This Privacy Statement (hereinafter "Statement") informs you how Orchidea Innovations Oy collects, processes and discloses personal data in connection with Orchidea online Services (hereinafter “Service”), its sales and marketing database, personnel, job applicants, in use of website www.orchideainnovations.com and other Orchidea websites and other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with Orchidea Innovations Oy.
1. Data Controller and Register
The data controller in accordance with the applicable data protection law is Orchidea Innovations Oy (hereinafter "Orchidea", "we", "us" or "our"). Orchidea is responsible for ensuring that your personal data is processed in compliance with this Statement and applicable data protection laws.
Contact details of the data controller:
Orchidea Innovations Oy
Business ID: 3021829-7
Address: Kaikukatu 4 B, 00530 Helsinki
Name of the person responsible for data protection:
Phone number: 040 5069443
Address: Kaikukatu 4 B, 00530 Helsinki
2. Collection of personal data
Your personal data can be collected through different means. Primarily, we collect and process personal data, which
- is provided by you when you contact us or do business with us, e.g. subscribe to email updates from our blog, download our ebooks or contact us requesting an offer or information
- is obtained when we are managing the customer relationship related to customers of the Service
- is generated when using the Service or visiting our website
- is obtained from other sources, where permitted by applicable law, e.g. Trade Register, Population Information System, The Business Information System, Post’s address information system, LinkedIn or other social media channels
- is collected from website visitor with Google Analytics and HubSpot services
- is obtained from employees and job applicants
You are not required to provide any personal data to us, but if you decide to do so, it is possible that we will not be able to provide service to you.
The personal data we collect and process includes e.g. the following categories of data:
- basic information, such as name, title and your relation to a company you represent and contact details (email, address and phone) as well as language preference
- information relating to customer relationship, such as Service and order details, payment details, billing information, marketing permissions and prohibitions
- customer interaction and related correspondence and entries on the use of individuals’ rights
- personal data generated in connection with the use of our Service or collected data while browsing our website e.g. user IDs, passwords, authentication details
- log data on the usage of Service, data collected by means of cookies and similar technologies through websites (device ID and type, operating system and application settings)
- contact information relating to the employee or applicant; job applicant’s application, resume and reference details received with the applicant’s consent; data required for paying salaries; data required to fulfill rights and obligations relating to the employment; certain special categories of data relating to the employee like data relating to health, but solely for complying with legal obligations of the employer
- other data, which is based on your consent and defined in detail on a case by case basis.
3. Register's Purpose and Legal Basis for Processing Personal Data
We only collect and process personal data, which is needed for operational purposes, customer care and relevant commercial purposes. We make sure that we always have at least one condition required by law to collect and use your personal data. We may process your data on a several different bases.
Your personal data is processed for the following purposes:
3.1 Service Provisioning and Managing Customer Relationship
The primary purpose of processing personal data is to provide and deliver the Service to you or to the company you represent. To do so we manage and maintain the customer relationship between us and you or the company you represent. In this case, our processing of personal data is based on the contract between you or the company you represent and us.
We may contact you to inform you about new features of the Service or to promote and sell other services. We may use your personal data also for market research and customer surveys. Processing of personal data is based on our legitimate interest to provide information as part of the Service and to promote our other services to you. You may object to processing of your personal data for direct marketing at any time.
3.3 Service Development, Information Security and Internal Reporting
We also process personal data to take care of the information security of the Service and the website, to improve the quality of the Service and the website as well as to develop the Service. We may also generate internal reports based on personal data to provide relevant information to our management to operate our business appropriately. In these cases, the processing of personal data is based on our legitimate interest to ensure that our Service and our website have an adequate level of information security and that we have sufficient and appropriate information at hand to develop our Service and to manage our business.
3.4 Human Resources Management
Personal data relating to employees and job applicants are mainly collected and used for human resources management purposes, fulfilling rights and obligations relating to employment contracts, meeting legal requirements relating to employment as well as evaluating and selecting candidates for open positions.
3.5 Other Purposes You Have Consented to
We process your personal data also for other purposes, if you have consented to such processing.
4. Personal Data Transfers and Disclosures
We may also disclose personal data to third parties:
- when permitted or required by law, e.g. to comply with request by competent authority or related to legal proceedings
- when our trusted service providers process personal data on behalf of us and under our instructions; we always secure the appropriate use of your personal data
- if we are involved in a merger, acquisition, or sale of all or a portion of our assets
- when we assess that disclosure is necessary to protect our rights, protect your safety or safety of others, investigate fraud, or respond to a request of the authority
- with your consent to parties the consent relates to
5. Transfers of personal data outside the EU or EEA
We can transfer personal data outside the EU or the European Economic Area when our partner carrying out a commission is located outside this area. In such cases, we ensure the appropriate protective measures to ensure the rights and freedoms of data subjects in accordance with the applicable data protection legislation, such as the EU’s General Data Protection Regulation (2016/679).
To learn more about cookies, please see info.orchideainnovations.com/cookies
7. Retention of personal data
Personal data is retained only for as long as necessary to fulfill the purposes defined in this Statement.
Personal data is retained during customer relationship. Personal data may also be retained to the extent necessary after the end of the customer relationship, if allowed or required by applicable laws. For example, after the end of the customer relationship we typically store personal data that are necessary to response on requests or claims under applicable provisions concerning statute of limitations, or we may store your personal data, to the extent necessary, to respect your request not to receive direct marketing from us.
When retention of personal data is no longer required by law or rights or obligations by either party, personal data will be deleted.
8. What rights do you have?
You have a right to access your personal data. You may ask to correct, update or remove your personal data at any time. However, please note that certain information which is strictly necessary for fulfilling the purposes defined in this Statement or which is required by law, cannot be removed.
You have a right to object or restrict processing of your personal data to the extent required by applicable data protection law.
If our processing of your personal data is based on a consent, you have a right to withdraw the consent at any time. We will no longer process your personal data on the purposes consented, unless there is another legal ground available for processing.
You can execute your rights by sending the above-mentioned requests to us at email@example.com
If you think that the processing of your personal data is not appropriate, you have a right to contact Data Protection Supervisor. You can find contact details of Data Protection Supervisor here: blog.varonis.com/gdpr-data-protection-authority-supervisory-listing/.
9. General Principles of Personal Data Use and Protection
We carry out the appropriate measures (including physical, digital and administrative measures) to protect personal data against loss, destruction, misuse and unauthorized access or disclosure. We limit access to personal data to only such individuals, who need the information in their work tasks. All data processors have the obligation to observe secrecy.
10. Changes to this Statement
We have the right to change this Statement. If we make any changes to this Statement, we will let you know it on our website at www.orchideainnovations.com, where you can also find the latest version of this Statement.
11. Contact us
If you have any questions regarding this Statement or the personal data we process about you, please contact us at firstname.lastname@example.org