FI
Open mobile menuClose mobile menu

Privacy Statement

Privacy Statement for Dagmar Oy’s Corporate Customer, Supplier and Marketing Register

1. Controller and contact information

Oy Dagmar Ab, Business ID: 0107346-3 (”Dagmar”)
Visiting and postal address: Annankatu 28, 00100 Helsinki
tel. +358 9 693 011
Contacting us for all privacy questions and requests: tietosuoja@dagmar.fi
Contact person for data protection matters: Antti Kallio

This policy describes the processing of your personal data when you are a representative or contact person of Dagmar’s current or potential customer, supplier or partner, or you have subscribed to Dagmar’s marketing letter or other publication (e.g. a guide or research report).
The register does not contain consumer data. Dagmar Oy does not collect or process consumer data in its own business.

2. Data subjects and the data content of the register

The register contains the following personal data about the decision-makers, contact persons and representatives (“Data Subject”) of Dagmar’s current and potential customer, supplier or partner companies and communities (“Company”):

  • Basic information: e.g. name, title or profession, position or position in the Company, Company information, work-related contact information (postal and visiting address, email address, phone number), year of birth, gender, mother tongue, service language, preferred method of contact;
  • Identitydata: e.g. verification, identification and identification data
  • Well-being data: e.g. dietary, accessibility, and accessibility information
  • Marketing data: information concerning tasks and position in business life or public duties, professional interests, other information provided by the Data Subject; Marketing measures targeted at the data subject, participation in events, direct marketing and other permissions and consents, as well as prohibitions and restrictions;
  • Data on the use of electronic services: e.g. access rights, usernames and passwords, other possible identification data, usage history and log data stored in connection with the use of information systems; information about the use and browsing of Internet services, reading information about marketing letters, advertisements that have been displayed, and information about clicks on advertisements; the page from which the user has accessed the Controller’s website, device model, unique device and/or cookie identifier, data collection channel (internet browser, mobile browser, application), browser version, IP address, session identifier, session time and duration, screen resolution and operating system, country/city location;
  • Profile and classification data: Customer/user and marketing segments and profiles formed on the basis of the data described above, as well as the analysis and profiling of classification etc. data collected from regular data sources

Information about the company is not personal data

The communication and documents between Dagmar and the Company (e.g. contacts, emails, electronic service forms, feedback, chat conversations, call recordings, inquiries, requests for quotations, orders and contracts that the Data Subject has performed on behalf of the Company, as well as the Data Subject’s data contained therein, are not personal data, but information describing the Company and are not subject to data protection legislation. Personal data also does not include the purchase history, usage data and other similar data of the products and services purchased by the Company.

3. Legal bases and purposes for processing personal data

Dagmar processes personal data on the following legal bases and purposes:

4. Where is the data collected

The data in the register is regularly collected from the Data Subject in connection with the use of the services and the website, in connection with a contact request or other filling in a form, an order, concluding a contract or other personal, electronic or telephone transactions, or in connection with participation in events. In addition, personal data may be collected and updated from open and public information concerning companies that the Company or its representatives have made public, e.g. On the Internet and publicly available sources of information, such as company websites, the Trade Register, postal operators, contact information services (e.g. Suomen Asiakastieto Oy, Fonecta Oy, Posti Oy).

The personal data of Data Subjects acting as representatives of the Company is usually obtained from the Company. Data on the verification, identification and identification of the data subject’s identity is obtained from banks and other providers of electronic signature and identification services. Information on the sanctions imposed by the European Union and the UN on a Company or Data Subject is obtained from the authorities and companies maintaining the sanctions lists.

5. To whom the data is disclosed or transferred

Dagmar may disclose the data in the register to Dagmar’s group companies and partners when it is necessary to fulfil the purposes of the register, e.g. for the delivery and invoicing of agreed products or services.

Otherwise, the data will not be disclosed to third parties without the consent of the Data Subject, except if it is necessary for the fulfilment of the Controller’s legal obligations, in connection with legal proceedings, at the request of the authorities or as part of business arrangements.

Dagmar uses the services of external subcontractors, for example. invoicing, monitoring receivables and managing debt collection; to maintain customer data; to manage cookie consents; ICT tasks, analytics, implementation of electronic messaging services and enterprise resource planning. Dagmar may transfer personal data to subcontractors to the extent necessary for the performance of the subcontractor’s services. These subcontractors process personal data on behalf of and on behalf of Dagmar in accordance with Dagmar’s instructions and this Privacy Policy. Subcontractors are bound by agreements with Dagmar on the processing of personal data, including confidentiality and data security clauses.

Personal data may also be transferred for processing in a country outside the EU/EEA. Unless the European Commission has decided that the level of data protection in the country of processing is adequate, Dagmar ensures an appropriate level of data protection by entering into written agreements with subcontractors using standard contractual clauses approved by the European Commission or by other legal procedure. The standard terms and conditions can be found at: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en.

On behalf of Dagmar, the monitoring of internet and mobile services is carried out by Google and Facebook, as well as the monitoring of the use of marketing letters and the maintenance of mailing lists by Hubspot. They may also use cookies to collect information for their own use in accordance with their own terms. They are responsible for their own cookies and the information they collect for their own use, see for more information at:
https://policies.google.com/technologies/cookies?hl=fi
https://fi-fi.facebook.com/policies/cookies/
https://legal.hubspot.com/privacy-policy

6. Processing of personal data concerning the controller’s social media users

Dagmar’s website uses social media functions (i.e. social plugins) such as social media. Facebook, Instagram, X, LinkedIn and Behance buttons that take you to the community pages that Dagmar likes.

Social media services share users’ data with Dagmar in accordance with their privacy policies and the consents given by the users, e.g. comments and links to Dagmar websites shared by the user in the media, as well as information contained in the user’s public profile. Dagmar processes personal data obtained through its social media sites on the basis of legitimate interest only for Dagmar’s own purposes, such as informing about new products, services or offers, conducting competitions and sweepstakes, receiving feedback, buying advertising from a social media service, measuring the reach of pages or advertisements, or providing customer service on community pages. Dagmar does not process the data outside of social media, and the information they share is not combined with Dagmar’s other information or registers without the user’s consent.

Community plugins are the responsibility of the company providing them. They are primarily responsible for compliance with data protection legislation and the implementation of information security and the Rights of the Data Subject in the Service. You can review the privacy policies of social media and manage their privacy settings on a service-specific basis:

• Behance: https://www.adobe.com/privacy.html
• Facebook ja Instagram: https://fi-fi.facebook.com/privacy/explanation
• Google: https://policies.google.com/privacy?hl=fi
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• X: https://twitter.com/fi/privacy

7. Principles of register protection and data retention period

Only those persons who need the data to perform their duties are entitled to use the data. Manual material is stored in locked rooms that correspond to the level of data protection. The personnel and subcontractors processing the data are committed to confidentiality obligations. The protection of electronically stored data is based on access management, technical protection of databases and servers, physical protection of premises, access control, data traffic protection and data backup.

The usage data of electronic services collected by cookies will be deleted in accordance with the deadlines indicated in connection with the cookie consents. Other data on the use of electronic services and data related to communication will be stored for five years in the above-mentioned period. time.

Diet, accessibility, accessibility and other similar information related to the organisation of events will be deleted after the event.

The Data Subject’s Basic, Marketing, Profile and Classification Data may be permanently stored for direct marketing purposes, unless the Data Subject has prohibited the processing of the data.

Anonymised data may be stored permanently.

Other personal data of the Data Subject related to the customer, supplier or other relationship between Dagmar and the Company will be stored for as long as it is necessary for the purpose of use and they will be deleted at the latest after the end of the relationship or after Dagmar has been informed that the Data Subject is no longer employed by the Company. However, the data may be stored for the above-mentioned purposes. in accordance with legal requirements.

Dagmar assesses the necessity of storing personal data on a regular basis, in addition to which it takes reasonable measures to ensure that no incompatible, outdated or incorrect personal data is stored in the register of the Data Subjects.

8. Data Access, Rectification and Other Rights of the Data Subject

The data subject has the right to inspect the data stored in the personal data register and to demand the rectification or deletion of incorrect, outdated, unnecessary or unlawful data. The data subject also has the right to withdraw the consent previously given to the processing of their personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing that took place before the withdrawal of the consent.

The data subject has the right to prohibit the processing of their personal data for the purposes of direct marketing and related profiling.

If the Data Subject has provided their personal data to the Data Controller and the processing is based on consent or a contract, they have the right to receive this data in a structured, commonly used and machine-readable format and the right to transfer the data to another controller in accordance with the legislation in force.

When the processing of personal data is based on legitimate interest, the Data Subject has the right to object to the processing of their data on grounds related to their personal special situation. In connection with the request, the data subject must specify the specific situation on which the objection is based.

In situations defined by law, the Data Subject may demand the restriction of the processing of their personal data, for example the suspension in whole or in part, when the Data Subject considers that there is ambiguity as to the accuracy of the data or the processing thereof.

Requests must be submitted in person, by letter or e-mail using the contact details specified in section 1. If necessary, Dagmar may ask the Data Subject to specify his/her request in writing and to prove his/her identity.

The data subject has the right to lodge a complaint about the processing of personal data with the Data Protection Ombudsman: tietosuoja.fi.