Customer Contact Data Protection Statement
Last updated: 9 April 2021
Siili Solutions Plc and its subsidiaries ("Siili", also "we", "us", "our"; Finnish Business ID 1979903-5) place the highest value on protecting your personal data. This Customer Contact Data Protection Statement ("Statement") explains our commitment to keeping your personal data ("Customer Contact Data") confidential and secure. Further, it explains how we process your Customer Contact Data in connection with any business transaction or measure ("Transaction") carried out with Siili by you or related to you as an employee or other representative of a Siili customer company. Siili is the data controller of your Customer Contact Data. Hence, Siili is responsible for your personal data processing and defines the purposes and means for the processing of your Customer Contact Data.
Siili processes your Customer Contact Data always in accordance with all applicable laws.
Please read this Statement carefully before committing to any Transaction with Siili. By committing to any Transaction with Siili, you express your understanding to our processing of your Customer Contact Data in accordance with this Statement. Otherwise, we expect that you will discontinue the Transaction and not to provide or cease providing us with your Customer Contact Data. Please note, that absence of your Customer Contact Data might prevent Siili from starting or completing any Transaction with you.
Lawfulness of Processing of Your Customer Contact Data
Depending i.a. on the maturity of Siili business relationship with you or Siili customer company you represent, the processing of your Customer Contact Data by us is legally based primarily on:
- Our legitimate interest as processing of our Customer Contact Data is an obligatory enabler for conducting our business activities in compliance with any applicable laws; and/or
- Contractual relationship either directly with you or indirectly with the Siili customer company you represent; and/or
- Obligations and rights of Siili based on mandatory laws; and/or
- Your consent, e.g., if you subscribe our newsletter or other releases.
Additionally, we may exceptionally need to collect and process certain Customer Contact Data belonging to special categories (see section "Customer Contact Data Siili Collects and Processes" below) – such personal data can be collected and processed by us
- with your consent only.
You have the right to withdraw your consent at any time. To do so, please contact us with the contact information provided below.
Data Collection Methods and Sources of Personal Data
Depending on the Transaction, you may be required to personally submit to us your Customer Contact Data. This may occur through completing and submitting a web form available in any of our application interfaces available to you. Additionally, your Customer Contact Data collection may also occur interactively with you in a phone call, business meeting or with other non-computerized means common in any Transaction between you and Siili.
Additionally, we may also collect your Customer Contact Data from third parties such as from the Siili customer company you represent, any employees of Siili and/or other persons providing services for Siili. Finally, our data collection may also occur by collecting digitally information concerning your behavior within any digital services of Siili.
Customer Contact Data Siili Collects and Processes
Basic Customer Contact Data typically collected and processed by us consists mostly of your name, business address and your other contact details, such as email addresses and telephone numbers. We also collect information linking you to the relevant Siili customer company, such as the company name and your position or title in it. Depending on the case, we may also collect any necessary information related to Transactions between you and Siili, including necessary information for executing financial transactions between Siili and its customer companies and in individual cases between you and Siili. Such information includes information on projects and assignments where you and Siili have acted together. We may also collect information on your business feedback and interests and expectations towards Siili.
In case you use our digital services, we collect behavioral data concerning such activities of you.
We do not generally collect or process any Customer Contact Data belonging to special categories, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sex life. As an exception to this, we may collect and process information concerning allergies or dietary requirements and expectations for organizing refreshments and catering e.g., in customer meetings, receptions and trainings including those of Siili Academy.
Purposes of Processing
We process your Customer Contact Data to enable our Transactions with you and consequently with Siili customer companies. In practice this means mostly enabling marketing, sales and provisioning Siili services and products (including related communication and correspondence) to you and Siili customer companies. Further, we process your Customer Contact Data to develop our business and internal operations, including our IT environment.
In detail, the purposes for processing and use of the Customer Contact Data include the following items:
- Marketing, sales, production and provisioning of Siili services and products;
- Managing relationships with Customer Companies and customer contact persons;
- Business development and reporting within Siili;
- Development of Siili services and products;
- Development of Siili IT environment and applications;
- Invoicing, taxation and other necessary financial transactions;
- Collecting and processing feedback from the Customer Companies and customer contact persons; and
- Securing compliance with all applicable laws as well as establishing and exercising Siili legal rights (including claims) and defending Siili against legal claims.
Your Customer Contact Data will not be used for any other purpose than those described above in this Statement.
Retention
Generally, we retain your Customer Contact Data ten years from the last Transaction between you and Siili. This general retention rule is based on i.a. laws regulating expiration of debts, possible long warranty periods related to our services and products as well as traditionally long-lasting business relationships with our customer companies. Furthermore, possible needs related to litigation purposes also justify the retention of your Customer Contact Data.
However, the above retention rule is always subject to different requirements included in any mandatory laws applicable to your Customer Contact Data. Therefore, in some cases, retention period may be shorter or longer than the above-mentioned.
Notwithstanding the above, the retention of your Customer Contact Data may always be extended due to existing or imminent need of any company belonging to Siili to establish or exercise legal claims or defend itself against legal claims related to Customer Contact Data.
Disclosures and Transfers
We will not disclose your personal data except as provided in this section or when you have given your consent.
We do not generally disclose any Customer Contact Data to be independently used by other data controllers outside Siili unless required by mandatory law (such as to tax and other authorities). As an exception, personal data related to Siili Academy training (i.a. participation and course information) can be disclosed to our trusted business partners for provisioning training certifications and maintaining information on them.
We may transfer your Customer Contact Data to/from other Siili Group companies or to/from third parties (e.g. subcontractors) who process Customer Contact Data on behalf of us for the purposes described in this Statement. In this way, we do not release the Customer Contact Data from our effective control.
If Customer Contact Data is transferred to/from external data processors (subcontractors or vendors including other companies belonging to Siili) to be processed on behalf of Siili, appropriate data processing agreements, as required by the applicable laws, are executed to secure lawful and appropriate processing of Customer Contact Data.
As we operate internationally, due to necessary technical and practical requirements, your Customer Contact Data may be processed by other Siili companies or subcontractors located outside the European Union or European Economic Area (incl. Switzerland). Hence, countries to which your Customer Contact Data may be sent to or accessed from may have a data protection standard different from the country in which we are situated. In all such situations involving such international transfers of Customer Contact Data, the processing of Customer Contact Data shall be in accordance with applicable legislations (e.g. justified by EU Commission standard contractual clauses and supplementary measures, if necessary) and our data processing policies and instructions.
We may also need to share your Customer Contact Data with a purchaser or potential purchaser of our business. Such sharing does not occur regularly, but should it be necessary, we will share only smallest possible amount of your Customer Contact Data and always in the limits of applicable legislation.
We may provide aggregate statistics about our customer companies and related persons as well as Transactions to reputable third parties, but these statistics are anonymized and will not include your Customer Contact Data.
Security
Customer Contact Data is protected by organisational and technical measures against accidental and/or unlawful access, alteration, and destruction or other processing including unauthorized disclosure and transfer of Customer Contact Data.
Such measures include (without limitation) proper firewall arrangements, malware detection, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) provide us with and implement IT systems.
Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Personnel processing Customer Contact Data as part of their tasks is trained and properly instructed in data protection and data security matters.
Automated decision-making
We do not make decisions about you through automated decision-making.
Use of Cookies
We may occasionally place information on your computer which allows us to recognize your computer. This information is commonly known as a “cookie”. Typically, cookies enable collection of certain information regarding your computer, including your IP address, your computer’s operating system, your browser type and the address of any referring sites. Cookies are intended to improve the availability and quality of Transactions and your co-operation with Siili. We will only use cookies on your consent (apart from strictly necessary ones which enable the website to function). A separate Cookie Statement explains the cookies in detail (references to Statement above and below also include the contents of the Cookie Statement unless otherwise stated case by case). In case of possible discrepancy, the information provided in the Cookie Statement prevails over information of this Statement.
Your Rights Concerning Data Processing
At any time, you have the right to:
- Object the processing of your Customer Contact Data on the grounds of our legitimate interests or for direct marketing purposes; and
- Unsubscribe (opt-out) yourself from any direct marketing of Siili.
At any time, you have also the following rights:
- Gain access to your Customer Contact Data and receive a copy of your Customer Contact Data and related supplementary information concerning Customer Contact Data processing as required by the law;
- Verify the accuracy of your Customer Contact Data and at your request, have your incomplete, inaccurate or outdated Customer Contact Data modified or erased;
- Under certain circumstances, be forgotten by us if;
- Customer Contact Data are not any more necessary in relation to the purposes of Siili data processing;
- The Customer Contact Data have been unlawfully processed by Siili;
- The data subject withdraws consent on which the processing of Customer Contact Data is based and where there is no other legal ground for the processing;
- The processing has been based solely on legitimate interests of Siili which the data subject has objected and no overriding legitimate grounds for the processing have been established; or
- The data subject has objected processing for direct marketing (concerns only such Customer Contact Data that is solely used for direct marketing and for no other purpose).
- Have the processing of your Customer Contact Data restricted under certain circumstances if;
- The data subject contests the accuracy of the Customer Contact Data;
- The processing is unlawful, and the data subject opposes the deletion of such Customer Contact Data;
- The data subject has objected to processing of Customer Contact Data on the sole lawful basis of Siili legitimate interests and pending the investigation if the legitimate interests of Siili override those of the data subject; or
- Siili no longer needs the Customer Contact Data for its purposes of uses, but Customer Contact Data are required by the data subject for the establishment, exercise or defense of legal claims;
- Receive your Customer Contact Data which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller; and
- Lodge a complaint with a supervisory authority (in Finland Data Protection Ombudsman).
Also, at any time, you have the right to:
- Withdraw your consent to processing of your Customer Contact Data.
To use your rights, contact us to the contact information provided below. However, the request may be declined or restricted when allowed or required under the law.
New Versions of This Statement
We may change or amend this Statement as necessary, and therefore we recommend that you revisit this Statement regularly.
Siili Contact Information
If you want to contact us in data protection related matters (concerning a specific Transaction or in general), please send us an e-mail at dataprotection@siili.com.