Privacy Notice
1. Introduction
This privacy notice describes how Digia Plc and its Group companies (collectively “Digia” and “we”, “us”, “our”) process personal data in connection with the use of this website (“Website”) and in marketing activities. This privacy notice also applies to Digia’s processing of the personal data of the representatives of its partners (including service providers, subcontractors and customers) and of visitors at Digia’s business locations. The privacy notice also describes the general data protection principles observed by Digia in its operations and explains your rights to your personal data as the data subject.
This privacy notice is available on Digia’s website. The notice has been last updated on 17.5.2023. As we may update the privacy notice from time to time, we recommend revisiting it regularly. If we make substantive changes to the privacy notice or add new purposes of processing, for example, you will be notified of the changes in advance.
Digia's Recruitment Privacy Statement
2. Controller's information
The primary controller of personal data processed in accordance with this privacy notice is:
Digia Plc, business ID 0831312-4
Address: Atomitie 2 A, 00370 Helsinki, FINLAND
Tel.: Exchange, +358 (0)10 313 3000 (mpm/pvm)
Data Protection Officer: Digia Plc Data Protection Officer, dpo(at)digia.com
In addition, companies belonging to Digia Group act as joint controllers with Digia Plc in so far as said companies process the same personal data in their marketing activities or use the same data systems as Digia Plc. The contact information of companies in the Digia Group are listed here. All Digia Group companies comply with the same data protection principles as those described in this privacy notice.
In matters related to your personal data processed under this privacy notice, contact PrivacyQuery(at)digia.com.
If you suspect a data breach, please contact us at SecurityIncident(at)digia.com.
3. Categories of personal data and legal basis of processing
In marketing operations, we process personal data for various marketing purposes, such as informing our current or potential business customers about our services or any changes related to them. We also deliver ordered newsletters and communicate with our customers about other aspects of Digia’s operations. We send announcements, including press releases and stock market updates, to subscribers of our notifications. Additionally, this information is used for internal reporting at Digia. Personal data collected through cookies is also used to optimize website usage and target marketing efforts.
In addition, contact information for partner representatives is used for other communication between Digia and its partners, as well as for billing and accounting purposes. Furthermore, this contact information is utilized in delivering services ordered by the partner. For instance, if using the services requires creating user profiles or registering users, the contact details of these representatives are involved. Additionally, partner information is used for Digia’s sales purposes, including identifying and recording various prospects and sales opportunities.
Regarding individuals visiting our premises, we process their personal data in accordance with our safety principles. This allows us to verify any potential unauthorized visitors when necessary. Visitor information may also be used for billing purposes in situations where a visitor has participated in an event for which catering costs are billed based on participation.
The table below lists the categories of personal data that we process and the legal bases for their processing.
A. Newsletter and marketing communications
Category of personal data | Legal basis of processing |
Name (first and last name) |
Digia’s legitimate interests on the basis of a customer relationship or prospect (corporate communications) |
Contact information (email, telephone, address) |
Digia’s legitimate interests on the basis of a customer relationship or prospect (corporate communications) |
Company information (name of company, title, position, organisation) |
Digia’s legitimate interests on the basis of a customer relationship or prospect (corporate communications) |
B. Information collected in connection with contacts and information requests
Category of personal data | Legal basis of processing |
Name (first and last name) |
Digia’s legitimate interests on the basis of executing the user’s request |
Digia’s legitimate interests on the basis of executing the user’s request |
|
Possible other identifying information |
Digia’s legitimate interests on the basis of executing the user’s request |
C. Information collected in the course of using the website
Category of personal data | Legal basis of processing |
Browser and operating system information (IP or MAC address, cookie ID, visited pages, dates and numbers of visits) |
Digia’s legitimate interests on the basis of providing the service requested by the user (website functionality) (only functional cookies) |
Technical usage data (browser type, operating system, mouse usage on the site, search information on the site) |
Digia’s legitimate interests on the basis of providing the service requested by the user (website functionality) (only cookies necessary for the site’s functionality) |
Chat service user information (name, contact information, company information, conversation logs) |
Digia’s legitimate interests on the basis of providing the service requested by the user (customer service chat) |
*consent for the use of cookies is required when the cookies are not necessary for the service’s functionality
D. Personal data of cooperation partners (service providers, subcontractors, customers) – purposes other than corporate marketing
Category of personal data | Legal basis of processing |
Name (first and last name) |
Performance of a contract between Digia and the cooperation partner (when the information is required for billing purposes or for creating user profiles, for example) |
Represented company (name, business ID, address) |
Performance of a contract between Digia and the cooperation partner (when the information is required for billing purposes or for creating user profiles, for example) |
Role in the represented company (title, position) |
Performance of a contract between Digia and the cooperation partner (when the information is required for billing purposes or for creating user profiles, for example) |
Contact information (email, telephone) |
Performance of a contract between Digia and the cooperation partner (when the information is required for billing purposes or for creating user profiles, for example) |
Information on cooperation activities and customer feedback (conversations, opened emails, clicks, downloaded content, sales opportunities, other feedback material) |
Digia’s legitimate interests on the basis of fulfilling obligations under the customer relationship |
E. Visitor information at business locations
Category of personal data | Legal basis of processing |
Name (first and last name) |
Digia’s legitimate interests on the basis of ensuring security on the premises |
Represented company (name, business ID) |
Digia’s legitimate interests on the basis of ensuring security on the premises |
Date and time of visit |
Digia’s legitimate interests on the basis of ensuring security on the premises |
4. Sources for personal data
We primarily collect the information used for newsletters and marketing communications directly from you, for example when you fill out forms on our website or otherwise subscribe to our newsletters. If you use our chat service, we will also collect information by that means. In the case of marketing activities for corporate communications, we may also collect your personal data from other public sources, such as the website of the company you represent or public services such as LinkedIn. Corporate communications marketing is always targeted at your represented company and related to your role in the company, not to you personally.
We collect the personal data of our partners’ contact persons and visitors at our business locations mainly from the persons themselves, such as when the person fills out a registration or visitor form. We may also obtain some information from the company which the person represents, or from the visitor’s host at Digia.
More information on cookies and information collected by them is described below in the section “Cookies”.
5. Regular transfers and disclosures of personal data
In the course of operating its Website and services and data processing, Digia uses third-party subcontractors, service providers and consultants. These third parties may, from time to time, process or other otherwise access the personal data controlled by Digia and described in this privacy notice. However, such third parties are permitted access to personal data controlled by Digia only in the event that and in so far as this is necessary to carry out the service in question. In its operations, Digia uses only the services of trusted service providers and subcontractors that are bound by agreement to comply with the data protection principles described in this privacy notice.
Digia will not sell or otherwise transfer the personal data it processes to third parties for marketing purposes.
Digia processes and stores the personal data described in this privacy notice mainly within the EU and EEA. However, some suppliers of systems or services used by Digia may be located, operate or process data in countries outside the EU and EEA, where the level of data protection may not have been deemed sufficient by decision of the European Commission. With respect to processing activities described in this privacy notice, Digia uses the following suppliers operating outside the EU or EEA:
- The support service for our marketing automation system (HubSpot, Inc) is located in EU area
- The support service for our webinar application (GoToWebinar/LogMein, Inc.) is located outside the EU in the United States.
- The development, support, and integration development of customer relationship management systems (such as Dynamics D365, HubSpot, Dataplatfrom, M-Files, and Workday) can be done from outside the EU in India, Ukraine, and the United States.
All transfers of data are subject to a separate prior assessment. In transferring personal data, Digia complies with the national and international regulations in force at the time. This means, for example, that in safeguarding transfers of data, we comply with the necessary contractual protection measures, usually by means of adopting the European Commission Standard Contractual Clauses or an equivalent transfer protection measure.
6. Storage periods and deletion of data
We store personal data for a maximum of five years, unless the data subject requests the erasure of their personal data before this time and we are not required by compelling legislation to retain the data for a longer period. Compelling legislation that influence the storage periods of data stored by Digia include accounting and tax legislation.
Upon request, we will erase personal data from our marketing register within 30 days of receiving the request and verifying the data subject’s identity.
7. Data protection
At Digia, we take care to ensure that all personal data processed by us are appropriately safeguarded with sufficient technical and organisational measures. Personal data is processed and maintained in accordance with Digia’s quality system, the related data security guidelines and Digia’s privacy policy. Digia trains all its employees in implementing the guidelines (mandatory courses and induction), whereas the quality of actions is monitored through both internal audits, and audits performed by our software service customers.
Digia safeguards all its systems used for processing activities by various technical means, including firewalls, antivirus software, data encryption, secure server halls, and physical and technical access control management. Access to personal data files by any user requires a personal username and password. Any access rights granted are personal.
Digia's data security and privacy policies form part of Digia’s quality system. For more information and detailed documentation on our policies and procedures, contact us at the contact information listed above.
8. Cookies and third-party services
We use various types of cookies on our Website. A cookie is a small text file that our Website may store on your device. On our Website, Digia uses both technical and functional cookies and cookies by third parties. Technical and functional cookies enable the functionality of our Website and the services offered. In addition, we can improve our services with the help of cookies. Some cookies are so-called session cookies, which are automatically deleted from your device when you close your browser. Other cookies are stored for a longer period, such as cookies used to save the information that you have filled in online forms on our site.
You can manage and restrict all or some cookies at any time in your browser’s settings. Most browsers allow you to choose whether to restrict only cookies by third parties or all cookies. You can also delete any cookies that are stored on your device. Please note, however, that restricting cookies may affect the usability of our Website, and some of its functionalities may be blocked entirely, especially if you choose to restrict certain functional cookies.
For more information on cookies, visit http://www.allaboutcookies.org/. Please note that by opening the link, you will be transferred to a website administered by a third party.
Below, we describe in more detail the types of cookies we use on our Website.
A. Use of cookies
We use cookies, web beacons or other third-party methods, for instance, to deliver customised content, to test the site and to search for problems pertaining to the site and to using the site.
The information we collect by means of cookies helps us to find out how and for how long visitors use our Website. The information includes the browser and operating system, the number of visits, visiting times and the pages used. A cookie also contains a unique identification number (cookie ID) that allows your browser to be identified the next time you visit our Website. We also track what kind of searches users make on our Website and what browsers, operating systems and computers they use. We may record mouse clicks and movements, screen scrolls as well as text input on the Website.
We do not use cookies to identify you. Neither do we associate your IP address with you unless you voluntarily send us this information.
B. Third-party methods
We use third parties to implement some of the data collection functions of cookies. The functions enable more personalised and engaging communication. Digia will not sell, lease or transfer identifying personal information. The collection and processing of data from our websites by third-party service-providers is in accordance with our privacy policy.
C. Automatic marketing
The automatic marketing and remarketing tools used by Digia utilise third-party cookies. When a user visits our site, an individualised cookie linked to the visit is stored on the user’s web browser. If the user discloses personal information, for instance, by filling in a contact sheet or clicking links in email messages sent by Digia, an individualised cookie is linked to the personal information.
D. Network marketing
Digia uses partner services to produce customised network marketing content. Service providers may add cookies or web beacons to collect information from your visit to the Digia website and to provide you with customised and engaging communication produced by Digia. The data collected by the service provider is limited to the IP address and cannot be connected to an individual.
E. Analytics
We use third-party network analytics services on the Digia website. We use the information collected by the tool for the development and monitoring of web page use.
F. Links to third-party services
Our website contains links to external services and websites offered by third parties. These links include, for example, Twitter and Facebook share buttons. By pressing these, you will usually be moved to the service or website of the service provider in question. By opening the link, the service provider may place cookies, pixels or similar tools on your device. Any processing of personal data in connection with third party services and websites is subject to the processing principles of the third party in question, which Digia has no means of influencing. We recommend that you read the data processing principles of the relevant third parties before opening any links to third parties on our Website.
9. Rights of data subjects
Data protection legislation guarantees data subjects several rights concerning the processing of their personal data. Digia respects these rights and is committed to their implementation. The rights of data subjects are listed below. Requests for the execution of rights should be addressed to PrivacyQuery(at)digia.com. Please note that execution of some of the rights may require that certain additional legal requirements are met. Digia may also ask that the person presenting the request provide additional information to allow us to verify their identity.
- Data subjects have the right to request access to their personal data from the controller and receive a copy of the data;
- Data subjects have the right to transmit their personal data to another system in cases where processing is based on consent and carried out automatically;
- Data subjects have the right to request that any inaccurate, incomplete or outdated personal data is rectified, supplemented or erased;
- Data subjects have the right to request the restriction of processing in certain circumstances, such as when Digia no longer requires the data but the data subject does not wish them to be erased but instead requests that their processing be restricted;
- Data subjects have the right to object, on grounds relating to their particular situation, to processing in certain circumstances, such as when processing is based on the controller’s legitimate interest and the controller cannot present more weighty grounds than those presented by the data subject;
- Data subjects have the right to request that the controller erase their personal data, provided that certain conditions are met (“the right to be forgotten”), such as when the personal data are no longer needed for the purpose for which they were collected, or when processing was based on consent and this consent has been withdrawn;
- Data subjects have the right to withdraw their consent to processing at any time; and
- Data subjects have the right to lodge a complaint with the competent supervisory authority. In Finland, this authority is the Office of the Data Protection Ombudsman (see tietosuoja.fi/en).
Include the following information in your request:
- Information that allows us to identify you (such as full name, email address or similar)
- The role in which you are contacting us (current or former Digia employee, job applicant, customer or a member of our customer’s personnel, subscriber to our newsletter or other similar party)
- Which of the legal rights listed above you wish to exercise.