Privacy Policy

Privacy Policy for DRA Consulting Oy’s customer register

1 Controller

DRA Consulting Oy
Pakkalankuja 7, 01510 Vantaa
+358 9 825 64 200
info@dra.fi
(hereafter “DRA Consulting”)

2 Contact person for register matters

Leena Hainio
Pakkalankuja 7, 01510 Vantaa
+358 9 825 64 200
info@dra.fi

3 Name of register

DRA CONSULTING OY CUSTOMER REGISTER

4 What is the purpose and legal basis of processing personal data?

The purpose of this personal data register is marketing and communication to our Customers. The information is used for providing agreed services, developing services and products, invoicing, and for the needs of customer relations. The basis of processing personal data is DRA Consulting’s justified interest on the basis of a customer relationship or other appropriate connection or implementing a contract.

The basis of processing personal data is:

  • the delivery and development of our products and services,
  • fulfilling our contractual and other promises and obligations,
  • taking care of the customer relationship,
  • analyzing and profiling behaviour of a customer or other data subject,
  • electronic and direct marketing,
  • invoicing

5 What data do we process?

We process the following personal data of our customers or other data subjects, like individuals participating in our trainings, in connection with the customer register:

  • Information of company and company’s contact persons, such as *Business ID, *address, *names, *titles, and *contact details of the contact persons.
  • Information of the customership and the contract, such as past and current contracts and orders, order history, payment and account information, general correspondence with the customer’s contact persons, and other information of the customership, such as name, title, email-address, and phone number of the contact person.
  • Other possible information gathered with data subject’s consent, such as for training or customer events, such as diet restrictions, allergies, or mobility restrictions.

Committing personal data, marked with a star, is a requirement for our contractual and customer relationship. Without the necessary information, we are not able to provide the service.

6 From where do we receive data?

We receive information primarily from the data subjects.

For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources, and based on information received from authorities, or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually, or by automated means.

7 To whom do we disclose data and do we transfer data outside of EU or EEA?

We process information ourselves and use subcontractors that process personal data on behalf of and for us. We have outsourced the ITmanagement, and the execution of some of our marketing campaigns to external service providers, to whose server the data is stored. The servers are protected and managed by the external service providers.

We disclose personal data to external service providers offering direct marketing. Data may be disclosed to authorities under compelling provisions.

We do not disclose personal data outside of EU/EEA.

8 How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system.

The information is collected into databases that are protected by firewalls, passwords, and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

We store the data as long as it is necessary for the purpose of processing the data. For the basic contact information (name, title, email address, and phone number) of the company’s contact persons, the storage time is two years, and for the sensitive information collected for training or customer events such as dietary, mobility restrictions, and allergies, the storage time is 1 month, after which the information is deleted.

We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

9 What are your rights as a data subject?

As a data subject you have a right to inspect the personal data conserning yourself, which is stored in the register, and a right to require rectification, or erasure of the data. You also have a right to withdraw or change your consent.

As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

For specific personal reasons, you also have a right to object profiling and other processing concerning you, when processing the data is based on the customer relationship. In connection to your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request on the basis of the law.

As a data subject you have the right to object processing at any time free of charge, including profiling in so far as it relates to direct marketing.

10 Who can you be in contact with?

All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section two (2).

11 Changes in the Privacy Policy

Should we make amendments to this privacy protection statement, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review these privacy protection principles from time to time to ensure you are aware of any amendments made.