GDPR

This is a statement of Enterprise Privacy Policy according to the Personal Data Act (10 and 24 §) and the European Union’s General Data Protection Regulation (GDPR). In this statement personal data will be referred to as “Data”.

Register Name (”Register”)

VividWorks contact person register (later “Register”).

Controller

VividWorks Oy, Business ID 2012897-6
Kirkkokatu 16, 4th floor
FI-90100 Oulu
Suomi Finland

Controller’s Contact

Please contact us at contact@vividworks.com.

Purpose of the Register and Data processing

The purpose of Register data is to enable VividWorks to contact individuals that has actively contacted VividWorks about the services of the company (“Website”).

Controller is not using any automated decision making or profiling processing Data.

Data processing based on consent by the Data Subject or on important interest by the Controller

Distribution of Data by a person (“Data Subject”) is always based on a voluntary act by the Data Subject. Consent by the Data Subject will be given when the Data Subject completes the registration.

Register’s personal data and processing

Data Subjects are existing or future customers of Controller.

Controller collects, stores and processes the direct and indirect Data of a Data Subject for use of sales and marketing.

Controller may process the following direct personal data:

  • Company/organization name
  • First and last name
  • Phone number(s)
  • E-mail address

Controller may process the following indirect Data that may identify a Data Subject:

  • IP-address the Website is accessed from
  • City, region and country the Website is accessed from
  • User session length and time of it
  • Used client technology including, but not limited to, web browser make, version, type and operating system
  • Client hardware information
  • Cookies

Website expects cookies to be allowed in a client application. Cookies are used to identify a user during a session, to assist with use of Website and for analytic tools. A user has the option to decline usage of cookies and access to client resources but this might limit or completely prevent operation of Website.

Website uses 3rd party hosting and technologies to enable the delivery of the Website. Used 3rdparty services and technologies may collect indirect personal data.

Website does not store, process or collect any sensitive personal data.

Regular sources of information

Register consists of contact information, where data is entered by a Data Subject upon voluntary registration.

Controller stores and processes collected data for an indefinite period and for purposes stated in this statement. Personal Data in the register can be updated upon on request and archived or removed completely when needed.

Regular admitting of data and moving data

Data Subject’s data is not authorized to other parties without permission, unless officials or law demand so. Personal Data is kept and processed in the European Union.

Data Subject’s data may be transferred outside of the European Union by Controller.

Principles of Register protection

Register is managed with care and data used with information systems is being protected appropriately. Personal Data is stored in servers and physical and digital security of hardware is taken care of appropriately. Controller takes reasonable security measures to help protect against loss, misuse, unauthorized access and unauthorized disclosure or alteration of the Personal Data under its control.

Register is protected with usernames, passwords and with other demilitarized zone access restriction methods.

Register is backed up regularly.

Data Subject’s rights

Rights of the Data Subject according European Union’s General Data Protection Regulation.

Right to transparent information of Data processing: A Data Subject has the right to get information on his/her Data included in the Register from the Controller.

Right to get access to Data: A Data Subject has the right to get a copy of his/her Data included in the Register from the Controller.

Right to rectification of Data: In case of incorrect or inaccurate Data, the Data Subject may claim correction of the Data.

Right to be forgotten: Data Subject has the right to be forgotten and have his/her Data in the Register to be deleted.

Right to restriction of processing: Data Subject has the right to object to processing of Data and restrict processing of it.

Right to move Data from a system to another: Data Subject has the right to receive Data in digitally readable form if this is technically possible.

Right to cancel the consent at any time: Data Subject has right to cancel his/her consent at any time.

Right to file a complaint: Data Subject has the right to file a complaint to an authority in the country where he/she lives in or is working in, or where an alleged breach of Data has occurred.

Other

This statement does not concern any services provided by other enterprises, organizations or persons for which the user may have access via Website.

This statement can be changed at any time without prior notice.