Your privacy is important to us at Hedda Business Partners Oy ("Hedda Business Partners"). We are committed to protecting your privacy and personal data. This Privacy Notice explains how we collect and process personal data as a data controller for our clients, other persons related to our customers' assignments, potential customers, service providers and other business contacts.
We process personal data in compliance with all personal data protection laws, including the GDPR (European Union General Data Protection Regulation (EU 2016/679 "Data Protection Laws"). Our purposes for processing personal data include identifying our customers, handling assignments, managing customer relationships and marketing.
Meillä on lakisääteinen velvollisuus varmistaa, että tietosi pidetään oikeina ja ajan tasalla. Voit auttaa meitä noudattamaan tätä velvoitetta tarkistamalla ja päivittämällä yhteystietosi sekä markkinointiasetuksesi ottamalla meihin yhteyttä osoitteessa info@heddabp.fi.
How do we collect personal data
We collect personal data primarily from the data subjects themselves in connection with our business operations, such as when carrying out our customers' assignments.
The personal data we process is mainly obtained directly from our customers or other business partners, through emails and other communications and documentation provided to us (e.g. when we communicate with or meet with data subjects). We may also process personal data obtained from government agencies, credit reference service providers and publicly available registers and sources, as well as commercial databases, as well as personal data generated using our website. We may also collect personal data when administering our marketing activities and communicating with data subjects for marketing purposes, such as sending event invitations, newsletters or other news related to our services and business.
We may process the following categories of personal data:
a) Basic information: Name, title, telephone number, email address, connection to the customer community, such as job duties, and if necessary, personal identity code.
b) Identification of company representatives: Name, title, telephone number, and email address.
c) Customer data: information about the contractual relationship between the customer and us; Personal data obtained when we carry out an assignment and provide our services, and data needed for invoicing.
d) Event participation: information provided for attending meetings, trainings and other events (e.g. name, email address, dietary requirements).
e) Marketing Preferences: Information on consent or objection to direct marketing.
f) Information automatically collected through cookies on our website as described below and, for example, whether you have opened and read our emails
Legal basis and purpose of data processing
The main purpose of processing personal data is to manage our business relationship with customers, based on our legitimate interest as a controller. We also process personal data to ensure that we comply with applicable laws. Additionally, we may process your personal data based on your consent for one or more specific purposes. If you provide consent, you have the right to withdraw it at any time. However, withdrawing consent for necessary personal data may affect our ability to continue our business relationship or provide services to you.
Disclosure of your Information
We will not disclose your personal data to third parties unless required by applicable law, to assert or defend legal claims, or to provide services to our customers.
Meidän on mahdollisesti sallittava tietty pääsy henkilötietoihisi ulkoisille palveluntarjoajillemme, jotka käsittelevät tietoja puolestamme (henkilötietojen käsittelijät), jotta nämä kolmannen osapuolen palveluntarjoajat voivat suorittaa palveluita Hedda Business Partnersille. Näiden palveluntarjoajien on noudatettava ohjeitamme ja sovellettavia kirjallisia tietojenkäsittelysopimuksia sekä muita voimassa olevia sopimuksia Hedda Business Partnersin ja sen kolmannen osapuolen palveluntarjoajien välillä. Niiden on myös toteutettava asianmukaiset tekniset ja organisatoriset toimenpiteet henkilötietojesi suojaamiseksi.
Transfers of your data
We primarily process personal data on servers located in the EU/EEA. However, we may need to transfer your personal data from the EU/EEA to a third country. When personal data is transferred to countries where local data protection laws do not provide an adequate level of data protection, we take appropriate measures under the GDPR to ensure that your personal data remains protected and secure. Such international transfers of personal data are based on the European Commission's Standard Contractual Clauses.
Data Security
We have implemented and maintain appropriate technical and organizational security measures to protect your personal data against accidental, unlawful or unauthorized access, use, disclosure, alteration, destruction or loss. Our systems comply with industry standards.
Your personal data will only be processed by individuals who need it for the intended purpose it was collected. At the end of the applicable retention period, we will securely destroy your personal data in accordance with applicable laws and regulations.
Data retention
The retention period of personal data depends on the personal data concerned and its processing purposes. We retain your personal data only as long as necessary for the purpose for which it was collected, to fulfil our contractual obligations, or to comply with other legal requirements applicable to us or to manage the business relationship between us and the entity the data subject represents. To defend against legal claims, we may retain certain information until the end of the relevant statutory limitation period or until the claim is resolved.
Säilytetyt tiedot tallennetaan erikseen, eikä niitä käsitellä mihinkään muuhun tarkoitukseen. Kun henkilötietojasi ei enää tarvita, henkilötietosi tuhotaan turvallisella tavalla tai anonymisoidaan peruuttamattomasti. Jos haluat lisätietoja henkilötietojesi säilytysajoista, ota meihin yhteyttä info@heddabp.fi.
Individual rights
According to the GDPR, data subjects have the following rights in relation to personal data:
a) Right of access: You have the right to request access to your personal data. This includes, among other things, the right to be informed whether it is being processed, what personal data is being processed, and what is the purpose of the processing.
b) Right to rectification: You have the right to obtain from us the correction of inaccurate personal data concerning you without undue delay. You can also request the completion of incomplete personal data concerning you.
c) Right to object: You have the right to object to certain processing of your personal data. We may be obliged to comply with your request, unless we can demonstrate compelling legitimate grounds for further processing of such personal data.
d) Right to opt out of receiving marketing communications: Each of our marketing emails contains instructions on how to opt out (unsubscribe) of future marketing. You can also opt out at any time by contacting us as specified above.
e) Right to erasure: You can request the erasure of your personal data if it is no longer needed for its original purpose or if we have processed it unlawfully.
f) Right to restriction of processing: In certain legal situations, we may be obliged to restrict the processing of your personal data.
g) Right to withdraw your consent: if your personal data is processed based on consent, you have the right to withdraw it at any time.
h) Right to data portability: In certain cases, you have the right to receive all personal data processed by us in a structured, commonly used and machine-readable format, where technically feasible.
Jos haluat käyttää oikeuksiasi, voit ottaa meihin yhteyttä info@heddabp.fi. Käytämme kaikkia kohtuullisesti käytettävissä olevia resursseja vastataksemme tällaisiin pyyntöihin ilman aiheetonta viivytystä.
Please note that due to legal confidentiality and other legal obligations applicable to us, we may be prohibited from disclosing or deleting your personal data. This may prevent you from exercising certain data subject rights in relation to personal data related to our customer assignments, and the data subject must identify himself or herself to exercise those rights. If we have reasonable doubts about your identity, we may ask you to provide additional information to verify it. If you consider our processing of your personal data infringes applicable law, you have the right to lodge a complaint with your national supervisory authority. In Finland, the competent authority is the Data Protection Ombudsman (www.tietosuoja.fi).
Cookies
We use cookies on our website to enhance your browsing experience and to analyse site usage. Cookies are text files placed on your computer that allow our website to recognize it. We, or third-party web analytics services, such as Google Analytics, may use and deliver cookies from our websites to you. These cookies collect information in anonymous form and are not used to identify visitors to our website, even if the technologies used allow such identification. You can choose to accept or delete cookies by adjusting your browser settings.
Updates
This Privacy Statement was updated in August 2024. We may update and amend this Privacy Statement from time to time to reflect changes in our processing methods or legal requirements. Please review this Privacy Notice from time to time for any changes, as we may not notify you personally of changes unless required by law.
