Privacy Policy
The purpose of this Privacy Policy is to provide the customers, prospects, and potential job applicants of Suomen Digimarkkinointi Oy (hereinafter also referred to as SDM) with transparent and up-to-date information on how their personal data is processed, for what purposes, and how it is protected. SDM complies with data protection legislation, including the General Data Protection Regulation (2016/679) and the Data Protection Act (2018/1050).
1. Data Controller
Suomen Digimarkkinointi Oy, (Business ID: 2486112-0)
Yliopistonkatu 20, 40100 Jyväskylä
Kasarmikatu 44 2krs, 00130 Helsinki
Tel. +358 (0)10 281 8281, asiakaspalvelu(at)digimarkkinointi.fi
2. Purpose and Legal Basis for Processing Personal Data
In our operations, we require personal data for various purposes. These include, among others, the use of personal data for the development of our business as well as for the provision of our core services.
| Examples of Processed Personal Data | Purposes of Processing | Legal Basis for Processing |
| (1. Customers) | ||
| Name and Contact Information, Organization, Job Title or Position in the Organization, and Communication Metadata (Date and Time, IP Address, Routing Information) | Enabling customer service contacts, maintaining, managing, and developing customer relationships
–> We collect and store information about you or your organization, such as contact details, to ensure smooth customer service and to better tailor our services to your organization’s needs. |
Legitimate interests related to the efficient organization and development of business, the business relationship between us and your organization, as well as your role and responsibilities within your organization. |
| Identifiers used for targeted marketing, campaign information, and related tracking data
Name and contact details, address, payment information |
Provision and delivery of Services
–> We collect and process your personal data to provide and deliver our services, such as digital marketing or web analytics. This includes the planning and execution of marketing campaigns. Additionally, we use personal data to ensure the functionality and quality of our services. |
Your given consent |
Customer service and new customer acquisition data:
|
Processing, analyzing, and statistical evaluation of customer feedback and survey results
–> We store and assess the customer feedback you provide and the results of surveys you participate in for analysis. This helps us understand our customers’ opinions about our services and identify areas for improvement. |
Legitimate interests related to the efficient organization and development of business. |
| Name, contact information, customer ID, service history, and communications | Management of customer data and customer/contact history
–> We collect and process your personal data to manage the customer relationship. This includes utilizing customer contact details, service history, customer feedback, and previous communications to maintain customer records. |
Fulfilling contractual obligations.
Legitimate interests related to customer or similar relationships, good business practices, as well as the organization and development of business operations. |
| Name, contact information, customer feedback, payment information, and customer service history | Organizing support and advisory services for the customer, managing service procedures, assignments, billing and ensuring quality
–> We provide you with support and advice, for which we use personal data. This includes customer contact, billing, and quality control information. Personal data is used to understand the customer’s needs, deliver services, and ensure customer satisfaction. |
Legitimate interests related to customer or similar relationships, good business practices, and the organization and development of business operations. |
| Name, personal identification number or date of birth, contact information, address, IP address, payment information, customer ID | The data controller collects information for customer identification and preventing misuse.
–> To ensure the proper use of our services and the protection of your customer data, we collect and process personal data to identify customers and prevent potential misuse. Your data is also used to prevent fraud and enhance security. |
Legal obligation to maintain data security and protect personal data.
Legitimate interests related to demonstrating compliance with legal obligations, maintaining data security, investigating misuse, and enforcing and defending rights. These interests ensure that personal data is protected and handled in accordance with applicable laws. |
| Name, email address, postal address, order details | Delivery of electronic content to subscribers
–> We send newsletters, reports, and other subscriptions to our customers, using personal data to ensure that subscribers receive the content they have ordered at the right time and place. |
Legitimate interests related to customer or similar relationships and business development.
Consent for electronic direct marketing and the setting of marketing and analytics cookies. |
| Phone number, name, personal identification number, job title | Customer call recordings for verifying service transactions, enhancing legal protection for customers and Suomen Digimarkkinointi Oy, preventing misuse, and security purposes.
–> We record customer calls, which are likely to contain personal data. These recordings are used to verify service transactions, enhance legal protection for both you and Suomen Digimarkkinointi Oy, train our staff, improve our processes, and prevent misuse. |
Legitimate interests related to the efficient organization and development of business, the business relationship between us and your represented organization, as well as your role and responsibilities within that organization. |
| Examples of Processed Personal Data | Purposes of Processing | Legal Basis for Processing |
| (2. Website users and potential customers): | ||
| Contact information related to marketing and communication, areas of interest, reactions, marketing permissions and opt-outs.
Marketing cookies on websites. |
Marketing of services to potential customer companies and website visitors. Marketing is targeted at registrants, companies, contacts, website visitors, or individuals only if they have given their explicit consent.
–> We use your personal data to market our services to potential client companies and website visitors. Marketing messages are sent only to individuals and companies that have given their explicit consent. This means that we may send information about our new services, special offers, and other current campaigns through various communication channels only if you have specifically agreed to it. |
Legitimate interests related to customer or similar relationships and business development.
Consent for electronic direct marketing and the use of marketing and analytics cookies. |
| Identifiers used for marketing targeting, campaign details, and related tracking data.
Name and contact information, address, payment details. |
Targeting of Marketing Communications, Development of Product and Service Offerings, and Business Development and Reporting
We are able to utilize your interests in offering products and services across different communication channels. For this purpose, we use your personal data, such as browsing behavior, to create targeted marketing communications. We collect and analyze information on user preferences and feedback to improve our existing products and develop new services. This may include processing personal data gathered from your user experiences or similar sources. We process your personal data to develop our business and support internal reporting. This includes analyzing sales data, monitoring customer trends, and making strategic decisions. In this way, we can enhance our services and our business as a whole. |
Legitimate interests related to customer or similar relationships and business development.
Consent for targeting marketing communications. |
| Name, contact information, behavioral data. | Research and Statistical Analyses: Customer Analysis, Forecasting, Segmentation, and Development
–> We conduct research and analytics to better understand our customer relationships and interactions, as well as to make data-driven decisions for optimizing our services. This means that we store and evaluate data on your interactions with us. |
We request your consent to place cookies on your device that are not strictly necessary for the service you have requested.
The collected data is used for analytics and marketing purposes based on legitimate interests related to our right to conduct business and organize our operations efficiently. |
| Name, feedback content, identification data | Processing, Analysis, and Statistical Reporting of Customer Feedback and Survey Results
–> We use your personal data for research and statistical analyses. This means we analyze user data, such as your website usage and customer feedback, to better understand user trends and behavior. Based on this information, we generate reports and statistics to improve our services and business processes. |
Legitimate interests related to customer or similar relationships and business development. |
3 Regular Sources of Personal Data
The data collected from Suomen Digimarkkinointi Oy’s own operations is supplemented, if necessary, through publicly available business data sources (such as YTJ and TIEKE) or, in their absence, through publicly available information on the target’s website.
We collect information from public sources for the purpose of targeting advertising.
4. Regular Disclosures of Data
We collaborate with various partners in our operations, to whom your personal data may be transferred or disclosed depending on the situation and the purpose of data processing. These recipients of personal data may act as independent data controllers or data processors, depending on the situation, in which case the personal data is processed solely for the purposes defined by SDM.
Your personal data may be disclosed to the following groups of recipients:
Marketing Partners:
We use partners in our marketing and advertising activities. For example, we run marketing campaigns where we transfer data related to target groups in the advertising to systems managed by our partners, from which we send marketing communications onward.
IT Providers:
We use IT systems provided by our partners, where personal data is stored for various purposes, such as managing statutory accounting. Additionally, we utilize data center services in our operations, where personal data is processed and stored. IT providers process personal data on behalf of and for SDM.
Consulting Partners:
We use consulting partners in our operations, to whom we may disclose personal data for the execution of consulting assignments.
Other Service Providers:
In addition to the aforementioned partners, we utilize other individual service providers who support or complement our operations in ways other than those mentioned above. These individual providers may include, for example, networking services.
5. Transfer of Data Outside the EU or EEA
Most of our personal data processing takes place in Finland, as well as in systems located within the European Union (EU) or the European Economic Area (EEA). Additionally, we utilize partners located outside the EU or EEA, which means that your personal data may also be transferred outside these regions.
| Example of a Situation Where Data May Be Transferred Outside the EU or EEA | The country to which your personal data may be transferred | Measures to Maintain a High Level of Protection for Personal Data |
| Your data is transferred, for example, through Google’s U.S. parent company or Google’s subcontractors to the United States. | United States | Google’s current EU-U.S. Data Privacy Framework certification.
The use of standard contractual clauses prepared by the European Commission as part of agreements. |
In transfers to third countries, we strive to implement all measures necessary to ensure that the high level of protection required by European data protection legislation is maintained despite the transfer.
In addition to various instruments, such as the European Commission’s standard contractual clauses, adequacy decisions, and commitments, we implement personal data protection through organizational and technical measures.
6. Principles of Register Protection
Manual data is stored in locked containers located in locked premises of Suomen Digimarkkinointi Oy. Unsupervised access to the area is restricted for outsiders. Self-access to the premises is allowed only for those who are bound by written agreements as members of Suomen Digimarkkinointi Oy. Access for so-called external persons to the premises is always supervised.
Data stored and processed in information systems is accessible only to designated and authorized personnel. Access requires logging into the information system. The network and hardware used to store personal data are protected by firewalls and other necessary technical measures. Access credentials required for logging into the system are provided only to members of Suomen Digimarkkinointi Oy. These transfers are monitored by a designated contact person. All individuals using the register’s data are bound by confidentiality obligations.
7. Data Subject Rights
Data protection legislation guarantees you rights regarding the processing of your personal data. However, these rights do not apply directly in all situations and are not completely unlimited.
If you have any questions about the rights provided by data protection legislation or wish to exercise them, you can contact us as specified in section 1 of this privacy policy.
Right of Access to Your Personal Data:
You have the right to obtain confirmation of whether SDM processes your personal data. If your data is being processed, you can request that we provide a copy of the personal data being processed. You can request the copy either electronically or physically.
Right to Rectify Your Personal Data:
SDM will correct any inaccurate or incorrect personal data about you upon your specific request. You also have the right to have incomplete personal data completed.
Right to Erasure of Your Personal Data:
SDM is obliged to erase your personal data without undue delay if:
1) The data is no longer needed.
2) You withdraw your consent on which the processing is based.
3) You object to the processing of your personal data for direct marketing purposes or otherwise exercise your right to object, and there are no compelling legitimate grounds for the processing.
4) Your personal data has been processed unlawfully.
5) Your personal data must be erased to comply with a legal obligation under Union or Finnish law.
6) Your personal data was collected in the context of offering information society services.
Right to Object to the Processing of Your Personal Data:
In certain situations, you have the right to object to the processing of your personal data. However, this does not refer to a general right to object to all processing, but the right applies, for example, in situations where the processing of your personal data is based on legitimate interest.
You always have the right to object to the processing of your personal data for direct marketing purposes.
Right to Restrict the Processing of Your Personal Data:
You can request that SDM restrict the processing of your personal data. Restriction means that, in addition to storing the data, your personal data can only be processed under the following conditions:
1) With your consent.
2) For the establishment, exercise, or defense of legal claims.
3) For the protection of the rights of another natural or legal person.
4) For important reasons of public interest in the Union or a Member State.
For example, if you contest the accuracy of your personal data, the processing of that data will be restricted while its accuracy is verified.
Right to Data Portability:
You have the right to obtain the personal data you have provided to SDM in a structured, commonly used, and machine-readable format, and, if you wish, to transfer that data to another data controller. The transfer will be carried out only if it is technically feasible.
Please note that this right applies only to personal data that you have provided to us, which is processed by automated means, and whose processing is based on your consent or for the performance of a contract in which you are a party.
Right to Withdraw Your Consent:
You have the right to withdraw your consent for the processing of your personal data. Please note that withdrawing your consent will not affect the lawfulness of processing that took place before the withdrawal. In certain situations, the withdrawal of consent may affect the availability and functionality of our services.
Right to Lodge a Complaint with a Supervisory Authority:
If you believe that we have processed your personal data unlawfully or negligently, you always have the right to file a complaint with a supervisory authority. In Finland, the Data Protection Ombudsman’s office oversees the lawfulness of personal data processing. You can find contact details and instructions for filing a complaint on the Data Protection Ombudsman’s website at https://tietosuoja.fi/en/home.
8. Cookies
Our website uses cookies, which are used for various purposes such as remembering your user sessions, personalizing, analyzing, and securing. Cookies are small text files that are stored on your device and contain a unique identifier, which allows us to recognize and count the different devices and browsers that visit our site. The law permits the use of cookies with your consent, unless the cookies are strictly necessary for the service you have requested.
For more information on SDM’s cookie policy, please refer to our cookie statement: https://sdm.fi/en/cookie-policy/