Privacy Statement
General
With this privacy policy, we inform the contact persons of our customer organizations, users of our service and newsletter subscribers about the processing of their personal data.
Controller of the personal data and its contact details
The controller of the personal data is:
Thinking Portfolio Oy (Business ID 1712122-0)
Aleksanterinkatu 48 B
00100 Helsinki, Finland
Data security and privacy contact person: privacy@thinkingportfolio.com
What information can be collected about me?
- name
- e-mail address
- username and password
- telephone number
- organization’s name
- IP address
- Country
- Consents and bans related to direct marketing
- Additional information voluntarily provided by the person
Except for voluntarily provided additional information, the processing of the above-mentioned data is necessary to comply with the agreement between Thinking Portfolio Oy and the client organization and to provide the agreed services. For newsletter subscribers, only name, country, organization’s name and email address are necessary.
The main source of information is the user him-/herself. In addition, data may be obtained directly from the organization for which the user works.
What is my personal data used for?
Personal data is used for:
- ordering the service
- logging in to the demo environment
- producing and developing the service (e.g. support requests)
- maintaining and developing customer relationships (e.g. invoicing and customer satisfaction surveys)
- marketing and communications (e.g. sending newsletters, organizing events, utilizing web analytics and downloading materials)
- logging in to the electronic learning environment
- managing the service and informing about development
Data is primarily processed based on the customer relationship between the customer and Thinking Portfolio Oy, the contract and the use of the system. In addition, data is processed based on legal obligations, for example, accounting obligations and direct marketing prohibitions. The processing of marketing, newsletters and communications is based on Thinking Portfolio Oy’s legitimate interest. With regard to data voluntarily provided by the user, the processing is based on the consent given by the user.
How is my data stored and protected?
All personal data is protected against unauthorized access and accidental or unlawful destruction, alteration, disclosure, transfer or other unlawful processing.
Thinking Portfolio Oy stores and processes personal data within the EU/EEA. The servers are protected against data breaches and denial-of-service attacks.
In the processing of personal data and technical solutions, we follow good data protection practices.
All access to personal data is controlled in accordance with good practices.
Who processes my personal data?
Thinking Portfolio Oy’s own employees have access to personal data and our staff has been trained to use the data lawfully. Each of our employees sees personal data only to the extent necessary for the performance of their duties.
In addition, the access to personal data is with Thinking Portfolio Oy’s partners who are used as Thinking Portfolio’s service providers or subcontractors to process personal data in accordance with this privacy policy. The requirements of the EU General Data Protection Regulation and other legislation have been taken into account in the agreements with all partners.
How long will my data be stored?
We will only retain your personal data for as long as necessary to fulfil the purposes described in this policy. In addition, some data may be stored longer to the extent necessary to fulfil legal obligations, such as accounting and contractual responsibilities, and to demonstrate their proper performance. You can unsubscribe from newsletters at any time (e.g. via the link in the newsletters).
For some data, legislation imposes obligations on the long-term storage of data, for example for the following purposes:
- System log data is collected and stored as required by law so that we can provide a legal and secure service to our customers.
- Taking sufficient backups of databases and systems to secure data, correct error situations and ensure data security and continuity.
When the personal data is no longer needed as defined above, the data will be destroyed within a reasonable time.
What rights do I have?
You have the right to:
- To be informed whether personal data concerning you are being processed and to have access to personal data concerning you, including the right to receive a copy of your personal data
- Request correction or deletion of your personal data
- Under certain conditions, request restriction of processing or object to the processing of personal data
- Request the transfer of your data to another controller
In addition, if the processing is based on separate consent, you have the right to withdraw your consent at any time. Withdrawing consent may result in all functionalities or services of our information system not being available.
You can make a request to exercise your rights by contacting the controller’s contact person mentioned above.
If you notice that the processing is incomplete or unlawful, you have the right to lodge a complaint with the Data Protection Authority (see www.tietosuoja.fi/en/home).
How can I influence the use of my data?
Thinking Portfolio Oy is committed to providing its customers with opportunities to influence the processing of their data.
You can decide on marketing targeted at you, value-added services and whether or not to receive various marketing messages. We are constantly developing our service, so functions can be added, changed or removed.
Will my personal data be disclosed to third parties?
We will not disclose information to third parties without your consent, except to competent authorities in accordance with applicable law. We may outsource the processing of personal data to our service providers and subcontractors in accordance with applicable data protection legislation.
Can this privacy policy be changed?
Due to the development of services and changes in legislation, we reserve the right to change the privacy statement. We recommend customers and users to review the contents of the privacy statement regularly. Significant changes to the privacy statement will be notified to customers in connection with the updating of the terms.
Version 4th January 2024