Privacy Policy

Privacy Policy

Cookies

This website uses cookies to count site visitors and determine the source from where the visitors came to this site. This will help us know which sites interest our visitors the most and how they navigate on our website. This website is tracked by Google Analytics. The collected data will not be shared with other parties. The visitor information is collected anonymously, and there are no intentions to identify the site visitors.

The embedded social media boxes on this website might write their own service-specific cookies. These services have their own privacy statements for the cookies they use.

 


CUSTOMER REGISTRY – PRIVACY STATEMENT

According to the General Data Protection Regulation, the controller is obliged to inform the data subjects in a clear manner. This statement fulfils the information obligation. (Created on May 2nd, 2018)

1. Controller

Sisters & Company Oy
Miestentie 9
02150 Espoo
Business ID: 2164593-2

2. Person responsible for register matters

Osnat Mangs
Sisters & Company Oy
Miestentie 9
02150 Espoo
Tel. + 358 9 7515 1200
Email: privacy@sisters.fi

3. Name of the register

Sisters & Company Oy:n asiakas-, yhteistyökumppani- ja markkinointirekisteri (Customer, Partner and Marketing Register of Sisters & Company Oy)

4. Purpose of processing personal data and data content of the register

The register is used for storing and processing of customer and partner data of Sisters & Company Oy and information related to new customer acquisition.

The personal data can be used for the following purposes: Management and development of a customer relation; new customer acquisition; management, realization, development, and follow-up of customer service and the related communications and marketing; analysis, categorization, and reporting of customer relations, as well as for other purposes related to the development of the controller’s business operations. The controller keeps the obtained data for as long as there are grounds for keeping them. Once there are no grounds for keeping the data, the controller erases them in an information-secure way.

The Sisters & Company Oy website uses cookies to improve the service quality and develop the website content. A cookie is a small text file which the website stores in the user’s computer memory. The usage of cookies does not harm the computer nor its data system.

By default, the data collected with cookies is anonymous. Based on the consent of the data subject, it is possible to attach personal information obtained from the data subject to the data collected with cookies and use this data for marketing that is specially targeted at the data subjects.

The data subject is not obliged to disclose the data referred to in this statement; however, a failure to supply certain personal data totally or in part may lead to a situation where the service provided by the controller cannot be used in its entirety.

The register may cover data that belong to the following categories:

  • basic information on the person (name, date of birth, contact information);
  • email address;
  • social media user name or address;
  • billing information, business ID;
  • additional information the data subject has given with regard to marketing;
  • website scrolling, usage and identity verification data.

Further, the change information of the afore-mentioned data may be processed in the register.

5. Grounds for maintaining and processing the register

Personal data are processed on the basis of a consent by the data subject. Personal data can also be processed on the basis of the legitimate interest of the controller or a third party.

6. Regular data sources and information on the data subject’s right to object to the processing, automatic decision-making, and profiling

Personal data are collected from the data subject personally, and from third parties subject to consent by the data subject.

The data subject has the right to object, on grounds relating to their particular situation, at any time, to the automatic decision-making and profiling of the processing of personal data concerning them, unless the controller can demonstrate compelling legitimate grounds for the processing, which override the data subject’s interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims. If the data subject objects to the processing of personal data for direct marketing purposes, the data shall no longer be processed for those purposes. Profiling a data subject shall be based on their specific consent.

7. Regular data disclosure and transfer of data outside of the European Union or the European Economic Area

Personal data can only be transferred outside the area of the European Union member states or the European Economic Area if the country in question can guarantee an adequate level of data protection. Data will not be disclosed to third parties unless it is to be processed for the purposes of the service.

Sisters uses Constant Contact service for the email marketing targeted at customers and partners. For Constant Contact data protection principles, please see the website: https://www.constantcontact.com/legal/privacy-statement .

The data subjects’ data is transferred regularly to the Constant Contact servers outside the EU for the purposes of sending newsletters.

Company contact information:

Constant Contact, Inc.
Waltham, Massachusetts (HQ)
Reservoir Place
1601 Trapelo Road
Waltham, MA 02451
Tel.   781-472-8100
Fax. 781-472-8101

Constant Contact Inc / Andy Hutchison
Chief Security and Privacy Officer
privacy@constantcontact.com

For further information on the states having an adequate level of data protection, see the European Commission website: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.

8. Principles of register protection and disclosure of data

A. Physical data
Physical data are stored in locked facilities and can only be accessed by persons authorized to process the data.

B. Data stored in digital format
Personal data included in the register are stored and backed up as confidential data and securely. The controller’s organization has been given instructions on the use of the register, and access to the person register is limited in such a way that the data included in the register and stored in the IT system can only be accessed and used by those employees of the controller who are authorized to do so on the basis of their job description. The controller makes sure that the processors are committed to confidentiality either on the basis of their job description or an agreement.

The IT system is protected by data protection software in the operating system. Access to the system requires every user of the register to enter their user ID and password. The data on the website are protected by a firewall and other adequate technical measures, such as encryption.

The processing of personal data can be outsourced to a third party.  Sisters & Company Oy guarantees, by way of agreements, that any personal data are processed in accordance with the information security legislation and the effective EU regulations.

9. Right of access and implementing the right of access

The data subject has the right to find out what data concerning them are stored in the person register.

The data subject shall send a request for access as a separate written and signed document to the address:

Sisters & Company Oy / Osnat Mangs
Miestentie 9
02150 Espoo
or by email: privacy@sisters.fi

10. Rectification of data and implementing the rectification of data

The data subject has the right to influence the processing of their personal data.

The controller shall rectify, erase, or supplement, on the data subject’s request, any personal data in the register that are erroneous, unnecessary, defective, or outdated from the perspective of the purpose of the processing. The controller may also rectify such data independently.

The data subject’s request shall be sent as a separate written and signed document to the address:

Sisters & Company Oy / Osnat Mangs
Miestentie 9
02150 Espoo
or by email: privacy@sisters.fi

11. The controller’s obligations, the data subject’s right to data portability, and the data subject’s right to be forgotten

The controller shall, without undue delay, independently and or on the data subject’s demand, rectify, erase, or supplement any personal data in the register that are erroneous, unnecessary, defective, or outdated from the perspective of the processing purpose. The controller must also prevent the spreading of such data, in case the data may endanger the data subject’s privacy protection or their rights.

The controller shall notify those to whom the controller has disclosed the erroneous personal data or from whom they have received the data, of the rectification of the data. However, there is no obligation to notify, if the notification proves impossible or involves disproportionate effort.

Personal data are stored for as long as there are grounds for processing them. When there are no more grounds for the processing, the data will be removed in an adequate manner. The data subject has the right to cancel their consent to data processing. If a data subject cancels their consent, they can send a request to the controller on the erasure of the data concerning the data subject, unless their processing is based on other legal grounds.

The request shall be sent as a separate written and signed document to the address:

Sisters & Company Oy / Osnat Mangs
Miestentie 9
02150 Espoo
or by email: privacy@sisters.fi

12. Supervisory Authority

The data subject has the right to have their case processed by a Supervisory Authority (Data Protection Ombudsman).

For further information, please see the website of the Data Protection Ombudsman’s Office: http://www.tietosuoja.fi/fi/index.html

 

Copyright © 2019 Sisters Inc. All Rights Reserved.