Privacy statement

1. Controller

Silverskin Information Security Oy
Business ID 2296092-6
Meritullintori 3, 00170 Helsinki

2. Communication regarding privacy matters

For all questions related to the processing of personal data and situations related to the exercise of your rights, data subjects should contact the controller in writing by sending an email to address privacy@silverskin.fi.

3. Name of the register

Asiakas- ja markkinointirekisteri

4. Basis and purpose of processing personal data

The purpose for the processing of personal data is customer relationship management, the contractual relationship between the data subject & controller, and marketing. In customer relationship management and marketing, the legal basis for the processing of personal data is the controller's legitimate interest to develop the business relationship between the data subject and the controller. Silverskin may use subcontractors to process data. Subcontracts only process data for the mentioned purposes or provide technical tools for processing the data.

5. Regular data sources

The personal data to be processed is regularly received from the following data sources:

Data subjects themselves
Trade register
Commercial entities providing contact details for companies

6. Personal data being processed

The controller only collects personal data concerning the data subjects that is essential and relevant for the purposes explained in this privacy statement.

The following data concerning the data subjects is processed:

Name, contact details (phone number, work email address, work address)
Sales data related to data subjects
Data given by data subject in contact forms
Other data given by the data subject

7. Use of cookies

This website uses cookies. Cookies are used for visitor monitoring and targeting of marketing communications. The website uses Google Analytics for visitor monitoring, Google Tag Manager for tag management and Linkedin Insight Tag for visitor analysis. Website visitor data will not be collected if the visitor declines the use of cookies.

8. Disclosure of personal data and transfers to third countries

The controller uses subcontractors who are required to process personal data as stated in current regulation and this statement. Personal data is primarily processed inside EU and the European Economic Area. Data collected with website cookies may be stored in United States if processed as defined in Privacy Shield framework.

Personal data will not be disclosed to third parties, unless the law imposes an obligation to do so. Data may, therefore, be disclosed in exceptional cases, such as to the authorities when so required by law.

9. Protection of personal data

The controller processes personal data in a manner that aims to ensure the appropriate security of the personal data, including their protection against unauthorised processing and accidental loss, destruction or damage.

The controller uses appropriate technical and organisational safeguards in order to achieve this goal; these include the use of firewalls, encryption techniques and safe equipment rooms, appropriate access control, careful management of data system user IDs, and providing instructions to the personnel participating in the processing of personal data.

All employees processing personal data have a non-disclosure obligation for matters related to the processing of personal data of the data subjects based on the Employment Contracts Act (55/2001) and non-disclosure agreements that supplement it.

10. Retention period for personal data

For customer relationship management, the data is retained for as long as necessary. For marketing, the data is deleted when requested by the data subject. If the data subject decides forbid marketing, we are required to retain the information about the request.

The controller may have the obligation to process some personal data belonging to the filing system for longer than stated above in order to comply with the legislation or authority requirements.

11. Profiling

Personal data will not be used for profiling or other automated decision-making.

12. Rights of the data subject

Right to request access to personal data

The data subject has the right to receive confirmation regarding whether personal data concerning them is being processed and, if it is, the right to receive a copy of their personal data.

Right to rectification

The data subject has the right to request that inaccurate and erroneous personal data concerning them be rectified. The data subject also has the right to supplement incomplete personal data by submitting the required additional information.

Right to erasure

The data subject has the right to request erasure of personal data concerning them if
- the personal data is no longer required for the purposes for which they were collected
- the data subject withdraws their consent which the processing of personal data was based on, and no other legal basis exists for the processing
- the personal data has been unlawfully processed

Right to restriction of processing

The data subject has the right to restrict the processing of personal data concerning them if
- the data subject contests the accuracy of their personal data
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead
- the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.

Right to object

The data subject has the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them.

The controller shall no longer process the data subject’s personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent

The data subject has the right to withdraw the consent they have provided for the processing, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to data portability

The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller.

Right to lodge a complaint with a supervisory authority

The office of the Data Protection Ombudsman, operating under the Ministry of Justice, is the national supervisory authority for personal data matters. You have the right to bring your case to the supervisory authority if you consider that the processing of personal data concerning you is in violation of applicable law.

Last update: 30.8.2023