Data privacy statement
We protect your privacy, and want you to feel safe when you share your data with us. We handle your data confidentially.
Data privacy statement concerning customers, potential customers and other external stakeholders of Advania Finland
- Controllers and contact information
- What do we mean by the different terms?
- For what purposes do we process your personal data?
- What types of data can we process?
- From which sources do we collect your personal data?
- Who can we share your personal data with?
- Do we transfer your personal data outside the EU?
- How long do we process your personal data?
- How can you exercise your rights related to your personal data?
- Which country's legislation applies to the processing of your data?
- How can we update this privacy statement?
1. Controllers and contact information
Advania Finland Oy (business ID 2116894-5) and the companies belonging to the same group with it at any given time, currently Advania Fokus Oy (2060883-0) and Advania Holding Oy (3022297-4) act as the data controller [hereafter together as the "Controllers"].
The postal and visiting address of the Controller is Tekniikantie 14, 02150 Espoo, Finland, phone number is +358 10 397 8000 and email firstname.lastname@example.org.
Please use this form to send questions and requests regarding the processing of personal data.
2. What do we mean by the different terms?
"Data subject" refers to the person whose personal data is processed by the Controllers in their personal data files.
"Personal data" refers to all information related to an identified or identifiable natural person, i.e. the data subject, such as name, address, e-mail, telephone number and transaction history.
"Customer" refers to the contact persons of companies and other entities (hereinafter "company") with whom the Controllers have a customer relationship or a maximum of two calendar years have passed since the end of the customer relationship.
"Potential customers" refers to the contact persons of companies with whom the Controllers seek to create a new customer relationship or renew a customer relationship that has ended more than two years previously.
"Belonging to external stakeholders" refers to private individuals and contact persons of companies with whom the Controller has a cooperative relationship (for example, representatives of companies providing services to the Controllers) or another connection (for example, social decision-makers and journalists in connection with public relations and communication activities).
3. For what purposes do we process your personal data?
The Controllers process the personal data of data subjects for the following purposes (one or several simultaneously):
• Management, analysis and development of customer and stakeholder relations
The Controllers can process your personal data for the maintenance, analysis and development of the customer or stakeholder relationship established directly with you or with the company you represent.
• Producing and delivering services, as well as invoicing
The Controllers can process your personal data for the production, delivery and invoicing of services. The processing of personal data may be related to the fact that you have registered or have been registered as a user of our online services or other online services or applications produced by us, that you otherwise use the services of the Controllers, you have subscribed to the Controllers' newsletter or participated in their events. Personal data is processed for the fulfilment of rights and obligations based on a contract or other commitment between the Controllers and the customer or a member of a stakeholder group.
• Customer communication
The Controllers can process your personal data in their customer communications, for example to send you service-related notifications, to inform you about changes made to services, and to request feedback on services.
The Controllers can contact you to tell you about new or changed products, services and benefits. The Controllers can process your personal data to customize their offering and to provide relevant content. This means, for example, that the Controllers may provide recommendations or display customized content and customized advertisements in their own and third-party services, including targeted online advertising, e-mail communication and social media.
• Development of services
The Controllers may process your personal data to develop their services, for example to improve the selection to be more interesting and useful for customers.
The legal basis for the processing of personal data is the following subsections of Article 6 of the EU Data Protection Regulation:
• processing is necessary for the execution of a contract to which you are a party, or for the implementation of pre-contractual measures at your request
• processing is necessary for the realization of the legitimate interests of the Controllers or a third party, except when your interests requiring the protection of personal data or your fundamental rights and freedoms supersede such interests
• you have given your consent to the processing of your personal data for one or more specific purposes and/or
• processing is necessary to comply with a legal obligation of the Controllers.
• the Controllers process your data to execute a contract with the company you represent.
• The Controllers have legitimate interests related to the conduct of business, such as the right to promote the sale of their services through marketing and sales measures, and based on a legitimate interest, the Controllers may engage in direct marketing and sales using your contact information. Other legitimate interests of the Controllers on the basis of which your personal data can be processed include e.g., advice and other customer service for non-customers, further development of the business, and investigation of possible misconduct.
If the data processing is not based on a contractual need or a legitimate interest, the Controllers may request your consent to other types of personal data processing, such as for example the processing of data classified as sensitive.
The Controllers can also process your personal data when required to do so by legislation, such as, for example, on the basis of the retention obligation under the Accounting Act or data protection legislation.
4. What types of data can we process?
The personal data collected by the Controllers can include, among other things, the following types of data and changes made to them:
Basic information about all data subjects
• First and last name
• Contact information (postal address, email address, phone numbers)
• Communication targeted at the data subject and actions related to communication (such as clicking on individual links in email marketing)
• Direct marketing options
• Information regarding the use of the Controllers' digital services, as well as the contents created by the data subject for the services
• data transfer connections used by the data subject and information concerning terminal devices, such as IP address, device ID or other device-specific identifier
• Information about cookies and other similar functions sent to the data subject's terminal devices (such as computers and mobile devices) and the data collected with them, if the person can be identified based on this information
• Possible recordings of customer service calls, as well as customer service related, recorded e-mail and online conversations on, for example, social media channels.
Additional information about company representatives
• The name and other necessary identifying information of the company that the representative is an owner of or employed by
• Title and/or job description.
Data concerning data subjects who have ordered or purchased the Controllers' products and/or services, provided feedback on them and/or made complaints about them
• The time and manner in which the customer relationship or a similar relationship has begun and ended
• Campaigns targeted at the customer and their use (including e.g., terms of contracts, payments, payment methods, personal identification number, if required)
• Points of interest and other information provided by the customer
• The content of feedback and complaints, related correspondence and follow-up measures.
Sensitive personal data and personal data related to event participation
• If the data subject voluntarily and at their own consent provides sensitive information about themselves to the Controllers (such as health information related to accessibility or food allergies)
• Information related to travel documents if the event is organized, for example, on a cruise ship or abroad, and the Controllers need to process such personal data related to the participant.
5. From which sources do we collect your personal data?
The Controllers receive a large proportion of your personal data from you at the beginning of and during the customer relationship, as well as from the software that you use our services with.
The Controllers receive personal data and its updates also from authorities and organizations that provide personal and credit information acquisition and updating services, as well as from public directories and other public data sources, such as websites and social media channels. The Controllers collect personal data from the data subjects in connection with various activations, such as guides, surveys or events (by the Controllers or their partners) for marketing purposes.
The Controllers receive personal data concerning company representatives also from their colleagues, i.e., the company's main contact person can also divulge personal data to the Controllers about other persons regarding the use and marketing of the Controllers' services.
6. Who can we share your personal data with?
The Controllers will not provide, sell or otherwise disclose your personal data to external third parties unless otherwise stated below.
The Controllers may share your personal data with third parties performing services for the Controllers. These services can be, for example, customer service, software services, invoicing, research activities, marketing, and producing events. The Controllers may share your personal data to collect payments, and they may, for example, transfer or sell unpaid invoices to third parties that provide debt collection services.
The protection of your personal data is important to the Controllers, and we do not allow the parties in question to use the data for any purpose other than providing the agreed services, and we require the parties to protect the registered personal data in accordance with this privacy statement and applicable legislation.
The Controllers can share your personal data with carefully considered partners with whom the Controllers jointly manage and implement projects.
The Controllers may share your personal data with carefully considered third parties, for a justified reason, for joint or independent direct marketing purposes of the parties. Information can be shared for these purposes only when the third party's intended purpose of use does not conflict with the purposes of use defined in this privacy statement. In principle, a very limited amount of information is shared, mainly the person's name and contact information for contact purposes.
Advania Group's sister companies in other Advania Group's operating countries may have access to the personal data of the Controllers' customers and potential customers, as the Group partly uses shared information systems.
The Controllers may share your personal data in connection with a business acquisition or another business arrangement, or when a service is transferred to another service provider. The Controllers may share your personal data on the order of a court or similar competent authority.
7. Do we transfer your personal data outside the EU?
In the provision of services, the Controllers may use resources and servers located in different parts of the world. The Controllers may therefore transfer your personal data outside the country the services are used in, and possibly also to countries outside the EU region with different data protection legislation.
In these cases, the Controllers ensure that there is a legal basis for the data transfer and that the personal data is protected, for example by using (if necessary) standard contracts and processor contracts approved by the relevant authorities, and by requiring compliance with appropriate technical and other data protection measures.
8. How long do we process your personal data?
The Controllers can process customers' personal data for the duration of your customer relationship and until the end of the second year following the year the customer relationship ended. Thereafter, the Controllers can transfer your more limited, necessary personal data to the marketing register and treat you as a potential customer again.
The Controllers can process the personal data of potential customers for the time being, until you become a customer or until you request that your data be removed from the marketing register of the Controllers.
9. How can you exercise your rights related to your personal data?
As a data subject, you have different types of opportunities to have an influence on the processing of your personal data. As a rule, we implement your request within a month. We ask that you contact the contact information provided in section 1 of this privacy statement regarding exercising your rights. The rights you have are the following (the scope of the rights depends on the processing basis for the processing of your personal data, i.e., not all the rights below are available to you in all situations):
The right to access the personal data that has been collected about you. In practice, this is realised by us, based on your appropriate and identified request, providing you with a report on the personal data that has been collected about you in the personal data register.
The right to request the correction or deletion of personal data collected about you. If you notice errors or omissions in your information, you can submit a correction request to us.
The right to request the deletion of personal data collected about you. We are obliged to delete the personal data you have requested to be deleted from our personal data register if one of the following criteria is met and there is no obligation to retain the data under other legislation or official regulations:
• Personal data is no longer needed for the purposes for which they were processed
• You withdraw your consent and there is no other legal basis for processing
• You object to the processing with regard to your personal special situation, and there is no justified reason for the processing, or you object to the processing of your personal data for direct marketing
• Your personal data has been processed unlawfully
• Your personal data must be deleted in order to comply with a statutory obligation applicable to the controller based on European Union law or Finnish legislation, or
• Your personal data has been collected in connection with the provision of information society services, such as in connection with an order for the Controller's digital information services.
The right to request restricting the processing of personal data collected about you. You can ask the Controllers to restrict the processing of your personal data if:
• You dispute the accuracy of your personal data held by the Controllers
• The processing is unlawful and you request restriction of use instead of deletion
• The Controllers no longer need the personal data in question for the purposes of processing, but you need the data to prepare, present or defend a legal claim
• You have objected to the processing of personal data pending the verification of whether the Controllers' legitimate grounds supersede your grounds.
The right to object to the processing of your personal data. If the Controllers process your data based on a legitimate interest, you have the right to object to the processing of your personal data on grounds related to your personal special situation. Everyone in the registers covered by this privacy statement has the right to object to the processing of their personal data for direct marketing purposes.
The right to transfer the information you provide from one system to another. If the automatic processing of your personal data is based on consent or a contract, you have the right to receive the personal data you provide to the Controllers in a structured, commonly used and machine-readable format, and the right to transfer the data in question to another controller.
The right to withdraw consent. If all or part of your personal data is processed in this register based on your consent, you have the right to withdraw your consent.
The right to file a complaint with the supervisory authority. If a possible disagreement regarding the processing of your personal data cannot be resolved amicably between you and the Controllers, you have the right to take the matter to the Data Protection Authority's office for resolution.
10. Which country's legislation applies to the processing of your data?
The personal data registers of the Controllers and the processing of the personal data contained in them are subject to Finnish legislation and EU legislation directly applicable in Finland, such as the EU Data Protection Regulation.
11. How can we update this privacy statement?
The Controllers are constantly developing their business and that may also mean changes to the processing of personal data. If necessary, we will update the privacy statement to reflect the changed operating procedures. Changes can also be based on changes in legislation. We recommend that you familiarize yourself with the content of the privacy statement regularly.
If the Controllers start to process your personal data for a purpose other than the one for which your personal data was collected, we will inform you of the matter and the updated privacy statement before performing the said further processing. Regarding other changes, we will inform you on our website about updating the privacy statement.
Typically, we use data gathered using cookies for the following purposes:
Necessary cookies and the production of services: cookies are essential for the functioning of our website and they facilitate a fluent user experience. These cookies do not collect data that would make identification of the user possible.
Cookies for improving the site: by following the use of these cookies we can improve the functioning of our website. For example, we obtain data on what are the most popular parts of our website, where do users visit or from what web page they arrive, and how long do they stay on or website. For example, we may receive data on articles read by users (so we know which tops are popular).
Targeting social media and marketing: by using these cookies we can make content as individualized as possible so, for example, we can show adverts that target the user and content based on earlier online behaviour. Advania uses advertising cookies managed by third parties in presenting their products, as well as on its own website and those of other parties. You can disable advertising cookies managed by certain third parties on the administration websites of said parties.
Our web pages may contain links and connections to third party websites, to products and to services as well as to so-called third party social connections (such as LinkedIn and Twitter). Third parties who maintain connections on the Advania web pages download these services from their own servers, whereupon a third party may install or set its own cookies. The third party's data protection statement applies to services and applications offered by it on Advania's web pages. We recommend familiarization with the data protection practices of the third party.
You can view and modify cookie settings via the Cookie settings link at the bottom of our site. Some of the cookies in use on our website are managed by third parties and you may, alternatively, use third parties' own tools to prevent these cookies. The retention period for cookies varies with cookie type. Session cookies expire when the browser is closed. Permanent cookies generally have a period of validity that varies between two months and a few years.
This statement has been last updated on 21 February 2023.