PRIVACY POLICY

2022-1-1

1 PERSONAL DATA REGISTRANT AND CONTACT PERSON

Business Hacker Oy
Kaksostenkatu 9
53850 Lappeenranta
Contact Person
Tommi Rissanen
tommi@businesshacker.fi

2 PROCESSING OF PERSONAL INFORMATION

2.1 CATEGORIES OF PERSONAL INFORMATION

Name and email address are required to use the service. In addition, the service collects information from the defendant's Business id, which in the case of a self-employed entrepreneur is also personal information. Personal information is temporarily attached to the sessionID and permanently to the user's responses.

2.2 PROCESSING OF PERSONAL INFORMATION

Personal information is used for following purposes:

Service providing, such as:

  • To fulfill contracts and orders
  • Responding to customer support requests.
  • Providing access to certain functions and features of our services

Administrative purposes, such as:

  • Communication
  • Enforcing our agreements
  • Complying with our legal obligations
  • Pursuing legitimate interests, such as authentication and verification, network and information security, anti-fraud and quality assurance
  • Tracking interest and commitment to our services and improving our services
  • Development of new products and services

Marketing, such as:

  • We may use aggregated personal information to customize content and advertisements on our website
  • We may target direct marketing via email of our products to registrants who have authorized this

2.3 THE LEGAL JUSTIFICATION FOR PROCESSING

The processing of personal data is based on both the execution of a contract (Article 6(1)(b) of the GDPR), i.e. the fulfillment of an order or other request and the consent of the data subject (Article 6(1)(a)). The processing of personal data may sometimes also be based on the fulfillment of our legal obligation (Article 6(1)(c)) or on the controller’s legitimate interests (Article 6(1)(f)), for example in the case of marketing purposes.

2.4 AUTOMATED DECISION MAKING

The user of the service will not be subject to automatic decision-making.

2.5 DATA SOURCES AND RETENTION

The personal data has been received from the users/customers. The personal information is retained for as long as, and for no longer than, necessary to achieve the purposes for which it was collected, such as during a customer relationship or while meeting a communication need. Anonymized survey responses will be retained for the time being.

2.6 DISCLOSURE AND TRANSFER OF DATA

There are no regular disclosures of personal data. The controller processes the data itself and utilizes subcontractors acting on behalf and for the account of the controller in the processing of personal data. Otherwise, the personal data in the register will not be disclosed to third parties by the controller, except as required by law.

The data is located in data centers in Finland. Personal data is not transferred outside the European Union or the European Economic Area.

3 SUBJECTS’ PRIVACY RIGHTS

According to the European Union’s General Data Protection Regulation (GDPR), data subjects have the right:

  • to obtain information on the processing of their personal data;
  • of access to their data;
  • to rectification of their data;
  • to the erasure of their data and to be forgotten;
  • to restrict the processing of their data;
  • to data portability;
  • to object to the processing of their data, and
  • not to be subject to a decision based solely on automated processing.

If you would like to use your rights, please contact us as instructed below.

4 SECURITY OF PERSONAL INFORMATION

Personal data is protected by appropriate physical, electronic and administrative procedures. The data is not accessible to other users, and is stored in systems that cannot be accessed from outside of the cloud environment. All data stored in the database or in temporary backups are encrypted at rest and in transit. A limited amount of backups exist at any given time, and they are also accessible only to administrators.

Overall, the principle of privacy-by-design is conducted in all of development and system architectures, and all data processors are aware of and have received appropriate training in the processing of personal data.

5 CHANGES TO OUR PRIVACY POLICY

The Privacy Policy is periodically reviewed to keep it up to date. If significant changes are made to this Privacy Policy, data subjects are notified as required by applicable law.

6 CONTACT US

For personal data protection or privacy issues, please contact the contact person of the personal data registrant.