ICARE FINLAND OY (Business ID 1084502-3) (“Icare”)
Address: Äyritie 22, 01510 VANTAA, Finland
telephone: +358 9 8775 1150
email: [email protected]
2. NAME OF REGISTER
Name of the register is Icare’s website prospect register.
The provision of personal data is voluntary. In case you do not provide the data that is marked as obligatory when the data is requested, Icare is not able to provide you with the requested newsletter or all information on Icare websites.
3. PURPOSE OF DATA PROCESSING AND LEGAL BASIS FOR PROCESSING
The personal data collected is used for the following purposes and based on the indicated legal basis:
(a) marketing of Icare’s products and services, direct marketing and newsletters as allowed by law (legal basis for processing is Icare’s legitimate interests except when your consent is required by law);
(b) development of Icare’s products and services and website as well as using the information received through cookies (legal basis is Icare’s legitimate interests except when your consent is required by law for cookies, or we process your answers to surveys based on your consent)
(c) the data can be compared, segmented and analyzed and you can be profiled, in order to give you information, offers or recommendations by means of direct marketing (including but not limited to by displaying personalized banners) regarding Icare’s products and services. Such direct marketing is based on your consent;
(d) processing is necessary for compliance with a legal obligation to which Icare is subject;
(e) processing is necessary for the purposes of the legitimate interests of Icare, except where such interests are overridden by your interests or fundamental rights and freedoms;
(f) taking care of regulated personal data obligations of Icare.
Where the processing is based on your consent you have the right to withdraw your consent for the processing. To withdraw your consent, please contact [email protected].
The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.
4. CONTENT OF REGISTER
• your first name(s) and last name;
• your company or other organization and address of the company or other organization;
• your position in your organization;
• your email address;
• your telephone number;
• other contact information given by you;
• your IP-address and information on browsing and otherwise using Icare’s websites;
• your feedback to Icare or your responses to surveys, opinion polls or competitions.
5. REGULAR SOURCES OF PERSONAL DATA
• enquiry from you;
• when you use Icare’s websites;
• when you contact Icare’s customer service;
• data from Icare’s distributor network (includes distributors, agents and sales representatives) or Icare USA Inc. in order to market Icare’s products and services;
• data through contact and other forms and when you give answers to surveys, polls and competitions; and
• data collected through cookies
6. REGULAR TRANSFEREES OF DATA
The personal data is transferred to following third parties for the following purposes:
• Icare’s distributor network (includes distributors, agents and sales representatives) or Icare USA Inc. in order to market Icare’s products and services;
• Icare can also provide data to third parties, who process personal data on behalf of Icare, such as companies who perform direct marketing services on Icare’s behalf and IT-service providers;
• personal data can be transferred if it is necessary to comply with legislation or requirements of authorities, to supervise and enforce Icare’s legitimate interests or to detect, defend against or repair fraud or security or technical problems; and
7. TRANSFER TO COUNTRIES OUTSIDE EU / EEA
Icare transfers your personal data to the following countries outside the European Economic Area (EEA) and European Union (EU): i) the USA.
The basis of a transfer outside the EU area is the model clauses of the EU Commission. The contract text is available on the internet at the address http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm.
9. METHODS HOW PERSONAL DATA IS SECURED
The personal data is secured by using, for example, the following methods and principles:
(a) locks at Icare’s and its subcontractors’ premises;
(b) electrical surveillance systems of Icare’s and its subcontractors’ premises and equipment;
(c) firewall, anti-malware and spam filtering systems of Icare’s and its subcontractors’ communication networks and other software and hardware that protect the security of communication networks;
(d) professional knowledge of Icare’s personnel;
(e) training of Icare’s personnel;
(f) the content of the register is in electronic form except for temporary special occasions; and
(g) Icare’s policies and guidelines relating to personal data matters.
10. RETENTION PERIODS OF PERSONAL DATA
The personal data will be stored during the time period for which is necessary in relation to the purposes for which they are processed. Icare may also store personal data for as long as it is needed for the establishment, exercise or defence of legal claims.
Customer data is, in principle, retained for 10 years from the collection of such data. Personal data collected for marketing purposes will be stored until we are requested to stop processing such personal data for marketing purposes.
11. RIGHTS OF DATA SUBJECTS
• RIGHT OF ACCESS
You have the right to get information on which data on you is being processed or information that no such data is being processed.
Where such personal data are being processed, Icare shall provide the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom the personal data are to be or have been disclosed, in particular to recipient in Third Countries;
(d) the period for which the personal data will be stored;
(e) the existence of the right to request from Icare rectification or erasure of your personal data or to object to the processing of such personal data;
(f) the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority;
(g) communication of the personal data undergoing processing and of any available information as to their source;
(h) the significance and envisaged consequences of such processing, at least in the case of measures which produce legal effects concerning you or significantly affects you and which are based solely on automated processing intended to evaluate certain personal aspects relating to you or to analyze or predict in particular your performance at work, economic situation, location, health, personal preferences, reliability or behavior; and
(i) information on the regular sources of personal data.
Where you make the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by you.
Icare shall provide a copy of your personal data undergoing processing. For any further copies requested by you, Icare may charge a reasonable fee based on administrative costs.
• RIGHT TO RECTIFICATION AND RIGHT TO LODGE COMPLAINT TO SUPERVISORY AUTHORITY
Icare shall, at your request, without undue delay correct, erase or supplement personal data contained in its personal data register if the data is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing, including by way of supplementing a corrective statement.
If Icare refuses your request of the correction of the data, Icare will give you a written certificate regarding this. The certificate will also include the reasons for the refusal. In such event, you may bring the matter to be handled by the Data Protection Ombudsman.
You have the right to lodge a complaint to the supervisory authority. The contact details of the supervisory authority: www.tietosuoja.fi
• RIGHT TO PROHIBIT PROCESSING
You have the right to prohibit Icare to process your personal data for purposes of direct advertising, distance selling, other direct marketing, market research, opinion polls, catalog on persons or genealogical research.
You have the right not to be subject to a measure which produces legal effects concerning you or significantly affects you, and which is based solely on automated processing intended to evaluate certain personal aspects relating to you or to analyse or predict in particular your performance at work, economic situation, location, health, personal preferences, reliability or behaviour.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data which is based on either of the following grounds for processing: (i) when processing has been found necessary for the purposes of the legitimate interests of Icare or (ii) when processing has been found necessary in order to protect your vital interests. You however do not have the right to object, if Icare demonstrates compelling legitimate grounds for the processing which override your interests or fundamental rights and freedoms.
• RIGHT TO WITHDRAW CONSENT
Where the processing of your personal data is based on your consent you have the right to withdraw your consent for the processing.
You have the right to object to the processing of your personal data for direct marketing purposes. You can prevent the sending of direct marketing by clicking the adjacent link unsubscribe from marketing communications.
• RIGHT TO BE FORGOTTEN AND RIGHT TO ERASURE
You have the right to obtain from Icare the erasure of personal data relating to you and the abstention from further dissemination of such data, where one of the following grounds applies:
(a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) you withdraw the consent on which the processing is based, or when the storage period consented to has expired, and where there is no other legal ground for the processing of the data;
(c) you object to the processing of personal data pursuant to Section 15 of this policy; or
(d) the processing of the data does not comply with lawful requirements for other reasons.
Instead of erasure, Icare shall restrict processing of personal data where:
(a) their accuracy is contested by you, for a period enabling Icare to verify the accuracy of the data;
(b) Icare no longer needs the personal data for the accomplishment of its task but they have to be maintained for purposes of proof; or
(c) the processing is unlawful and you oppose their erasure and request the restriction of their use instead.
In cases of restriction of processing of personal data in cases defined above, the personal data may, with the exception of storage, only be processed for purposes of proof, or with your consent, or for the protection of the rights of another natural or legal person or for an objective of public interest.