Privacy notice

Cinia´s customer and decision-maker register

Updated 7.5.2019

1. Controller

Cinia Oy (Business ID: 1465341-6)
Ilmalantori 1
00240 Helsinki

2. Contact

Cinia Oy
Ilmalantori 1
00240 Helsinki
communications@cinia.fi

3. Name of register

Cinia Ltd's and its affiliates (“Cinia”) customer and decision-maker register

4. Purpose and grounds of processing personal data

The controller processes personal data for the following purposes:

• Delivering products and services
• Establishing, carrying out,
• maintaining and developing customer relationships
• Planning and developing business activities, products and services
•  Conducting satisfaction surveys and carrying out other similar communication
• Conducting opinion polls and market surveys and holding other events
• Carrying out direct marketing for products and services and targeting it (including newsletters) by telephone, post, text message, via email or by other electronic means
• Analysis, profiling, segmenting and statistics for the aforementioned purposes.

The grounds of processing personal data are:

• Implementing an agreement between the controller and a company or organisation that is its customer or partner and carrying out actions prior to entering into an agreement at the data subject's requestT
• The controller's legitimate interest to carry out its customer and other relationshipsT
• The controller's legitimate interest to market its products and services directly to contact people of its current and potential corporate customers
• Fulfilling the controller's obligations based on the legislation

5. Data content of the register

The register contains the following information about contact people and decision-makers of current and potential customers and partners:

• Basic information about data subjects, such as contact details of a company's representative(s) (name, email address, telephone number, job title and/or area of responsibility)
•  Information about tasks and position in the private or public sector, areas of professional interest and other information provided by data subjects
• Feedback and contact, email messages, electronic forms, chat conversations and recorded calls
• Information about customer relationships and agreements, such as information about agreements, orders and current and previous services, transaction information, correspondence and other queries, as well as marketing information
• Marketing activities targeted at data subjects, participation in events, and refusal or consent to receive direct marketing
• Information about products and services, such as information about orders, validity, changes and termination, information about any disruptions and information provided by data subjects about their areas of interest
• Personal data related to communication services such as traffic data, information on the parties to communication, time of the connection, data transfer protocol, location data and terminal related data
• Any other information collected with the consent of each data subject

6.  Regular sources of data

Information contained in the register is regularly collected from data subjects in conjunction with their use of services and the website, when negotiating or signing agreements, or in conjunction with contacts or other personal, electronic or telephone transactions and during participation in events. In addition, personal data can be collected and updated from generally available sources of data, such as the websites of companies, the Trade Register, other public and private registers and other similar company and decision-maker registers.

7. Disclosure of data

Data can be disclosed to Cinia's partners and subcontractors for providing services or in conjunction with separate assignments, for example, to event organisers and for customer satisfaction surveys and marketing activities.

8. Transfer of data outside the EU or EEA 

Some of the data is transferred or processed outside of the EU or EEA area by Cinia’s partners or subcontractors in accordance with the data protection legislation. If no decision regarding an adequate level of data protection has been issued in relation to the target country or if the transfer does constitute a transfer to the United States in accordance with the Privacy Shield system, the transfer shall occur by means of employing the standard clauses approved by the European Commission.

9. Storage period

The controller only stores data for as long as is necessary for each purpose of use and in accordance with the valid legislation. In addition, the controller may need to store data for a longer period in order to fulfil its statutory or contractual obligations or legal claims.

10. Principles of register protection

Agreements and other manually processed documents are stored in locked and fireproof storage facilities which can only be accessed by separately designated persons. In addition, physical access to the facilities is prevented by means of access control and other security measures.

Data in electronic format is stored in data systems in which technical and program-based means are used to ensure information security and to supervise the use of data. A specific and limited group of people have the right to use registered data to the extent required for their tasks.

11. Rights of data subjects

Data subjects have the right to view their data saved in the register and the right to request their data to be rectified or erased. Such requests must be sent to the contact person indicated in Section 2 in person or in writing.

According to the EU General Data Protection Regulation, data subjects have the right to object to the processing and transfer of their personal data and request that the processing of their personal data is restricted, and to file a complaint regarding the processing of personal data with the Data Protection Ombudsman.

Cookie policies

• Session cookies are deleted from your computer when you close your browser.
• Persistent cookies remain stored on your computer until deleted or until they reach their expiry date.