is protected by a firewall and other adequate technical measures, such as encryption.
The processing of personal data can be outsourced to a third party. Sisters & Company Oy guarantees, by way of agreements, that any personal data are processed in accordance with the information security legislation and the effective EU regulations.
9. Right of access and implementing the right of access
The data subject has the right to find out what data concerning them are stored in the person register.
The data subject shall send a request for access as a separate written and signed document to the address:
Sisters & Company Oy / Osnat Mangs
Miestentie 9
02150 Espoo
or by email: privacy@sisters.fi
10. Rectification of data and implementing the rectification of data
The data subject has the right to influence the processing of their data.
The controller shall rectify, erase, or supplement, on the data subject’s request, any personal data in the register that are erroneous, unnecessary, defective, or outdated from the perspective of the purpose of the processing. The controller may also rectify such data independently.
The data subject’s request shall be sent as a separate written and signed document to the address:
Sisters & Company Oy / Osnat Mangs
Miestentie 9
02150 Espoo
or by email: privacy@sisters.fi
11. The controller’s obligations, the data subject’s right to data portability, and the data subject’s right to be forgotten
The controller shall, without undue delay, independently and or on the data subject’s demand, rectify, erase, or supplement any personal data in the register that are erroneous, unnecessary, defective, or outdated from the perspective of the processing purpose. The controller must also prevent the spreading of such data in case the data may endanger the data subject’s privacy protection or their rights.
The controller shall notify those to whom the controller has disclosed the erroneous personal data or from whom they have received the data of the rectification of the data. However, there is no obligation to notify if the notification proves impossible or involves disproportionate effort.
Personal data are stored for as long as there are grounds for processing them. When there are no more grounds for processing, the data will be removed in an adequate manner. The data subject has the right to cancel their consent to data processing. If a data subject cancels their consent, they can send a request to the controller on the erasure of the data concerning the data subject unless their processing is based on other legal grounds.
The request shall be sent as a separate written and signed document to the address:
Sisters & Company Oy / Osnat Mangs
Miestentie 9
02150 Espoo
or by email: privacy@sisters.fi
12. Supervisory Authority
The data subject has the right to have their case processed by a Supervisory Authority (Data Protection Ombudsman).
For further information, please see the website of the Data Protection Ombudsman’s Office: http://www.tietosuoja.fi/fi/index.html
13. User tracking
We use Leadoo’s tracking service to follow what users are doing on the site and combine this behavioural data with other data we can gather, e.g. chat interactions. Leadoo uses ETag tracking in order to hook together the same user’s behaviour over several sessions. Please check out Leadoo Marketing Technologies Ltd’s Privacy Policy (https://leadoo.com/privacy-policy/) for more information on what is tracked and what your rights are. Leadoo works as the Processor, and we work as the Controller for the data in terms of GDPR. You can stop the tracking by emptying your browser’s cache after the visit. For more on how Leadoo works as a GDPR-compliant processor, see https://leadoo.com/privacy-policy-processor/
