PRIVACY POLICY AND COOKIE POLICY


Hi!

We are Nanohabits, 15/30 Research Oy (FI16350961) of Katajanokankatu 7, 00170, Helsinki, Finland, and you’re reading our Privacy Policy and Cookie Policy. You can contact us at info@nanohabits.com

The purpose of this policy is to explain how we handle your information as a customer of 15/30 Research Oy or Nanohabits, or as a visitor to our site (www.nanohabits.com or www.nanohabits.fi).

By using the term “we”, we are referring to ourselves, as owners of the websites, and as those responsible for maintaining them. The name of the register we collect data to is “Customer and marketing register”.


Our commitment

As well sticking sellotape over our laptop web cameras, we do take our other security measures seriously. That’s why this policy refers to our commitment to handle and treat the information of our customers, stakeholders and all other interested parties with the strictest care and confidentiality. This policy also underlines our assurance that we collect, store and manage data in a transparent and respectful manner considering the rights of the individuals aforementioned.


Which persons are committed to this policy?

All employees of our company must follow this policy, as must our contracted partners and any external entities with whom we operate professionally. In essence, anyone who works with us or alongside us and may require occasional access to our data.

What are cookies and why they are used?

Cookies are small data files that are created by websites you visit and that may be placed on your computer. They make navigating on the website easier and optimise your use of the website. Cookies make your online experience better and easier by saving certain types of information such as your browsing history. There are different types of cookies, and they can be distinguished on the basis of their origin, function and lifespan.


Why do we collect and process personal data?

In other words, what are the legal bases and purpose of the processing of personal data?
The bases for processing personal data are our legitimate interests (like customer relationship management), consent of a customer and/or performance of a contract.

We process personal data to:
deliver and develop our products and services, fulfill contractual and other obligations, commit to keeping promises we have made take care of the customer relationships analyze and profile behaviour in order to communicate with relevancy conduct research studies (we do research occasionally) enable electronic and direct marketing, and target advertising In simplish English, we do this because we need to be able to store and process information; to keep in touch with our clients, provide amazing customer care and also prospect future customers. It’s also necessary for deducing and analysing people’s interests, considering in particular, our website. This allows us to develop the things that people are actually interested in, and send information that the recipients find especially valuable, relevant and even cool!

We process information ourselves and also use subcontractors that process personal data for us and on behalf of us (Activecampaign, Squarespace and Google).
We also use the personal data stored in our customer register for profiling purposes. Profiling is carried out by creating a unique customer ID for the data subject and storing this ID on the device of the data subject. This enables us or our subcontractor to combine the data generated by the use of different services and products, and to create a profile of the data subject’s behavior. The purpose of this profiling is to identify customer behaviour; to enable more accurate target marketing and development of our services to better meet our customers’ needs.

Let us provide you with an example of what this could mean in practice. For instance, depending on how you navigate and engage with our website, we may customise our marketing emails to you, so that they contain information which you are most likely to be interested in (assuming that we have your email address and we have a legal basis for sending emails to you). Of course, you are able to opt out of our marketing emails at any given time, if you don’t find them interesting or if you love someone else more than us (said with jealousy).


What Data Do We Process?

We process the following personal data of our customers and other data subjects (e.g individuals participating in our Nanohabit Programs, Thinking Lab events, webinars, etc.) in connection with our Customer and Marketing register:

  • Basic information of the data subject such as name, customer number, identification number, username and/or other identifier.

  • Contact information of the data subject such as e-mail address, phone number, postal address, social media address (like a link to the LinkedIn profile).

  • Information of the company and industry, the data subject is working for, work title Company’s contact persons such as names and contact details of the contact persons.

  • Information of the customership and the contract such as information of past and current contracts and orders, correspondence with the customer and other references, customer’s payment information and other information of the customership which the customer itself voluntarily provides to our systems.

  • Information of the connection and device which the data subject is using, such as the IP address, device ID or other device identifier and cookies; Information on events the data subject is taking part in such as information related to event registration (including dietary data) and invoicing.

  • Information related to the data subject’s direct marketing opt-out.

  • Other possible information gathered with data subject’s consent like for instance survey results.

Where is our data from?

We receive information primarily from the data subject him-/her-/itself, contact information from service providers, customers own websites and other similar reliable sources.

For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is executed either manually or by automated means.

For the purposes which we cover in this privacy policy, we may also collect and update personal data from sources which are publicly shared, and information which is received from authorities or other third parties, subject to laws and regulations which apply. This also, will either occur manually or through automated methods.

To whom do we disclose data and do we transfer data outside EU?

We don’t disclose information from our register with external third parties.
As well as processing our own information, we also use subcontractors that process personal data both on our behalf as well as for us (like Activecampaign).

Subject to operational needs, we may transfer personal data outside EU/EEA. In the event that occurs, we shall ensure that any personal data subject to transfer, is protected in accordance with privacy legislations in place at that time.


How long do we store the data?

We will store data only until it’s existence in our system is no longer necessary. Personal data within our customer management system and marketing register will be deleted after the given fixed-period has ended or when activities with marketing or customers outreach have become outdated or unresponsive.

We keep our storage of data constantly up to date with legislative changes. We also ensure that any personal data which falls short of the legal requirements to be kept in our register, is deleted or corrected according to legalities. This pertains to any incompatible, outdated or inaccurate data.

How do we protect the data?

Our customer information and data is stored into management systems and databases which are protected by passwords as well as other technical measures.
Any backup of these databases and systems are locked in our professional premises which can only be accessed by our staff. Each member of staff has individual credentials through which they can access the databases and systems where the information has been secured. These staff have also been educated on measures of security, related to data management and handling.

What are your rights as a data subject?

As the subject yourself, you do of course have the right to access any personal data we have stored about yourself. You therefore also have the right to rectify or remove your data completely from our records, should you deem that necessary. This relates to your right to withdraw consent and allowance for data portability. You may also uphold your right to object to processing or restrict the ability that we have to do so, should you wish to, and you may also lodge a complaint with a supervising authority, if required.

When processing the data is based on the customer relationship, you have a right to object to customer profiling and other forms of processing your data, when providing specific personal reasons. You should, however cite the specific situation by which you object to this processing.

Considering direct marketing, you have the right to object processing at any time. This includes the matter of profiling your data.

All requests and requirements concerning this section should be submitted in writing to info@nanohabits.com.

Changes in this Privacy Policy

In the situation where changes are made to this privacy policy, we will update the policy on our website with details of its amendment date. Should the amendments be significant, we may also choose to inform you of them by other means, such as email. We would advise you to keep up to date with our policy by reviewing it now and again, to check for any amendments or changes which may affect you.