Select Page

Privacy policy

 

NEXTUP OY'S CUSTOMER, USER AND MARKETING REGISTER

Compiled 25.5.2018

The Data Controller may update or amend this Privacy Policy at any time and, where required by law, notify the Data Subjects accordingly. The Data Subject’s rights to data portability and/or restriction of processing have been applicable since May 25, 2018.

 

1 DATA CONTROLLER AND CONTACT PERSON

Data Controller:

NextUp Oy (hereinafter also referred to as the ”Data Controller”)
Business ID: 2698167-9
Address: Gräsantörmä 2, 02200 Espoo
Telephone: +358 10 349 3800
Email: info@quriiri.fi
www: www.quriiri.fi

Contact details for matters concerning the register:

info@quriiri.fi

2 NAME OF THE REGISTRY

NextUp Oy's customer, user and marketing register.

3 PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The purpose of processing personal data is to manage, maintain, analyze, develop, and administer customer relationships of NextUp Oy, as well as to enable communication. In addition, personal data may be processed for direct marketing, marketing, remarketing, targeted advertising, telesales, opinion and market research, and customer communications.

The register contains personal data of individuals employed by NextUp Oy’s customer companies and representatives of stakeholders (hereinafter referred to as the “Data Subject”), as described in this Privacy Policy.

The legal basis for processing personal data is the Data Subject’s consent, direct marketing purposes, or the legitimate interest of NextUp Oy. Legitimate interest is based on an existing customer relationship.

4 DISCLOSURES AND RECIPIENTS OF PERSONAL DATA

As a rule, personal data is not disclosed to third parties. However, data may be disclosed to competent authorities or other parties where required by applicable legislation.

The Data Controller may transfer data to its partners who process data on behalf of the Data Controller. In such cases, the processor is not entitled to process the data for its own purposes.

If ownership or control of the Data Controller, its business, or its products or services changes, personal data may be disclosed to the new owner or other transferee.

The Data Controller may disclose statistical or anonymized data to third parties.

Personal data is not transferred outside the European Union or the European Economic Area.

5 DESCRIPTION OF PERSONAL DATA AND DATA CATEGORIES

The register may contain the following personal data:

  • First name and surname
  • Organisation (company name) and position
  • Contact information (phone number, address, email address)
  • Cookies sent to the data subject's browser and related data
  • Subscription, billing, and delivery information
  • Customer feedback
  • IP address
  • Contact log
  • Location (country and city)
  • Browser
  • Operating system
  • Referral address
  • Other data collected with the customer's consent

6 REGULAR SOURCES OF INFORMATION

Data is primarily collected directly from the Data Subject. The Data Controller also collects data technically when the Data Subject uses the services. In addition, data may be collected and updated from authorities and companies providing data-related services.

7 RETENTION PERIOD OF PERSONAL DATA

The Data Controller regularly updates the register to ensure that it contains only relevant and up-to-date data. Personal data is stored only as long as necessary for the purposes defined and in accordance with applicable legislation. Data may be retained longer where required to fulfill statutory or contractual obligations or legal claims.

8 COOKIES

The Data Controller may use cookies to monitor website usage and for the technical implementation of services, provided the Data Subject has given consent.

Cookies are also used to improve website functionality and provide a better user experience. A cookie is a small text file stored on the user’s device by the browser. The Data Subject may withdraw consent at any time or disable cookies via browser settings. If cookies are disabled, some website or service functionalities may not work properly. Cookies may also be used for advertising targeting on quriiri.fi, koodiplus.fi, and nextup.fi. These sites may also use third-party services such as Google Analytics, Google Tag Manager, Facebook, and LinkedIn, which utilize cookies.

9 PRINCIPLES OF DATA SECURITY

Data is stored in an electronic information system protected by security software. Server infrastructure is maintained according to good maintenance practices.

Instructions on how to use the register. Access to the database containing the register data is restricted both by technology and by personal user IDs and passwords.

Access to the register and the data is restricted to specifically designated employees of the Controller.

10 RIGHTS OF THE DATA SUBJECT

10.1 Right to inspect and transfer data from one system to another

The Data Subject has the right to access personal data concerning them or to confirm that no such data exists. The Data Controller shall also inform the Data Subject of data sources and purposes of processing.

Requests must be submitted in a signed or otherwise verified document. The Data Subject has the right to receive personal data they have provided in a structured, commonly used, machine-readable format and to transfer the data to another controller where processing is based on consent or contract and carried out automatically.

10.2 Right to withdraw consent

The Data Subject has the right to withdraw consent at any time. Withdrawal must be submitted in a signed or otherwise verified document to the Data Controller’s representative.

Processing carried out prior to withdrawal remains lawful.

Where processing is based on legitimate interest, the Data Subject has the right to object on grounds relating to their particular situation.

10.3 Right to Rectification, Erasure, and Restriction of Processing

The Data Subject has the right to request correction, deletion, or restriction of inaccurate, unnecessary, incomplete, or outdated data. Requests must be submitted in writing to the contact person listed above.

Processing may be restricted if:

  • the accuracy of data is contested
  • processing is unlawful and deletion is opposed
  • data is no longer needed but required for legal claims
  • the Data Subject has objected to processing pending verification

The Data Controller will notify the Data Subject before lifting any restriction.

If the Data Controller does not accept the data subject's request for rectification, the Data Controller shall issue a written certificate to that effect. The certificate shall state the reasons why the request has not been accepted. The data subject may refer the matter to the Data Protection Ombudsman.

The Data Controller shall notify the person to whom the Data Controller has disclosed or from whom the Data Controller has received the inaccurate personal data of the correction of the data. However, there is no obligation to notify if notification is impossible or involves a disproportionate effort.

10.4 Right to Object to Direct Marketing

The Data Subject has the right to object at any time to the processing of personal data for direct marketing purposes.

11 AUTOMATED DECISION-MAKING AND PROFILING

Personal data is not subject to automated decision-making or profiling.