Privacy Policy | PLUSSAL

General

The purpose of this privacy policy is to provide transparent and up-to-date information to customers, prospects, and potential job applicants of Plussal Oy on how their personal data is processed, for what purposes, and how it is protected. Plussal complies with data protection legislation, including the General Data Protection Regulation (GDPR) (2016/679) and the Data Protection Act (2018/1050).

1 Data Controller

Plussal Oy, (Business ID 3272733-5)

Phone: +358 (0)45 233 2100, info(at)plussal.com

2 Register Name

Plussal Oy's email, customer, subscriber, prospect, and marketing register.

3 Purpose of Processing Personal Data

Customers:
- Facilitating necessary contact for customer service. Maintenance, management, and development of customer relationships.
- Providing and producing services.
- Managing customer information and history.
- Organizing support and advisory services, managing service operations, orders, billing, and ensuring quality.
- Collecting information for customer identification and prevention of misuse.
- Transmitting electronic content to subscribers.
- Recording of customer calls for verification, legal protection, training, service quality improvement, and prevention of misuse and for security reasons.
Website Users and Potential Customers:
- Marketing services to potential corporate customers and site visitors.
- Targeting marketing communication, developing product and service offerings, business development, and reporting.
- Research and statistical analysis. Analyzing, predicting, grouping, and developing customer relationships.
- Processing feedback, survey results, and customer survey data.
Potential Employees:
- Marketing to potential job applicants and site visitors.
- Facilitating necessary contact during the recruitment process. Maintaining and managing the relationship during the recruitment process.

4 Information Content in the Register

Name Information:
- First name
- Last name
Address Information:
- Mailing address
- Postal code
- City
Contact Information:
- Phone number
- Email address
- IP address
Consents and Prohibitions for Direct Marketing
Identifiers and Numbers Related to Customer Payment and Credit Cards:
- Bank connection
- Bank account number
Information about Employer, Company, Organization, etc.:
- Name
- Address
- Business ID
- Position in the company, role, title, job duties, responsibility area, etc.
Information related to Customer Service or New Customer Acquisition:
- Customer feedback
- Information about customer service events
- Recordings of customer calls
- Start and end time of customer relationship
- Customer status
- Customer levels
- Offer history
- Information about previous contacts
- Information about ordered services, their delivery, and billing
- Information provided in surveys and related discussions
- Website behavior
- Movements of the mouse, cursor, or other pointing device on Plussal's website
- Information about campaigns and related tracking data
- Tags used in marketing targeting
- Opening and reading information of newsletters
Personal data is generally processed as long as the contract, on which the processing of personal data is based, is valid. Data is recorded in the register as obtained from the data subject and updated based on what the data subject informs the data controller. Subscribers can opt-out from the email marketing list through the unsubscribe link in each marketing email.

5 Regular Sources of Information

Information is obtained from the initiation of the customer, order, or customer prospect relationship through personal meetings, email, or electronic form on the data controller's website. After the initiation of the customer, order, or customer prospect relationship, information is collected through automated electronic identification in the data controller's email letters. Information about potential customers is obtained with their consent during their visit to the website or other personal or digital interactions.

Information collected by Plussal in its own operations is supplemented as needed by publicly available company data sources (such as YTJ and TIEKE) or, in the absence of these, by publicly available information on the target's website.

6 Regular Disclosures of Data

Personal data may be selectively disclosed to a telemarketing company commissioned by the data controller for targeted marketing campaigns. Ownership of the data does not transfer from the data controller to external parties, and external parties do not have the right to use the data beyond the commission. Information may be disclosed to authorities in cases required by law, such as investigations and prevention of misuse. Customer information may be transferred or disclosed to temporary registers, such as event, competition, contact, or research registers, for the execution of the customer's request or with the customer's consent. The information in these temporary registers is processed only for the specific purposes of each register, in a manner separately informed. Plussal Oy transfers personal data to a debt collection agency when necessary for monitoring payments.

The following entities process personal data on behalf of Plussal Oy:

ActiveCampaign Inc.
Adobe Systems Incorporated
Asana Inc.
Atlassian PTY Ltd.
Box Inc.
Cybot A/S
Evernote Corporation
Facebook Inc.
Google LLC.
Liidio Oy
LinkedIn Corporation
Microsoft Corporation
Pipedrive Inc.
Pipedrive OÜ
Slack Technologies Inc.
Smartly Inc.
SurveyMonkey Inc.
Teamtailor AB
The Rocket Science Group LLC d/b/a MailChimp
Twitter Inc.
Visma Solutions Oy
Zapier Inc.
Typeform S.L.
Serviceform Oy

7 Transfer of Data outside the EU or EEA

In general, Plussal Oy does not transfer or disclose customer personal data outside the European Union or the European Economic Area. However, if necessary, data may be transferred or disclosed outside the European Union or the European Economic Area in ways permitted by data protection laws, such as:

If the data is transferred to a country or organization in that country where the European Commission has determined the level of data protection to be adequate, or
If, through contractual arrangements, the adequate level of data protection can be ensured, or
If the data subject has given their consent.

8 Principles of Register Protection

Manual material is kept in locked premises of Plussal Oy. Unauthorized access to the premises is prevented from outsiders. Self-access to the premises is allowed only for those who are bound by written agreements as members of Plussal Oy. Access by external individuals is always supervised.

Data stored and processed by information systems are available to specific and named individuals. Access requires logging into the information system. The network and hardware on which the register is located are protected by a firewall and other necessary technical measures. Access credentials required for logging into the information system are provided only to members

9 Right to Inspection

Every data subject has an equal right to inspect, process, delete, correct, and modify their data stored in the personal data register. The request for the actions listed above can be addressed, commissioned, and requested by the data subject using all common written contact methods. The request for inspection and correction must be made in writing and sent signed to the person responsible for registry matters mentioned above. Processing one inspection and correction request per year is free of charge for the data subject. The inspection and correction request must specify the error to be corrected and provide the corrected information. Only a member of Plussal Oy authorized in writing can process data on behalf of and upon separate request by the data subject.

10 Right to Demand Data Correction

11 Other Rights Related to the Processing of Personal Data

Right to Object: A data subject has the right to object to the processing of personal data at any time if the data subject believes that Plussal Oy has processed personal data unlawfully or that Plussal Oy does not have the right to process certain personal data.

Direct Marketing Ban: Plussal Oy engages in online advertising through platforms like Facebook and Google. However, these companies never receive the personal data of the data subject directly from Plussal Oy, and such advertising is not considered direct marketing but is based on cookies. Plussal Oy never sells or otherwise discloses personal data to other parties for marketing purposes. The data subject has the right to prohibit the use of their data for electronic direct marketing by using the unsubscribe link in the newsletter.

Right to Erasure: If a data subject believes that the processing of certain data concerning them is not necessary for the tasks of Plussal Oy, the data subject has the right to request Plussal Oy to delete the data in question. Plussal Oy processes the request, after which the data is either deleted or the data subject is informed of a justified reason why the data cannot be deleted. If the data subject disagrees with the decision, the data subject has the right to lodge a complaint with the Data Protection Ombudsman (http://www.tietosuoja.fi/fi/index/yhteystiedot.html). The data subject also has the right to demand that Plussal Oy restrict the processing of disputed data until the matter is resolved.

Right to Lodge a Complaint: A data subject has the right to lodge a complaint with the Data Protection Ombudsman if the data subject believes that Plussal Oy is in breach of the applicable data protection legislation when processing the data subject's personal data (http://www.tietosuoja.fi/fi/index/yhteystiedot.html).

12 Use of Cookies

We use so-called cookies on our website. Cookies are small text files that websites can use to make the user experience more efficient. According to the law, we can store cookies on your device if it is absolutely necessary for the operation of the site. We need your consent for the use of other types of cookies. More information about cookie practices can be found on our cookie policy page.