Data Privacy

Record of Processing Activities from Digia's Marketing Register

1 Introduction

This is a record of processing activities for the processing of personal data on the basis of consent given to Digia. The GDPR survey determined that Digia is a controller with regard to the marketing register. The register includes the personal data of both company representatives and private individuals. Consent for marketing communications is requested from both types of data subjects.

For the management of joint projects and reporting on them, data from the marketing register is shared with a number of systems containing views or copies of the register in question. Master data is stored in the CRM system. Personal data is also stored in the marketing automation system, webinar application, release distribution service and stock exchange release distribution service.

2 Controller, contact information and the Data Protection Officer

Name and contact information of the controller:
Digia Oyj, business ID 0831312-4, Atomitie 2A, 00370 Helsinki, Finland

Data Protection Officer:
Mikko Jylhä, CSO,

Register owner:
Anne Puntari, Head of Marketing, Communications and Customer Experience,

On detected/suspected information leakage, please send a notice by email to SecurityIncident (at)

3 Basis for processing personal data

The processing of personal data contained in Digia’s marketing register is based on the individual’s consent to the processing of his or her personal data.

The personal data will be stored until the data subject requests its erasure, or for a maximum of five years. If requested, personal data will be erased from the marketing register within 30 days.

Only designated users with appropriate roles have access to the register.

4 Description of the categories of personal data and their processing

We collect information so that we can provide you with the best possible user experience and personalised service. We aggregate data for profiling intended to target marketing measures and for internal reporting purposes. For instance, we may use our chat service or forms on our site to ask for information such as your name, company, email address and phone number plus additional information such as title, job title or organisation.

The information we collect using cookies helps us to find out how and for how long visitors use our site. The information includes the browser and operating system, the number of visits, visiting times and the pages used. A cookie also contains a unique identification number that allows your browser to be identified the next time you visit our site. We also track what kind of searches users make on our site and what browsers, operating systems and computers they use. We may record mouse clicks and movements, screen scrolls as well as text input on the site.

Use of cookies
We use cookies, web beacons or other third-party methods, for instance, to deliver customised content, to test the site and to search for problems pertaining to the site and to using the site.
We do not use cookies to identify you. Neither do we associate your IP address with you unless you voluntarily send us this information.  

Third-party methods
We use third-party service-providers to implement some of the data collection functions with cookies. The functions enable more personalised and engaging communication. Digia will not sell, lease or transfer individualised personal information. By using the Digia website you agree to data processing in accordance with the above. The collection and processing of data from our websites by third-party service-providers is in accordance with this privacy policy.

Automatic marketing
The automatic marketing and remarketing tools used by Digia utilise third-party cookies. When a user visits our site, an individualised cookie linked to the visit is stored on the user’s web browser. If the user discloses personal information, for instance, by filling in a contact sheet or clicking links in email messages sent by Digia, an individualised cookie is linked to the personal information.

Network marketing
Digia uses partner services to produce customised network marketing content. Service providers may add cookies or web beacons to collect information from your visit to the Digia website and to provide you with customised and engaging communication produced by Digia. The data collected by the service provider is limited to the IP address and cannot be connected to an individual.

E-mail marketing and the distribution of releases
We only share news on Digia’s products and services by e-mail with those who have given their consent. At any time, you can use a link at the bottom of the email newsletter to remove your email address from your selected distribution lists. Email messages may contain cookies and web beacons, which will let us know if you have opened, read or deleted the message.

We send releases, such as press and stock exchange releases, to those who have subscribed to our releases.

We use third-party network analytics services on Digia’s website. We use the information collected by the tool for the development and monitoring of web page use.

Links to third-party services
Our website contains links to third-party services, such as share buttons for Twitter and Facebook, through which the service providers may install cookies into the user’s device. The further use of such cookies is beyond Digia’s control.

5 Description of the categories of recipients of the data

Digia does not disclose personal data from the marketing register to third parties.

6 Information on the transfer of personal data to outside the European Union or European Economic Area

The data are stored within the EU/EEA area. Each transfer of data will be evaluated individually.

The marketing automation system’s support service is located outside of the EU, in the United States. The marketing automation system supplier is Privacy Shield certified.

The webinar application’s support service is located outside of the EU, in the United Sates. The webinar application supplier is Privacy Shield certified.

With regard to the transfer of personal data to outside of the EU and European Economic Area, Digia complies with Directive 95/46/EC of the European Parliament and of the Council and other valid national and international regulations.

7 Description of the storage and deletion of personal data

The personal data will be stored until the data subject requests its erasure, or for a maximum of five years.  If requested, personal data will be erased from the marketing register within 30 days.

8 Description of technical and organisational security measures taken in accordance with Article 32

Personal data collected on the basis of content is processed and maintained in accordance with Digia’s quality system, the data security guidelines included in the system, and Digia’s data protection policy. Digia trains all of its employees in the use of the guidelines (mandatory courses and orientation), and the quality of operations is supervised through internal audits and audits conducted by our software service customers.

Digia's data security and data protection policies are part of Digia's quality system. We will be happy to provide additional information and documentation on the above (data security procedures, data protection policy).

Use of the register requires a personal username and password. The access rights to the register are personal.

9 List of Sub-Processors used for the processing of personal data

Digia uses sub-processors for the processing of personal data.

10 Reports on audits

The register has not been audited by the supervisory authority.

11 Rights of data subjects

1.    Data subjects have the right to request access to their personal data from the controller, the right to ask for the rectification or erasure of their data, the right to request the restriction of processing or object to the processing, and the right to data portability. Please address queries to PrivacyQuery (at)

Enclose the following information to your query:

    • information by which you can be identified (at minimum, the e-mail address to which you have subscribed the newsletter)
    • the role in which you are contacting us (tell us whether you are Digia’s current or former employee, job applicant, customer or employed by our customer, recipient of Digia’s marketing communications and e-mail newsletters, or other equivalent)
    • whether you wish to know what data Digia has collected on you
    • whether you would like to rectify the data Digia has collected on you
    • whether you wish to withdraw your consent for receiving Digia’s customer communications

2.    Data subjects have the right to withdraw their consent at any time. Please address the withdrawal request to PrivacyQuery (at)

3.    Data subjects have the right to file a complaint with the supervisory authority (see

4.    The processing of the register is based on the consent given by the data subject.  

5.    The data subject has the right to be informed of the existence of automated decision-making, such as the profiling referred to in Article 22, paragraphs 1 and 4, and, at least if such decision-making exists, of the essential details of the logic involved in the processing, along with the significance and possible consequences of the automated processing for the data subject.  

6.    If Digia intends to process the personal data further for other purposes than those for which it was collected, Digia will notify the data subject of this other purpose and provide all relevant additional information before beginning such further processing.