Privacy policy

This privacy statement applies to the Liidimedia.fi website and the functionalities it enables. This privacy statement was last updated on December 10, 2023.

Data Controller The data controller of the register is Liidimedia Ltd. (business ID 2769711-9)

1. Contact person for register matters is:

Sami Pekkanen

Liidimedia Ltd.

Address: Finlaysoninkuja 3, 33210 Tampere, Finland

Email: myynti+privacy@liidimedia.fi

2. Purpose of Processing Personal Data

Personal data is processed for the purposes related to the management, administration, and development of customer relations, providing and delivering services, as well as for purposes related to the development and billing of services. Personal data is also processed for the purposes required to resolve any complaints and other claims.

Additionally, personal data is processed in communications aimed at customers such as information dissemination, news purposes, and marketing, which includes processing personal data for direct marketing and electronic direct marketing purposes.

Customers have the right to prohibit direct marketing targeted at them.

The data controller processes the data itself and utilizes subcontractors acting on behalf of and for the account of the data controller for processing personal data.

4. Legal Basis for Processing

The legal bases for processing personal data are the following under the EU General Data Protection Regulation (also referred to as "GDPR"):

the data subject has given consent to the processing of their personal data for one or more specific purposes (GDPR Art. 6(1)(a));

processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract (GDPR Art. 6(1)(b));

processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party (GDPR Art. 6(1)(f)).

The aforementioned legitimate interest of the data controller is based on the relevant and appropriate relationship between the data subject and the data controller, resulting from the data subject being a customer of the data controller, and when the processing is carried out for purposes that the data subject could reasonably expect at the time of data collection and in connection with the relevant relationship.

5. Data Content of the Register (groups of personal data processed)

The register contains the following personal data about all data subjects as a basis:

basic personal and contact information: [first name, last name, address, phone number, email address];

information related to the person's business or other organization and the person's position or job title within that business or organization;

the person's permissions and prohibitions regarding direct marketing.

6. Regular Sources of Data

Personal data is collected from the data subject themselves.

Personal data is also collected and updated within the limits of applicable law from generally available sources related to the implementation of the customer relationship between the data controller and the data subject, and which enable the data controller to fulfill its obligations related to maintaining customer relationships.

7. Retention Period of Personal Data

Data collected in the register is retained only as long as and to the extent necessary in relation to the original or compatible purposes for which the personal data was collected.

The need for data retention is evaluated every 6-48 months; in any case, data concerning a data subject is removed from the register 5 years after the end of the customer relationship with the data controller, and after the obligations and actions related to the customer relationship have been completed. For example, accounting vouchers are retained for five years after the end of the fiscal year.

The data controller regularly evaluates the necessity of data retention according to its internal guidelines. Additionally, the data controller takes all reasonable measures to ensure that inaccurate, incorrect, or outdated personal data are deleted or corrected without delay.

8. Recipients of Personal Data (recipient groups) and Regular Disclosures of Data Personal data is not disclosed to external parties.

9. Transfer of Data Outside the EU or EEA Personal data included in the register is not transferred outside the EU or EEA.

10. Principles of Register Protection

Materials containing personal data are stored in locked premises, accessible only to designated persons who are authorized to access due to their duties.

The database containing personal data is on a server stored in a locked space, accessible only to designated persons who are authorized to access due to their duties. The server is protected with an appropriate firewall and technical safeguards.

Access to databases and systems is granted only through individually assigned user IDs and passwords. The data controller has restricted access rights and authorizations to information systems and other storage platforms so that data can be accessed and processed only by persons necessary for lawful processing. In addition, the use events of databases and systems are recorded in the data controller's IT system log files.

Employees of the data controller and other persons involved are committed to confidentiality and to keeping secret the information obtained during the processing of personal data.

11. Rights of the Data Subject

The data subject has the following rights under the EU General Data Protection Regulation:

the right to obtain from the data controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information: (i) the purposes of processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the right to request the data controller to rectify or delete the personal data or restrict the processing of personal data concerning the data subject, or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where the personal data are not collected from the data subject, any available information as to their source (GDPR Art. 15). These basic details (i)-(vii) are provided to the data subject on this form;

the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (GDPR Art. 7);

the right to request that the data controller rectify without undue delay any inaccurate personal data concerning the data subject and the right to have incomplete personal data completed, including by means of providing a supplementary statement, taking into account the purposes for which they were processed (GDPR Art. 16);

the right to have the data controller delete personal data concerning the data subject without undue delay, provided that (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing; (iii) the data subject objects to the processing on grounds relating to their particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to processing for direct marketing purposes; (iv) the personal data have been unlawly processed; or (v) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject (GDPR Art. 17);

the right to obtain from the data controller restriction of processing where (i) the data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (iii) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or (iv) the data subject has objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject (GDPR Art. 18);

the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, if the processing is based on consent referred to in the Regulation and the processing is carried out by automated means (GDPR Art. 20);

the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to them infringes the EU General Data Protection Regulation (GDPR Art. 77).

Requests for exercising the rights of the data subject are addressed to the contact person mentioned in section 1.

12. Web Analytics

The following services collect anonymized information about visits to the pages without personal data:

Google Analytics

13. Targeted Marketing

Based on visits to the pages, we may conduct targeted advertising in the following services:

Google Ads