Avidly Plc – Privacy Statement

General

This Privacy Statement describes how Avidly Plc (hereinafter “Avidly”) processes the personal data of the natural persons who use its services in their own activities. This Privacy Statement applies to all of Avidly’s business processes and websites, areas of operation, mobile solutions, cloud services, and other services offered by Avidly. Unless otherwise separately stated, this Privacy Statement also applies to the processing of personal data carried out by other companies belonging to Avidly group. 

Avidly’s websites and other services may furthermore, from time to time, include links to the social networks of third parties. Such social networks of third parties, and any processing of personal data occurring through them, are subject to the privacy statements of the third parties in question.

This Privacy Statement pertains to the processing of personal data carried out by Avidly when Avidly – or a company belonging to the Avidly group – is the controller. We always process your personal data only to the extent necessary for the delivery of our services, and always in accordance with the applicable legislation.

By providing us with your personal data, you indicate that you have read and are aware of the processing methods and terms applicable to the processing of personal data pursuant to this Privacy Statement. If you do not accept the processing principles described in this Privacy Statement, please do not provide us with your personal data.

Controller

Unless otherwise separately stated, the controller with regard to the personal data processed pursuant to this Privacy Statement is:

Avidly Plc
Business ID: 2018481-2
Address: Konepajankuja 1, 00510 Helsinki, Finland
Tel. +358 10 231 9000
Email: gdpr@zeelandfamily.fi

And/or (on a case-by-case basis):

The company belonging to Avidly group to which you have disclosed your personal data or from which you have received marketing communications.

If you are unsure who the controller is in terms of your personal data, you can contact Avidly by using the contact details provided in this Privacy Statement.

Person responsible for the processing of personal data

Sami Savolainen
IT Manager

Avidly Plc
Konepajankuja 1
00510 HELSINKI
FINLAND

Tel.  +358 10 231 9000
Email: gdpr@zeelandfamily.fi

Purpose of and legal basis for personal data processing

Avidly processes personal data for the following purposes:

Customer relationship management

Avidly processes the personal data it collects primarily for the purpose of delivering and producing those Avidly services which the person has subscribed to or ordered, or which the person has registered for as a user. The personal data is processed for the management and analysis of the relationship with the customer – or some other appropriate connection – along with the production of services, business development and planning, as well as opinion and market research and customer communication, which may also be implemented digitally and in a targeted manner.

Marketing

Avidly may also process the personal data it collects for marketing purposes, provided that the person in question has given their consent to this or, in certain cases, has not separately forbidden it. The person has, at any time, the right to withdraw their consent for the use of their data in marketing purposes either by using the contact details provided in this Privacy Statement or by exercising the opt-out possibility given in the marketing communications (such as a ‘Unsubscribe’ link).

Avidly does not sell or disclose the personal data it processes to third parties for the marketing purposes of these parties, unless the person in question has given their separate consent to this. Avidly’s marketing measures carried out on behalf of other controllers in its capacity as a processor for these controllers are described below.

Legal basis for processing

Avidly processes your personal data on varying legal bases, depending on whether Avidly is the controller or processor with regard to your personal data. When Avidly itself is the controller, the processing of your personal data is based on either a) the implementation of the agreement on the Avidly services which the data subject has ordered from Avidly, b) the implementation of Avidly’s legitimate interests related to the data subject’s customer relationship, or c) the consent provided by the data subject. When Avidly serves as a processor to its corporate customer which is the controller, Avidly’s processing of your personal data is based on the agreement between Avidly and the controller on the order of services.

The provision of personal data to Avidly is not primarily a condition for the agreement or the delivery of services. If this is nevertheless the case and Avidly cannot, for instance, implement the services you have ordered without your personal data, the provision of this data is separately indicated as being required. A failure to provide such data, indicated as required, may prevent Avidly from delivering the services you have ordered or limit their delivery to a considerable degree.

Personal data subject to processing

Avidly may process the following personal data, among others, for the purposes of customer relationship management and marketing:

  •    first and last name
  •    contact details (postal address, telephone number, email address)
  •    the start and end date of the customer relationship and/or appropriate connection as well as the method by which it started and ended
  •    direct marketing opt-ins and opt-outs
  •    business ID (businesses)
  •    information pertaining to the use of digital services and contents (e.g. subscriptions to newsletters)
  •    information related to marketing and sales promotion, such as marketing measures targeted at the data subject and participation in them

In addition, Avidly may process, in connection to the management of customer relationships, the following data on persons who have bought a product and/or service:

  •    customer number
  •    business ID
  •    invoicing details
  •    contact people (name, phone number, email)
  •    information related to the management of the customer relationship or other appropriate connection and communication as well as categorisation (e.g. information on the products and services bought or cancelled, delivery information, feedback, complaints and the recording of customer service events such as phone calls, emails and support messages)

Regular information sources

The personal data of data subjects is collected primarily directly from the data subjects themselves when, for instance, data subjects themselves disclose their personal data in connection to subscribing to a newsletter, through various Avidly services used by the data subjects, and in connection to different marketing measures, such as marketing prize draws or competitions and events.

Furthermore, personal data may be collected and updated from the registries of our partners and from companies providing services pertaining to personal data, to whom a data subject has given their consent for the disclosure of their personal data. Third parties of this kind, from whom Avidly may collect data related to the data subjects, can include various companies providing credit references and address data.

Regular disclosure of data

Avidly discloses personal data only in cases and to the extent to which is necessary for the proper delivery of services. Avidly always complies with appropriate protective measures to ensure the protection of personal data in connection to disclosures.

Avidly may occasionally have to disclose the personal data it processes to competent authorities or other equivalent parties in the manner required by said competent authorities or other parties pursuant to valid legislation.

In the event that we dispose of, merge or otherwise reorganise our business operations, or acquire new ones, the personal data of users may be disclosed to the buyer or potential buyers and their advisers.

Data can be disclosed to partners selected by Avidly and to service providers who process the data on behalf of the controller on the basis of a cooperation agreement between the parties. In such cases, Avidly always ensures that the partners and service providers participating in the processing of personal data are contractually bound to comply with confidentiality and data protection and that the personal data is processed solely for Avidly’s purposes described in this Privacy Statement. 

In addition, Avidly regularly discloses data internally, within the companies belonging to Avidly group. Some of the companies belonging to Avidly group are also located outside Finland, due to which the data may also be disclosed and processed beyond the borders of Finland. The companies belonging to Avidly group are not, however, located outside the EU or the EEA.

Transfer of data outside the EU or the EEA

We do not, as a rule, transfer data outside the EU or the EEA. In some situations (such as where our service provider or servers are located outside the EEA) we may nevertheless also have to transfer the personal data we have collected to non-EEA countries, in which the level of data protection has not necessarily been found to be adequate by the European Commission (such as the United States). 

If we transfer data outside the EU or the EEA to countries with an inadequate level of data protection, we ensure the personal data’s adequate level of data protection by, among other things, agreeing on matters related to the confidentiality and processing of personal data as required by legislation, such as by using standard contractual clauses adopted by the European Commission or by means of other equivalent protective mechanisms. The European Commission’s standard contractual clauses are available on the European Commission’s website, and you can request a copy of the other transfer bases by contacting Avidly.

Protection of personal data

We use any necessary and appropriate technological and organisational information security measures to protect personal data against unauthorised access, disclosure, destruction or other unauthorised use. Such measures include the use of firewalls and secure hardware facilities, appropriate physical access control, the managed granting of access rights and the monitoring of their use, the employment of encryption technologies, training the personnel participating in the processing of personal data, and the careful selection of subcontractors.

Storage period of personal data

Avidly stores your personal data only for as long as they are needed for the aforementioned purposes of use or the fulfilment of statutory obligations. When the personal data we have collected is no longer needed, we destroy or erase it in a secure manner.

Data subject’s rights and exercising them

Data protection legislation guarantees data subjects several rights with regard to their personal data, which Avidly has also undertaken to implement. Among other things, the user of Avidly’s services has the right to check the personal data stored on them and to request a copy of the personal data collected on them. When the processing of the personal data of an Avidly user is based on the user’s consent, the user has the right to withdraw the consent they have given at any time.

At the request of a user, we will rectify, erase or complete any personal data erroneous, unnecessary, incomplete or outdated in terms of the processing purpose.  Users also have the right to request the erasure of their personal data (what is referred to as the right to be forgotten) if the processing has been based on the user's consent and the user withdrawn their consent; the user’s personal data has been processed illegally; or if the user objects to the processing of their personal data and there are no legitimate grounds for the processing.

In some cases, the user also has the right to request the restriction of processing, object to the processing, and to request the data’s transmission from one system to another, or to another controller. Users may have this right in a situation where there is no longer a legal basis for the processing, but in which, in lieu of the data’s erasure, the user merely wants to restrict the processing, or when the processing has been based on consent and has been automatic.

Users have the right to file a complaint with a competent supervisory authority concerning the processing of a user’s personal data carried out by Avidly, should the user perceive Avidly not to have processed the user’s data as required by the applicable data protection legislation, or if the user’s requests related to their rights guaranteed by law have not been implemented appropriately. You can find the contact details of all competent data protection authorities in EEA countries here.

If you wish to exercise one of the aforementioned rights guaranteed to you by law, you can do so by contacting Avidly (or, depending on the case, the company belonging to Avidly group serving as the controller) through the contact details provided in this Privacy Statement. In some cases, Avidly may have to request further information from you to ensure that you are the person you claim to be. In the event that Avidly serves merely as the processor of another controller in respect of your personal data, Avidly will instruct you to contact the controller in question in relation to your requests. In terms of some services, Avidly also offers you the possibility to check, modify, and erase your own data by signing in to Avidly’s user portal.  If you are provided with such an opportunity, Avidly recommends that you primarily update your data through the user portal in question.

Automated data collection

Avidly employs widely used digital marketing methods and tools to gather data on your movements on our websites. This data is collected to improve the usability and content of our website, target advertising, and marketing as well as to investigate the interests of visitors. For the most part, such data is gathered with the help of cookies (see below) and does not allow for attribution to a person.

Cookies used by Avidly

We use cookies on our website to gain a better understanding of the kind of content visitors to our pages are interested in. Cookies are small text files which a browser saves on the user’s terminal device. Cookies include an anonymous unique identifier which allows us to identify and count the various browsers visiting on our pages. Cookies do not move about on the network on their own; rather, they are placed on a user’s terminal device only on a website called up by the user. Only the server which sent the cookie can subsequently read and use it. Cookies or other technologies do not harm users’ terminal devices or files, nor can cookies be employed in the use of programs or the spread of malware.

JavaScript and server logs allow us to collect information on how and when our services are used, including the page through which a user has entered our service, which of our websites the user has browsed and when, which browser the user employs, what the resolution of the user’s screen is, which operating system they have and the version thereof, as well as on IP addresses. 

Cookies and other equivalent technologies are used for the purposes of analysing our services and their further development in a direction that better serves users. Among other things, these technologies make it possible for a user not to have to enter their user ID, password, and personal preferences again every time they visit a page.

We use cookies and other equivalent technologies in the statistical monitoring of our services’ visitor numbers and to measure the impact of advertising. We may collect information on marketing emails and newsletters, for example, to find out whether the messages have been opened and acted upon. To improve the usability of our website, we may engage in short-term research in which we may also record information on a user’s mouse movements and clicks on a particular webpage.

We use both session-specific cookies, which are stored only for the duration of your visit at the time in question, and permanent cookies, which are stored for longer periods of time and across a number of browsing occasions. Some of these cookies are the cookies of the operator which controls the website you are visiting (such as Avidly), while others are the cookies of third parties offering their services on the website (such as analytics companies). You can find further information on the cookies used on Avidly’s website through your browser’s cookies settings.

You can block cookies or remove them from use or manage them in other ways through your browser settings. It is nevertheless advisable to note that blocking the use of cookies may have an effect on some of the website’s functionalities and that, following the block, you may not necessarily be able to take advantage of all the features on our website.

Changes to Privacy Statement  

Avidly develops its business continuously and therefore reserves the right to change this Privacy Statement by notifying users of such changes via its services. The changes may also be based on changes in legislation. If we make changes to the Privacy Statement, we will publish the amended statement and the date of the changes on this website. Because of this, we advise our users to check for an up-to-date Privacy Statement on our website on a regular basis.

Should we make material changes to the Privacy Statement, in which case our privacy protection policy changes in a material way, we can also announce the matter in other ways, such as via email or by publishing a bulletin on our Group’s website and/or social media pages prior to the changes’ entry into force.

This Privacy Statement was updated on 1 September 2018.

Contact us

If you have any comments or questions regarding our Privacy Statement or if you are concerned about the protection of your privacy or the use of your personal data, or if you suspect that your privacy has been infringed, please send a message to gdpr@zeelandfamily.fi. You can also send us a letter to the address Avidly Plc, Data protection, Konepajankuja 1, 00510 Helsinki, Finland.

We will handle your request confidentially and, if necessary, our representative will contact the address you have indicated. We aim to process all comments promptly and in the manner required.