General
This data protection notice is valid from April 24th, 2023.
To whom does this data protection notice apply to?
This data protection notice describes how we process personal data for the sale and marketing of our services. The notice applies to Granite’s current and potential customers.
Protecting your privacy is important to us. We want to ensure that your data is protected in accordance with data protection legislation and the best data processing practices. In this data protection notice you will find information about how we process your personal data in our operations.
Controller and contact information
Data controller: Granite Partners Oy
Address: Kauppakatu 3 A, Tampere 33200
Email address: info@granite.fi
Contact information of the data protection officer
The data protection officer’s contact information: tuki@granite.fi
What is the scope of the data processing?
In the table below, you can find information about the purposes for which we process your personal data, which groups of personal data we process, on which legal basis the processing is based and how long we retain your personal data for each purpose.
When data processing is based on your consent, you have the right to withdraw your consent at any time. More information on the topic can be found in the section “What rights do you have as a data subject?”.
| Purpose of processing | Types of personal data | Legal basis | Retention period |
|---|---|---|---|
| Marketing targeted at companies |
| Legimate interest | 2 years from the most recent communication |
| Processing online forms |
| Legitimate interest | 2 years from sending the form |
| Finding potential contacts |
| Legitimate interest | 2 years from data collection |
| Web analytics and statistics |
| Consent | 2 years from data collection |
| Targeted online advertising |
| Legitimate interest | 2 years from data collection |
| Organizing webinars |
| Legitimate interest | 2 years since organizing the webinar |
| Appointment scheduling for sales |
| Legitimate interest | 2 years from making the appointment |
| Identification of companies that have visited the website |
| Legitimate interest | 2 years since visiting the website |
Where did we get your personal data from?
Personal data is generally collected directly from you, for example when contacting us. Personal data may also be collected from public sources, such as LinkedIn, or from public company data registers. The information used for website analytics and statistics is collected by technical means, such as using cookies.
To which parties is information disclosed or transferred?
We use certain services provided by third parties to enable our operations. Thereby, your personal data may also be processed by these service providers. The service providers we use process your personal data in accordance with our instructions and in compliance with applicable legal and contractual obligations.
We use services provided by third parties for the following purposes:
- Customer relationship management
- Implementation of online forms
- Sending newsletters by email
- Searching for contacts from public sources
- Website analytics and statistics
- Targeted advertising
- Organizing webinars
- Appointment scheduling
- Identification of companies that have visited our website
In addition, we may have to disclose your information to external organizations in certain situations, for example due to a legal obligation.
Do we transfer your personal data outside the EU/EEA?
Some of the service providers we use are located or process your personal data outside the EU/EEA. Your personal data may be transferred to the United States. We transfer personal data outside the EU/EEA only in compliance with applicable legislation. Transfers of personal data are based on Standard Contractual Clauses (SCCs) published by the European Commission.
Automated decision-making and profiling
We do not use your personal data for profiling or for making automated decisions that have legal effects on you or that otherwise affect you in a significant way.
What rights do you have as a data subject?
You have several rights related to the processing of your personal data, which you can read more about below. Please note, however, that all rights are not applicable in all situations. The applicable rights depend, among other things, on the legal basis of the processing.
Using data subject rights is generally free. However, if you make requests continuously or if your request can otherwise be considered unfounded or unreasonable, we may charge you a reasonable processing fee or refuse to follow the request. In such a situation, however, we will always inform you of the charge in advance.
If you have any questions regarding the processing of your personal data or want to exercise your data protection rights, please contact us using the contact information provided at the beginning of the notice.
Right to access and rectification
You have the right to request what personal data we process, or to get confirmation that we do or do not process your personal data. If you think the personal data we process is incorrect, inaccurate or incomplete, you can make a request that we correct your data.
Right to erasure and to be forgotten
In certain cases, you have the right to have your data deleted. We will also delete the data if the processing was based on consent and you withdraw your consent or if you object to the processing and no other legal basis applies to the processing.
Right to restrict processing
In certain situations, you have the right to request a temporary restriction of processing. Temporary restriction entails that we keep your data, but we do not process the data in other ways. For example, if you need the data for a legal claim, you can request restriction of data processing.
Right to object to data processing
In certain situations, you also have the right to object to the processing of your personal data. For example, you can at any time object to the processing of your data for direct marketing, in which case we can no longer process your data for that purpose. In addition, you can object to data processing based on our legitimate interest on the basis of your specific situation.
Right to data portability
You can request the transfer of your personal data, in which case we will deliver your personal data to you in a machine-readable format so that you can transfer the data to another data controller (e.g. another service provider). If it is technically possible, we will transfer your data directly to another data controller at your request. The right to transfer only applies to situations where we process your personal data based on your consent or contract and it only applies to data that you yourself have provided to us.
Right to file a complaint to a supervisory authority
You have the right to file a complaint with the supervisory authority about the processing of your personal data. The office of the Data Protection Ombudsman is the competent data protection authority in Finland: www.tietosuoja.fi.
Right to withdraw consent
If you withdraw your consent, we will stop processing your personal data to the extent that it was based on your consent. We may be required to retain your data, for example, due to a legal obligation regardless of you withdrawing consent. Withdrawing your consent does not affect the legality of the data processing done before the withdrawal.
Changes to the data protection notice
| Päivämäärä | Muutoksen kuvays |
|---|---|
| 24.4.2023 | Data protection notice created |