Data Protection Statement of Customer and Marketing Data File

This data protection statement applies to the customer and marketing activity for Firstbeat Technologies Oy. The statement describes how Firstbeat processes the personal data of its current and potential customer contacts as well as other users of its services in the customer relation and marketing activities.

Firstbeat commits to comply with the existing Finnish data protection and personal data legislation, including EU General Data Protection Regulation (GDPR), as well as other applicable acts and laws regarding personal data processing. Firstbeat is also committed to process personal data based on the best practises on data management and data processing. The personnel of Firstbeat are obligated to handle all personal data with strictest confidence.

Controller

Firstbeat Technologies Oy (business ID 1782772-5), address Yliopistonkatu 28 A, 40100 Jyväskylä, Finland (“Firstbeat”)

Contact person in data protection relates matters

Controller can be contacted by e-mail at support@firstbeat.com or by telephone at +358 (0)8 415 415 41. The contact person for all data protection related matters is the data protection officer Antti Hämäläinen.

Name of the data file

The customer and marketing file of Firstbeat Technologies Oy

Content of the data file

Firstbeat’s customer and marketing activity aims at providing the best possible service as well as offering interesting content for each data subject. The following data may be stored and protected in this data file. Not all the below-mentioned data are necessarily stored for all the data subjects.

  • E-mail address, name, phone number, organisation, position
  • Data about updates and modifications of above-mentioned information
  • Data collected using cookies related to the data subject’s visits and actions in Firstbeat web site

In addition to what has been said above the register may contain notes and other data regarding the data subject needed for good customer relationship management. This may include e.g. data on the data subject’s newsletter subscriptions, past or forthcoming event participations, contact requests or data on services ordered by the data subject, deliveries and invoicing of them. Furthermore, the data file may contain data derived from the use of services such as segmentation to a given user group on the basis of the use of services or interests of the user.

The purpose and the legal basis for processing the personal data

The personal data are used in Firstbeat for

  • Targeting customer communication and marketing activity
  • Producing, offering, personalising and developing of services
  • Informing and marketing services and events
  • Managing, maintaining and enhancing current and potential customer relationship
  • Planning and developing business activities within Firstbeat
  • Market research and other statistical purposes

Personal data is processed based on a consent given by the data subject, the legitimate interests of the controller or to prepare or execute an agreement where the data subject is a party.

The storing of personal data has partly been outsourced to external service providers. The controller guarantees that this kind of outsourcing takes place in accordance with existing Finnish data protection and personal data legislation and that the external service providers will not use the data in this personal data file for their own purposes.

Data sources

The data included in this data file are collected

  • directly from the data subject,
  • from the data subject via a third party during events,
  • by means of the cookies in the controller’s web site, or
  • from public sources.

Data storage period

The data are stored in the data file only as long as and to the extent necessary and allowed according to legislation in relation with the original or compatible purposes of collecting the personal data. The personal data will mainly be stored no longer than two (2) years from the last active transaction between the data subject and the controller. The data will be erased when the storage time defined above expires. The personal data may be used after the termination of the customer relationship if the legislation in effect so require.

Additionally, the controller will carry out all reasonable activities to ensure that all personal data which are inaccurate, erroneous or outdated with regard to the original purposes of processing will be rectified or erased without delay.

Principles of data file protection

Firstbeat sets high importance on the confidentiality of its customers and the users of its services. Firstbeat carries out appropriate technical and organisational actions to protect personal data from accidental or illegal loss, disclosure, misuse, modification, deletion or unauthorised access.

Instructions related to the use of this data file are introduced within the organisation and the access rights have been restricted so that only the authorized personnel, who need the data in their work, have access to the data stored in the data file.

Firstbeat ensures that all its data systems and computer equipment are sufficiently protected with appropriate technical methods, including passwords and personal user IDs. Both the backups and deletion of the data files including personal data are carried out securely.

Transfer of personal data

Personal data may not be transferred outside Firstbeat or its subcontractors, who store the data, in a manner enabling the data to be identified, except in the following exceptional circumstances: if required by any ruling of a governmental or regulatory authority, court, or by mandatory law; or if it is otherwise necessary for the purposes of preventing, or investigating, any breach of law, user terms or good practices or to protect the rights of Firstbeat or a third party.

Transfer of the personal data outside the EU or the EAA

The controller may transfer personal data outside the EU and the ETA due to technical implementation when the controller uses external service providers to store data on the basis of a mutual partnership agreement. These transfers will be carried out securely in accordance with data protection legislation and within the limits set by this legislation.

Rights of the data subject

The data subject has the right to inspect his/her personal data and request to change possible inaccurate, incomplete or outdated data. Such an inspection is granted free-of-charge once a year. Any requests to inspect or to modify this data shall be indicated in person, or by a signed letter or similarly verified document to the controller’s person in charge of the data file, so that Firstbeat can confirm that the requestor has the right to make such a request. The requests are handled within one month from the date they were made.

The data subject has at any time the right to withdraw previously given consent for processing his/her data. The data subject can at any time make a complaint to authorities regarding the processing of his/her personal data. The data subject also has the right to request the erasure of his/her personal data from the data file providing that they are no more needed for the purpose they were collected for or that there are no legal obligations in effect concerning the controller regarding the processing or storing them. The data subject can request to restrict the use of his/her personal data or oppose the use of his/her personal data for e.g. direct marketing and relating profiling, too.

Data protection statement updates

This data protection statement has been updated 25th April 2018.

Firstbeat Technologies Oy is constantly following the updates on existing Finnish data protection and personal data legislation and aspires to continuously develop its business. Thus, Firstbeat reserves the right to update this data protection statement.