The purpose of this policy is to explain how we handle your information as a customer of 15/30 Research Oy or Nanohabits™, or as a visitor to our sites (www.15/30.fi or www.nanohabits.com).
By using the term “we”, we are referring to ourselves, as owners of the websites, and as those responsible for maintaining them. The name of the register we collect data to is “Customer and marketing register”.
As well sticking sellotape over our laptop web cameras, we do take our other security measures seriously. That’s why this policy refers to our commitment to handle and treat the information of our customers, stakeholders and all other interested parties with the strictest care and confidentiality. This policy also underlines our assurance that we collect, store and manage data in a transparent and respectful manner considering the rights of the individuals aforementioned.
Which persons are committed to this policy?
All employees of our company must follow this policy, as must our contracted partners and any external entities with whom we operate professionally. In essence, anyone who works with us or alongside us and may require occasional access to our data.
Why do we collect and process personal data?
In other words, what are the legal bases and purpose of the processing of personal data?
The bases for processing personal data are our legitimate interests (like customer relationship management), consent of a customer and/or performance of a contract.
We process personal data to:
- deliver and develop our products and services,
- fulfill contractual and other obligations,
- commit to keeping promises we have made
- take care of the customer relationships
- analyze and profile behaviour in order to communicate with relevancy
- conduct research studies (we do research occasionally)
- enable electronic and direct marketing, and
- target advertising
In simplish English, we do this because we need to be able to store and process information; to keep in touch with our clients, provide amazing customer care and also prospect future customers. It’s also necessary for deducing and analysing people’s interests, considering in particular, our website. This allows us to develop the things that people are actually interested in, and send information that the recipients find especially valuable, relevant and even cool!
We process information ourselves and also use subcontractors that process personal data for us and on behalf of us (Activecampaign, Squarespace and Google).
We also use the personal data stored in our customer register for profiling purposes. Profiling is carried out by creating a unique customer ID for the data subject and storing this ID on the device of the data subject. This enables us or our subcontractor to combine the data generated by the use of different services and products, and to create a profile of the data subject’s behavior. The purpose of this profiling is to identify customer behaviour; to enable more accurate target marketing and development of our services to better meet our customers’ needs.
Let us provide you with an example of what this could mean in practice. For instance, depending on how you navigate and engage with our website, we may customise our marketing emails to you, so that they contain information which you are most likely to be interested in (assuming that we have your email address and we have a legal basis for sending emails to you). Of course, you are able to opt out of our marketing emails at any given time, if you don’t find them interesting or if you love someone else more than us (said with jealousy).
What Data Do We Process?
We process the following personal data of our customers and other data subjects (e.g individuals participating in our Nanohabit Sprints, Thinking Lab events, webinars, etc.) in connection with our Customer and Marketing register:
- Basic information of the data subject such as name, customer number, identification number, username and/or other identifier;
- Contact information of the data subject such as e-mail address, phone number, postal address, social media address (like a link to the LinkedIn profile);
- Information of the company and industry, the data subject is working for, work title
- Company’s contact persons such as names and contact details of the contact persons;
- Information of the customership and the contract such as information of past and current contracts and orders, correspondence with the customer and other references, customer’s payment information and other information of the customership which the customer itself voluntarily provides to our systems;
- Information of the connection and device which the data subject is using, such as the IP address, device ID or other device identifier and cookies;
- Information on events the data subject is taking part in such as information related to event registration (including dietary data) and invoicing;
- Information related to the data subject’s direct marketing opt-out;
- Other possible information gathered with data subject’s consent like for instance survey results
Where is our data from?
We receive information primarily from the data subject him-/her-/itself, contact information from service providers, customers own websites and other similar reliable sources.
To whom do we disclose data and do we transfer data outside EU?
We don’t disclose information from our register with external third parties.
As well as processing our own information, we also use subcontractors that process personal data both on our behalf as well as for us (like Activecampaign).
Subject to operational needs, we may transfer personal data outside EU/EEA. In the event that occurs, we shall ensure that any personal data subject to transfer, is protected in accordance with privacy legislations in place at that time.
How long do we store the data?
We will store data only until it’s existence in our system is no longer necessary. Personal data within our customer management system and marketing register will be deleted after the given fixed-period has ended or when activities with marketing or customers outreach have become outdated or unresponsive.
We keep our storage of data constantly up to date with legislative changes. We also ensure that any personal data which falls short of the legal requirements to be kept in our register, is deleted or corrected according to legalities. This pertains to any incompatible, outdated or inaccurate data.
How do we protect the data?
Our customer information and data is stored into management systems and databases which are protected by passwords as well as other technical measures.
Any backup of these databases and systems are locked in our professional premises which can only be accessed by our staff. Each member of staff has individual credentials through which they can access the databases and systems where the information has been secured. These staff have also been educated on measures of security, related to data management and handling.
What are your rights as a data subject?
As the subject yourself, you do of course have the right to access any personal data we have stored about yourself. You therefore also have the right to rectify or remove your data completely from our records, should you deem that necessary. This relates to your right to withdraw consent and allowance for data portability. You may also uphold your right to object to processing or restrict the ability that we have to do so, should you wish to, and you may also lodge a complaint with a supervising authority, if required.
When processing the data is based on the customer relationship, you have a right to object to customer profiling and other forms of processing your data, when providing specific personal reasons. You should, however cite the specific situation by which you object to this processing.
Considering direct marketing, you have the right to object processing at any time. This includes the matter of profiling your data.
All requests and requirements concerning this section should be submitted in writing to firstname.lastname@example.org.