Dated May 1, 2018
1. General information
2. Data other than personal data
The Supplier may collect data other than data classified as personal data from its users using various methods. This data is necessary for monitoring the use of the Website, and we use the data to improve the Website.
3. Personal data
The Supplier collects and processes certain personal data of the users of the Website and other data that the User has submitted on different types of contact request forms through the Supplier’s website planmill.com, server sub-pages or sub-domains (e.g. help.planmill.com) or by email.
Based on the data submitted on the website, we can grant access to those parts and contents of the online service that the User has requested.
By collecting and processing personal data, we may also send targeted marketing messages to the User. If the User does not approve the use of his or her information as described above, the User can prevent the use of his or her information by sending a written request to firstname.lastname@example.org.
Additional information on the processing of personal data and the User’s right below in the marketing register.
4. Disclosure of data
The Supplier can submit statistics to third parties including use and user data and data other than personal data, but these statistics do not contain identifier information.
The website is protected using technical and organizational means. The website data is saved on servers and systems that are protected using firewalls, passwords and other technical means. Access to personal data is only granted if necessary for the processing of the data. All data processors have the obligation to observe secrecy.
Read more about using cookies.
When the User delivers personal data through the Website, the User gives the Supplier and/or third parties the consent to use the data as described on the Website in question.
An approval on the Website only applies to the user data stored on the Website. If the User has submitted the data to the Supplier in another way than through the Website, an approval issued on the Website does not affect the use of the data in question.
8. Trasferring personal data outside the EEA
We can transfer personal data outside the EU or the European Economic Area when our partner carrying out a commission is located outside these area. In such cases, we ensure the appropriate protective measures to ensure the rights and freedoms of data subjects in accordance with the applicable data protection legislation, such as the EU’s General Data Protection Regulation (2016/679).
For example, a service provider implementing marketing for us can transfer personal data to the United States in connection with the production of the service. In a case such as this one, the appropriate measures protecting personal data are carried out in such a way that the service provider is committed to what is referred to as the Privacy Shield arrangement between the United States and the EU, or we use the model data protection contract clauses approved by the EU. You can find further information on the Privacy Shield arrangement here https://www.privacyshield.gov/welcome.
9. Website of third parties
1. Data controller and register
PlanMill Oy (Business ID 2062705-4)
Hämeentie 19, 00500 Helsinki, Finland
PlanMill Oy’s marketing registers
Contact person in matters concerning the register
00500 Helsinki, Finland
Tel. +358 10 322 9110
You can also contact by email at email@example.com or by calling our switchboard.
2. Data stored in the register
The register contains data on the data subject’s role in the company, corporation or public position and other data necessary in view of the purpose of the register. The data includes basic company info as well as the names and contact information of company decision-makers and key persons.
Regular data sources
Data is stored in the marketing register based on contact forms received from PlanMill Oy’s public website (including test IDs and contact us). In addition, personal data can be obtained from other sources to the extent allowed by applicable laws, such sources including the Trade Register, the Population Information System, the Business Information System or the address data system of Posti.
You do not have to give us your personal data, but in that case, we may be unable to offer you our service.
The user rights of PlanMill Oy’s employees are transferred to the marketing register through the company’s user management system.
Personal data is stored only for a long as it necessary to carry out the purposes of use defined in this register.
Personal data is stored for the duration of the customer relationship. Personal data can also be stored as necessary after the end of the customer relationship to the extent allowed or required by the applicable law. For example, after the customer relationship has ended we typically store personal data that is necessary to respond to requirements or claims, in accordance with the valid provisions concerning the period of limitation. We may also store personal data as necessary to comply with your decision to opt out of direct marketing, for example.
The personal data is removed once its storage is no longer necessary pursuant to the law or the fulfilment of either party’s rights or obligations.
The storage periods for personal data concerning the PlanMill Oy’s employees are related to the terms of their employment contracts and can be reviewed by consulting the employment contract or the Supplier’s personnel instructions.
3. Register’s purpose and legal basis for processing personal data
We only collect and process personal data necessary for carrying out our business, managing customer relationships and for appropriate commercial purposes.
We process your personal data for the following purposes:
Sales and marketing
We can contact you to tell you about the properties of new products, for example, or to market and sell you other products or services. We can also process your personal data for the purposes of marketing research and customer surveys. The processing of personal data is based on our legitimate interest to provide information as part of a service and to market our other products to you. You have the right to object to your personal data being processed for the purposes of direct marketing at any time (see paragraph 6 of this register).
Service development, data security and internal reporting
We also process personal data to ensure the data security of the product and the website, to improve the quality of the product and the website, and to develop the product. We can also compile internal reports on the basis of personal data; these reports are put at the disposal of our management for the appropriate management of our business. In these cases, the processing of personal data is based on our legitimate interest to ensure the appropriate data security of our product and website and to receive adequate and appropriate information for the product’s development and the management of our business.
Other purposes you have consented to
We also process your personal data for other purposes, if you have given us your consent for such processing.
4. Personal data transfers and disclosures
We can disclose personal data to third parties
- to the extent allowed or required by law, such as to carry out a request for information made by a competent authority or in relation to legal proceedings.
- when our partners process personal data on our behalf and according to our instructions. We always ensure the appropriate processing of your personal data.
- in the event that we are party to a merger, corporate arrangement or the disposal of business or a part thereof.
- when we consider the disclosure to be necessary for the realisation of our rights, protecting the safety of you and others, investigating misuse, or responding to a request made by an authority.
- at your consent to the parties the consent applies to.
5. General principles of personal data use and protection
PlanMill Oy’s employees’ privilege management is carried out using a role-based user management process in which each employee is given only those privileges required for their task and job description.
Data in the marketing register may also be updated by a contractual partner of PlanMill Oy. In this case, PlanMill Oy is responsible for the activities and data security of its contractual partner, as it would be for its own.
Google’s tag manager and analytics (securing data).
6. Rights of data subjects
According to the current data protection legislation, the marketing register contains personal data that constitutes a person register. With respect to this, the data subjects have rights to their data as provided for in regulations and laid down in the legislation.
You have the right to check your personal data. You can also request the rectification, update or erasure of your personal data at any time. However, please note that the personal data necessary for carrying out the purpose defined in this Policy or the retention of which is required by law cannot be erased.
You have the right to object to or restrict the processing of your personal data to the extent required by the applicable law.
In accordance with the applicable law, you have, in some cases, the right to data portability, i.e. the right to receive your personal data in a structured, commonly used and machine-readable format and the right to transmit the data to another controller.
When we process your personal data on the basis of your consent, you have the right to withdraw the consent you have given at any time. After this, we will not process your personal data unless there is some other legal basis for such processing.
You can exercise your rights by sending a request to us to the address firstname.lastname@example.org.
If you think that the processing of your personal data is inappropriate, you have the right to contact to the Data Protection Ombudsman in the matter. The contact details of the Data Protection Ombudsman are available here.
7. Data security
We carry out the appropriate measures (including physical, digital and administrative measures) to protect personal data against loss, destruction, misuse and unauthorised access or disclosure). For example, personal data can only be accessed by the people who need it to carry out their work.
If you have any further inquiries about this Policy or the processing of your personal data, please send us an email to the address email@example.com.