Privacy Notice



1. Introduction

This privacy notice describes how Digia Plc and its Group companies (collectively “Digia” and “we”, “us”, “our”) process personal data in connection with the use of this website (“Website”) and in marketing activities. This privacy notice also applies to Digia’s processing of the personal data of the representatives of its partners (including service providers, subcontractors and customers) and of visitors at Digia’s business locations. The privacy notice also describes the general data protection principles observed by Digia in its operations and explains your rights to your personal data as the data subject.

This privacy notice is available on Digia’s website. The notice has been last updated on 14th October 2019. As we may update the privacy notice from time to time, we recommend revisiting it regularly. If we make substantive changes to the privacy notice or add new purposes of processing, for example, you will be notified of the changes in advance.


2. Controller’s information

The primary controller of personal data processed in accordance with this privacy notice is:

Digia Plc, business ID 0831312-4
Address: Atomitie 2 A, 00370 Helsinki, FINLAND
Tel.: Exchange, +358 (0)10 313 3000

Data Protection Officer: Digia Plc Data Protection Officer, dpo(at)digia.com

In addition, companies belonging to Digia Group act as joint controllers with Digia Plc in so far as said companies process the same personal data in their marketing activities or use the same data systems as Digia Plc. The contact information of companies in the Digia Group are listed here. All Digia Group companies comply with the same data protection principles as those described in this privacy notice.

In matters related to your personal data processed under this privacy notice, contact PrivacyQuery(at)digia.com.

If you suspect a data breach, please contact us at SecurityIncident(at)digia.com.


3. Categories of personal data and legal basis of processing

Under data protection legislation, personal data means any information relating to an identified or identifiable natural person. Digia processes your personal data in connection with our marketing activities or when you visit our websites. However, we always take care to ensure that all our processing is performed under a valid legal basis. The table below lists the categories of personal data that we process and the legal bases for their processing.


A. Newsletter and marketing communications

Category of personal data Legal basis of processing
Name (first and last name)


Consent

Digia’s legitimate interests on the basis of a customer relationship or prospect (corporate communications)

Contact information (email, telephone, address)


Consent

Digia’s legitimate interests on the basis of a customer relationship or prospect (corporate communications)

Company information (name of company, title, position, organisation)


Consent

Digia’s legitimate interests on the basis of a customer relationship or prospect (corporate communications)



B. Information collected in connection with contacts and information requests

Category of personal data Legal basis of processing
Name (first and last name)


Compliance with Digia’s legal obligations (identifying the party making the information request)

Digia’s legitimate interests on the basis of executing the user’s request

Email

Compliance with Digia’s legal obligations (identifying the party making the information request)

Digia’s legitimate interests on the basis of executing the user’s request

Possible other identifying information


Compliance with Digia’s legal obligations (identifying the party making the information request)

Digia’s legitimate interests on the basis of executing the user’s request



C. Information collected in the course of using the website

Category of personal data Legal basis of processing
Browser and operating system information (IP or MAC address, cookie ID, visited pages, dates and numbers of visits)


Consent*

Digia’s legitimate interests on the basis of providing the service requested by the user (website functionality) (only functional cookies)

Technical usage data (browser type, operating system, mouse usage on the site, search information on the site)


Consent*

Digia’s legitimate interests on the basis of providing the service requested by the user (website functionality) (only cookies necessary for the site’s functionality)


Chat service user information (name, contact information, company information, conversation logs)


Digia’s legitimate interests on the basis of providing the service requested by the user (customer service chat)


*consent for the use of cookies is required when the cookies are not necessary for the service’s functionality


D. Personal data of cooperation partners (service providers, subcontractors, customers) – purposes other than corporate marketing

Category of personal data Legal basis of processing
Name (first and last name)


Digia’s legitimate interests on the basis of fulfilling obligations under the customer relationship

Performance of a contract between Digia and the cooperation partner (when the information is required for billing purposes or for creating user profiles, for example)

Represented company (name, business ID, address)


Digia’s legitimate interests on the basis of fulfilling obligations under the customer relationship

Performance of a contract between Digia and the cooperation partner (when the information is required for billing purposes or for creating user profiles, for example)

Role in the represented company (title, position)


Digia’s legitimate interests on the basis of fulfilling obligations under the customer relationship

Performance of a contract between Digia and the cooperation partner (when the information is required for billing purposes or for creating user profiles, for example)

Contact information (email, telephone)


Digia’s legitimate interests on the basis of fulfilling obligations under the customer relationship

Performance of a contract between Digia and the cooperation partner (when the information is required for billing purposes or for creating user profiles, for example)


Information on cooperation activities and customer feedback (conversations, opened emails, downloaded content, sales opportunities, other feedback material)

Digia’s legitimate interests on the basis of fulfilling obligations under the customer relationship



E. Visitor information at business locations

Category of personal data Legal basis of processing
Name (first and last name)


Consent

Digia’s legitimate interests on the basis of ensuring security on the premises

Represented company (name, business ID)


Consent

Digia’s legitimate interests on the basis of ensuring security on the premises

Date and time of visit


Consent

Digia’s legitimate interests on the basis of ensuring security on the premises



We primarily collect the information used for newsletters and marketing communications directly from you, for example when you fill out forms on our website or otherwise subscribe to our newsletters. If you use our chat service, we will also collect information by that means. In the case of marketing activities for corporate communications, we may also collect your personal data from other public sources, such as the website of the company you represent or public services such as LinkedIn. Corporate communications marketing is always targeted at your represented company and related to your role in the company, not to you personally.

We collect the personal data of our partners’ contact persons and visitors at our business locations mainly from the persons themselves, such as when the person fills out a registration or visitor form. We may also obtain some information from the company which the person represents, or from the visitor’s host at Digia.

More information on cookies and information collected by them is described below in the section “Cookies”.


4. Purposes of processing personal data

Digia processes the categories of personal data described above only for purposes that have been specified by Digia in advance. We process your personal data in order to provide you with the best possible user experience and personalised service.

In our marketing activities, we process personal data for various marketing purposes, such as to tell you about current or possible services to our corporate customers and of changes to the services, deliver newsletters that you have subscribed for, and communicate to our customers about other matters related to Digia’s operations. We send out announcements such as press and stock exchange releases to subscribers. In addition, we use personal data for company internal reporting within Digia. Personal data collected by means of cookies are used to optimise the use of our website and for targeting marketing activities.

The personal data of our partners’ contact persons are also used in other communications between Digia and the partner, as well as for billing and accounting purposes. The personal data of these contact persons will also be used to deliver services purchased by said partner, such as when use of the services requires that the user is created a user profile or otherwise registered for the service. We also use our partners’ information for Digia’s sales activities, such as to assess and record sales leads and opportunities.

We process the personal data of visitors at our business locations for the purpose of complying with our principles of on-premises security, such as to identify uninvited guests if necessary. Visitor information may also be used for billing purposes in situations where the visitor has attended an event for which the catering is billed based on attendance.


5. Regular transfers and disclosures of personal data

In the course of operating its Website and services and data processing, Digia uses third-party subcontractors, service providers and consultants. These third parties may, from time to time, process or other otherwise access the personal data controlled by Digia and described in this privacy notice. However, such third parties are permitted access to personal data controlled by Digia only in the event that and in so far as this is necessary to carry out the service in question. In its operations, Digia uses only the services of trusted service providers and subcontractors that are bound by agreement to comply with the data protection principles described in this privacy notice.

Digia will not sell or otherwise transfer the personal data it processes to third parties for marketing purposes.

Digia processes and stores the personal data described in this privacy notice mainly within the EU and EEA. However, some suppliers of systems or services used by Digia may be located, operate or process data in countries outside the EU and EEA, where the level of data protection may not have been deemed sufficient by decision of the European Commission. With respect to processing activities described in this privacy notice, Digia uses the following suppliers operating outside the EU or EEA:

  • The support service for our marketing automation system is located outside the EU in the United States. The marketing automation system supplier is Privacy Shield certified.
  • The support service for our webinar application is located outside the EU in the United States. The supplier of the webinar application is Privacy Shield certified.

All transfers of data are subject to a separate prior assessment. In transferring personal data, Digia complies with the national and international regulations in force at the time. This means, for example, that in safeguarding transfers of data, we comply with the necessary contractual protection measures, usually by means of adopting the European Commission Standard Contractual Clauses or an equivalent transfer protection measure.

For more information on the suppliers and service providers used by Digia in the course of processing personal data under this privacy notice and the protection mechanisms used in transfers of data, contact us at the contact information listed above.


6. Storage periods and deletion of data

We store personal data for a maximum of five years, unless the data subject requests the erasure of their personal data before this time and we are not required by compelling legislation to retain the data for a longer period. Compelling legislation that influence the storage periods of data stored by Digia include accounting and tax legislation.

Upon request, we will erase personal data from our marketing register within 30 days of receiving the request and verifying the data subject’s identity.


7. Data protection

At Digia, we take care to ensure that all personal data processed by us are appropriately safeguarded with sufficient technical and organisational measures. Personal data is processed and maintained in accordance with Digia’s quality system, the related data security guidelines and Digia’s privacy policy. Digia trains all its employees in implementing the guidelines (mandatory courses and induction), whereas the quality of actions is monitored through both internal audits, and audits performed by our software service customers.

Digia safeguards all its systems used for processing activities by various technical means, including firewalls, antivirus software, data encryption, secure server halls, and physical and technical access control management. Access to personal data files by any user requires a personal username and password. Any access rights granted are personal. Only designated users have access to the data files on the basis of their roles.

Digia's data security and privacy policies form part of Digia’s quality system. For more information and detailed documentation on our policies and procedures, contact us at the contact information listed above.


8. Cookies and third-party services

We use various types of cookies on our Website. A cookie is a small text file that our Website may store on your device. On our Website, Digia uses both technical and functional cookies and cookies by third parties. Technical and functional cookies enable the functionality of our Website and the services offered. We also use cookies to develop our services. Some cookies are so-called session cookies, which are automatically deleted from your device when you close your browser. Other cookies are stored for a longer period, such as cookies used to save the information that you have filled in online forms on our site.

You can manage and restrict all or some cookies at any time in your browser’s settings. Most browsers allow you to choose whether to restrict only cookies by third parties or all cookies. You can also delete any cookies that are stored on your device. Please note, however, that restricting cookies may affect the usability of our Website, and some of its functionalities may be blocked entirely, especially if you choose to restrict certain functional cookies.

For more information on cookies, visit http://www.allaboutcookies.org/. Please note that by opening the link, you will be transferred to a website administered by a third party.

Below, we describe in more detail the types of cookies we use on our Website.

A. Use of cookies

We use cookies, web beacons or other third-party methods, for instance, to deliver customised content, to test the site and to search for problems pertaining to the site and to using the site.

The information we collect by means of cookies helps us to find out how and for how long visitors use our Website. The information includes the browser and operating system, the number of visits, visiting times and the pages used. A cookie also contains a unique identification number (cookie ID) that allows your browser to be identified the next time you visit our Website. We also track what kind of searches users make on our Website and what browsers, operating systems and computers they use. We may record mouse clicks and movements, screen scrolls as well as text input on the Website.

We do not use cookies to identify you. Neither do we associate your IP address with you unless you voluntarily send us this information.

B. Third-party methods

We use third parties to implement some of the data collection functions of cookies. The functions enable more personalised and engaging communication. Digia will not sell, lease or transfer identifying personal information. The collection and processing of data from our websites by third-party service-providers is in accordance with our privacy policy.

C. Automatic marketing

The automatic marketing and remarketing tools used by Digia utilise third-party cookies. When a user visits our site, an individualised cookie linked to the visit is stored on the user’s web browser. If the user discloses personal information, for instance, by filling in a contact sheet or clicking links in email messages sent by Digia, an individualised cookie is linked to the personal information.

D. Network marketing

Digia uses partner services to produce customised network marketing content. Service providers may add cookies or web beacons to collect information from your visit to the Digia website and to provide you with customised and engaging communication produced by Digia. The data collected by the service provider is limited to the IP address and cannot be connected to an individual.

E. Analytics

We use third-party network analytics services on the Digia website. We use the information collected by the tool for the development and monitoring of web page use.

F. Links to third-party services

Our website contains links to external services and websites offered by third parties. These links include, for example, Twitter and Facebook share buttons. By pressing these, you will usually be moved to the service or website of the service provider in question. By opening the link, the service provider may place cookies, pixels or similar tools on your device. Any processing of personal data in connection with third party services and websites is subject to the processing principles of the third party in question, which Digia has no means of influencing. We recommend that you read the data processing principles of the relevant third parties before opening any links to third parties on our Website.


9. Rights of data subjects

Data protection legislation guarantees data subjects several rights concerning the processing of their personal data. Digia respects these rights and is committed to their implementation. The rights of data subjects are listed below. Requests for the execution of rights should be addressed to PrivacyQuery(at)digia.com. Please note that execution of some of the rights may require that certain additional legal requirements are met. Digia may also ask that the person presenting the request provide additional information to allow us to verify their identity.

  1. Data subjects have the right to request access to their personal data from the controller and receive a copy of the data;
  2. Data subjects have the right to transmit their personal data to another system in cases where processing is based on consent and carried out automatically;
  3. Data subjects have the right to request that any inaccurate, incomplete or outdated personal data is rectified or erased;
  4. Data subjects have the right to request the restriction of processing in certain circumstances, such as when Digia no longer requires the data but the data subject does not wish them to be erased but instead requests that their processing be restricted;
  5. Data subjects have the right to object, on grounds relating to their particular situation, to processing in certain circumstances, such as when processing is based on the controller’s legitimate interest and the controller cannot present more weighty grounds than those presented by the data subject;
  6. Data subjects have the right to request that the controller erase their personal data, provided that certain conditions are met (“the right to be forgotten”), such as when the personal data are no longer needed for the purpose for which they were collected, or when processing was based on consent and this consent has been withdrawn;
  7. Data subjects have the right to withdraw their consent to processing at any time; and
  8. Data subjects have the right to lodge a complaint with the competent supervisory authority. In Finland, this authority is the Office of the Data Protection Ombudsman (see tietosuoja.fi/en).

Include the following information in your request:

  • Information that allows us to identify you (such as full name, email address or similar)
  • The role in which you are contacting us (current or former Digia employee, job applicant, customer or a member of our customer’s personnel, subscriber to our newsletter or other similar party)
  • Which of the legal rights listed above you wish to exercise.