Privacy Policy

Data Protection

Data protection refers to safeguarding personal data. The aim of the EU General Data Protection Regulation (GDPR) is to enhance the protection of personal data, increase transparency in data processing, and give data subjects—SuomiCom’s customers—more control over how their personal data is handled. In addition, the GDPR addresses data protection challenges arising from digitalization and globalization. National data protection legislation complements and clarifies the provisions of the GDPR.

EU General Data Protection Regulation (EU) 2016/679
Data Protection Act (1050/2018)

Data Protection in SuomiCom Services

As a customer of Suomi Communications Oy (hereinafter SuomiCom), we collect your personal data only to the extent necessary for providing our services.

Personal data refers to information that can identify an individual, such as name, email address, phone number, location data, or personal identity code.

SuomiCom always has a legal basis for processing personal data. We also adhere to good data handling practices, national cybersecurity guidelines, and best practices. Personal data is processed carefully and appropriately. SuomiCom staff are trained in proper handling of personal data. Processing is monitored, and systems containing personal data are controlled.

Privacy Policy

Register

Data Controller and Contact Information:

Suomi Communications Oy, Business ID 1713769-5 Upseerinkatu 3A, 02600 Espoo

info@suomicom.fi

Customer Register

Data Subjects

Our register contains personal data of current and former individual customers and contacts within customer organizations.

Legal Basis and Purpose of Processing

The purpose of our register is to ensure correct and up-to-date management of registered customer information during the customer relationship, maintenance and development of the customer register, and handling of complaints.

The legal bases for processing personal data include:

1. Fulfillment of a contract

2. Making quotes

Types of Personal Data Processed

Primarily, the company’s customers are corporate entities. However, the information of customer companies may include personal data of their employees/contacts. The register processes customer personal and contact data as well as other necessary information related to handling the customer relationship. This data includes:

• Name

• Phone number

• Street address

• Email address

• Job title/position

• E-invoice address or billing email address

• Data generated while using our services, such as network traces, cookie data, communication metadata, and call logs for both outgoing and incoming calls

• Additional details of products, services, and connections, such as identifiers of mobile phones, fixed network devices, or other equipment, including SIM card numbers

• Customer history, e.g., contact history, service changes, or social media interactions

• Call and other recordings from customer service interactions

We do not process the content of messages or calls except as necessary for their transmission.

Regular Sources of Data

Personal data is collected from the data subject themselves or from the organizations in which they work.

User Tracking

We use Leadoo user tracking to monitor how users navigate our website and link this data to information collected through, for example, chat interactions. Leadoo uses etag tracking, which technically differs from cookie-based tracking but is subject to the same rules as cookies. See Leadoo Marketing Technologies Oy’s (https://leadoo.com/privacy-policy/) for more information on what is tracked. Under GDPR, we act as controller and Leadoo as data processor. If you do not wish to be tracked, you can clear your browser cache. For more information about how Leadoo operates, see https://leadoo.com/privacy-policy-processor/

Protection and Security of Personal Data

Digitally processed personal data is protected and stored in systems with access restricted to those who need the data to perform their work tasks. These individuals have personal user IDs and passwords. Personal data is protected from unauthorized access. Workstations and storage media used are encrypted.

Regular Disclosures and Transfers of Personal Data

Data is generally not disclosed to third parties, except where personal data must be provided to authorities. Partners, such as other telecom operators, may also need access to certain data. We also use subcontractors who process personal data on our behalf. We monitor the operations of our partners and subcontractors and ensure the security and confidentiality of processing through regular audits. Personal data is also processed when transferring invoices for collection.

Personal data is disclosed to the register administrator, who acts as the data processor. Personal data may be transferred to other service providers when switching to a new system administrator. Partners performing technical maintenance and processing on behalf of the controller may transfer personal data in accordance with applicable privacy legislation and this privacy notice. Data may be transferred outside the European Union and European Economic Area by us or our partners, while ensuring an adequate level of data protection in accordance with legal requirements.

Data Subject Rights:

Data subjects have the right to object at any time to the processing of their personal data for direct marketing purposes. They may give channel-specific consent or prohibitions regarding marketing. In addition, data subjects have the right, in accordance with applicable data protection legislation, to:

• Obtain information on the processing of their personal data

• Access their own data and review personal data processed by the company

• Request correction or completion of inaccurate or incomplete personal data

• Request deletion of personal data

• Withdraw consent and object to processing based on consent

• Object to processing based on the legitimate interests of the company related to their personal situation

• Receive their personal data in a machine-readable format and transfer it to another controller if the processing is based on consent and is automated

• Request restriction of personal data processing

Requests to exercise these rights must be made according to the Contact Information section of this privacy notice. The company may ask the data subject to clarify their request in writing and verify their identity before processing the request. The company may refuse requests based on legal grounds.

Right to Lodge a Complaint with a Supervisory Authority

Every data subject has the right to lodge a complaint with the competent supervisory authority or the authority of the EU member state where the data subject resides or works if they believe their personal data has not been processed in accordance with applicable data protection practices.

Mandatory Information

Customer basic and identification information is required to comply with contractual obligations and applicable laws, as well as to protect the company’s legal rights in complaint matters.

Consequence of Not Providing Data

A customer relationship cannot be established without providing the mandatory information.

Sources of Data

Data is also obtained from customer companies, contact forms, and subcontractors. The data provider is the customer company, which provides information about its employees or other authorized persons.

Data is also collected from external service providers selling data services.

Contact Information

Requests to exercise data subject rights, questions about this privacy notice, and other inquiries must be sent by email to: info@suomicom.fi Data subjects may also contact the company in person or by post at: Suomi Communications Oy, Upseerinkatu 3A, 02600 Espoo.

Changes to this Register Notice

This privacy notice may be updated from time to time, for example, due to changes in legislation. This notice was last updated on 31.8.2023.

CUSTOMER DIRECT MARKETING

Privacy Notice

In accordance with applicable law.

Data Controller

Suomi Communications Oy, 1713769-5. Upseerinkatu 3 A, 02600 Espoo.

Register Name

SuomiCom Customer Direct Marketing Register

Legal Basis for Maintaining the Register

In accordance with applicable law.

Purpose of the Register

The direct marketing register may be used for marketing by SuomiCom, its group companies, subsidiaries, and partners. Data subjects have the right to opt out of direct marketing or withdraw consent.

Data Contained in the Register

The register may contain the following information about potential business customers of SuomiCom:

Direct marketing consents or objections

Contact details of company representatives (name, company address, phone number, email address, title, position, responsibility within the company, and other identifying information, including customer and interaction history, contract and order information)

Information provided or recorded with consent (e.g., interests)

Regular Sources of Data

Personal data is collected from external web services, registration for marketing campaigns or competitions, online behavior, or directly from the data subject with their consent. Data may also be obtained from SuomiCom’s and affiliated company registers, trade register, population register, Marketing Association’s suppression lists, other public registers, and company websites or other public or private sources.

Data Disclosure

SuomiCom may disclose personal data within the limits permitted or required by law. Data may be transferred outside the EU and EEA, while ensuring adequate protection.

Register Security

Access to this register requires a personal login and password for SuomiCom’s customer database. Log files are collected and monitored.

Data is stored in databases protected by firewalls and other technical measures. Databases are located in secure and locked IT facilities accessible only to authorized personnel.

Retention of Personal Data

Customer data is retained in the register unless the data subject has opted out of marketing. Marketing opt-out information is retained.

The data subject has the right to object at any time to the processing of their personal data for direct marketing purposes. The data subject may give channel-specific consents or prohibitions regarding direct marketing. In addition, the data subject generally has the right, in accordance with applicable data protection legislation, at any time to:

• Obtain information on the processing of their personal data

• Access their own data and review personal data processed by the company

• Request correction or completion of inaccurate or incomplete personal data

• Request deletion of personal data

• Withdraw consent and object to processing based on consent

• Object to processing based on the legitimate interests of the company related to their personal situation

• Receive their personal data in a machine-readable format and transfer it to another controller if the processing is based on consent and is automated

• Request restriction of personal data processing

Requests to exercise these rights must be made according to the Contact Information section of this privacy notice. The company may ask the data subject to clarify their request in writing and verify their identity before processing the request. The company may refuse requests based on legal grounds.

Right to Lodge a Complaint with a Supervisory Authority

Every data subject has the right to lodge a complaint with the competent supervisory authority or the authority of the EU member state where the data subject resides or works if they believe their personal data has not been processed in accordance with applicable data protection practices.

Right to Access

Data subjects have the legal right to check what personal data is stored about them. Access requests must be submitted in writing, signed, and indicate that the request concerns personal data in the register. Requests should be sent to the address above.

Changes to this Register Notice

This register notice may be updated periodically, for example, due to changes in legislation. This notice was last updated on 19.11.2024.

Suomi Communications Oy, Upseerinkatu 3 A, 02600 Espoo