Drafted on 28.2.2019. No changes.

This is the register and privacy policy of DB Pro Services Oy, in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).

1. Data Controller

DB Pro Services Oy
Mechelininkatu 1A, FIN-00180 Helsinki
Business ID: 2974225-1

2. Contact Person for Register Matters

Timo Lindström
timo.lindstrom@dbproservices.fi
Puh. 010 592 0480

3. Name of the Register

Marketing and Customer Register.
This register contains personal data of our customers, potential customers, and their representatives.

4. Legal Basis and Purpose of Personal Data Processing

The legal basis for processing personal data under the EU General Data Protection Regulation is one of the following:

  • The individual’s consent (documented, voluntary, specific, informed, and unambiguous).
  • A contract in which the data subject is a party.
  • The legitimate interest of the data controller (e.g., customer relationship, employment relationship, membership).

The purposes of processing personal data are customer communication, customer relationship management, marketing, and improving the user experience on our website.

5. Contents of the Register

The following information may be stored about a registered person:

  • Name, email address, and title/responsibility area.
  • Company name, contact details, and industry, as well as basic information about the company’s IT infrastructure when applicable.
  • Information related to customer management and communication (e.g., purchase and cancellation details, feedback, and customer service interactions).
  • Web behavior data on the controller’s website and services.
  • Information related to marketing and promotional activities, such as participation in marketing campaigns, webinars, and events.
  • Technical data and cookies sent to the registrant’s browser and related information.
  • Employee and job applicant information.

6. Regular Data Sources

Data stored in the register is obtained from customers through, for example:

  • Messages submitted via web forms, emails, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their information.
  • The data controller also monitors website visits via Google Analytics, including cookies and IP addresses.
  • Personal data may also be purchased for marketing purposes from external registers, ensuring that the provider has the right to disclose the data.
  • Personal data may be collected and supplemented from public sources.

Google Analytics details: https://analytics.google.com/analytics/web/

7. Cookies

This website uses cookies—small text files placed on your device—to improve the user experience. Cookies are typically used to store user preferences, save shopping cart information, and provide anonymous tracking data for third-party applications such as Google Analytics.

Cookies generally enhance your browsing experience. However, you can disable cookies on this site if you wish. The most effective way to do this is to clear the cookies stored in your browser settings. We recommend checking your browser’s instructions or visiting the About Cookies website for guidance on managing cookies in different modern browsers.

8. Regular Data Disclosures and Transfers Outside the EU or EEA

Data is not regularly disclosed to third parties for sales or marketing purposes. Data may be disclosed or published as agreed with the customer.

Personal data processing may involve service providers who may have access to personal data from outside the EU/EEA. In such cases, the data controller ensures appropriate and lawful processing of personal data in accordance with data protection legislation.

Personal data may only be transferred outside the EU/EEA based on one of the following lawful grounds:

  • The European Commission has determined that the recipient country ensures an adequate level of data protection.
  • Appropriate safeguards have been implemented for data transfer using the European Commission’s standard contractual clauses.
  • The individual has given explicit consent for the data transfer.
  • Another lawful basis for the transfer exists, such as the EU-U.S. Privacy Shield framework for transfers to the United States.

9. Principles of Register Protection

The processing of the register follows due diligence, and data stored in information systems is adequately protected. When register data is stored on internet servers, the physical and digital security of the hardware is properly ensured.

The data controller ensures that stored data, server access rights, and other critical personal data security information are handled confidentially and only by employees whose job descriptions require it.

10. Right of Access and Right to Rectify Information

Every person in the register has the right to review their stored data and request the correction of any incorrect or incomplete information. If a person wishes to check their stored data or request a correction, they must submit a written request to the data controller.

The data controller may request the requester to verify their identity.

11. Other Rights Related to Personal Data Processing

Depending on the legal basis of data collection, registered individuals have the right to request the deletion of their personal data (“right to be forgotten”).

Additionally, individuals have other rights under the EU General Data Protection Regulation, such as the right to restrict data processing in certain situations. Requests must be submitted in writing to the data controller.

The data controller may ask the requester to verify their identity.