Midagon Finland Privacy Policy

1. Which company is the data controller?

Midagon Finland Oy

Business ID: 2058234-3

Address: Keilaniementie 1, 02150 Espoo

Phone number: +358 20 110 7000

Email: info@midagon.com

2. What personal data does Midagon process?

Midagon processes two types of personal data:

• Directly identifiable personal data: Full name, email, phone number, position, employer, industry, areas of responsibility, newsletter clicks and opens, orders, contracts, billing information, feedback and marketing preferences.

• Automatically collected pseudonymous data: Browsing data (time, duration, clicks, visit source, search terms, pages viewed) and technical data (device type, browser, IP-address, geographical location, operator & operating system). Collected through cookies, please find more information below in chapter 7.
  
  With regard to our Facebook page, we process statistical information, so-called page insights, and act as a joint controller with Facebook. If you interact with our page, such as like our page, post comments and send messages, we can process your name and profile picture and other information you make available to us. Facebook is primarily responsible for fulfilling the data controller’s responsibilities regarding the page insights feature. If you have any questions about how Facebook processes your personal data, please consult Facebook’s privacy policy.
  

3. Where is personal data obtained from?

We collect personal data through registrations, orders or purchases or other direct interactions. In addition, data may be gathered from direct prospecting, social media, public authorities or other reliable sources. We also use cookies to collect data about website visits.

4. For what purposes is personal data used and what is legal basis for processing?

We process personal data for the following purposes and on the following legal basis:

• Contract. We process your personal data in order to fulfil the contract of a service ordered from Midagon (includes orders, billing, customer feedback and other service-related communication). Unless you provide certain personal data, such as your contact details, we are unable to enter into contract with you.

• Consent. In case you register to our event or give permission to email marketing, we process your personal data on the basis of your consent. You may withdraw your consent at any time. However, in the event you withdraw your consent, you might not be able to take part in the event we organise.

• Legitimate interest. We are processing your personal data to fulfil the contract with your representative organisation. In addition, we strive to offer our services to professionals who are likely to be interested in our services based on their position or responsibilities in the organisation they represent. For this purpose, we may collect personal data of relevant prospects based on our legitimate interest and process such data for marketing purposes. You may object to marketing at any time. We also use personal data to develop our business operations on the basis of legitimate interest. Given the nature of data, the purposes of use and the information and choices available to you, we have assessed that our interests are not overridden by your interests and fundamental rights and freedoms.

• Legal obligation. Midagon may be obliged to store certain personal data in order to fulfil our accounting obligations or other legal obligations stemming from applicable legislation.

We do not process personal data to make automated decisions which produce legal effects or would otherwise significantly affect you.

5. How long is personal data stored?

We will only retain your personal data in identifiable form as long as is necessary to fulfil the abovementioned purposes or as long as we have a statutory legal obligation to keep your personal data, after which it will be deleted or anonymised.

We retain the personal data of our customers’ contact persons for at least the time they are current, and the customer relationship exists. After the customer relationship ends, we retain personal data for approximately 48 months. After that, we may retain your personal data for direct marketing purposes for as long as you hold a relevant position or until you have objected to it. We retain invoicing and payment information for 7 years after the relevant transaction.

You may request your personal data be deleted in accordance with chapter 8.

6. How is personal data shared or disclosed to third parties?

Midagon does not sell or rent any personal data to third parties. However, we may share personal data for relevant, legal purposes, such as marketing, marketing research and analytics. We may also disclose personal data to our group companies on the basis of authorities’ requests based on legislation and in connection with business transactions.

We may transfer personal data outside the EU and EEA. In such cases, we ensure that a legal basis for such a transfer exists and that adequate protection for personal data is provided as required by applicable law, for example, by using standard contractual clauses approved by the European Commission or by ensuring that our partner is self-certified under the EU - U.S. Data Privacy Framework.

Third parties may collect data about use of our services as described below in chapter 7.

7. What are cookies and how are they used?

Midagon collects information about the usage of its web services through cookies and other similar technologies, such as pixel tags. A cookie is a small text file that is stored on the user’s terminal device, including an anonymous code which allows the identification of website visitors. Cookies or other similar technologies do not harm users’ devices or files.

We use session and persistent cookies. Session cookies are automatically deleted when you leave our website. Persistent cookies remain stored until they reach a set expiration date or you delete them.

We use first-party and third-party cookies. First-party cookies are set directly by the website you are visiting. Third-party cookies are set by a domain other than the one you are visiting, such as our advertising partners (e.g. LinkedIn, Facebook, Google).

On Midagon’s website, cookies are used for the following purposes:

• Essential cookies make basic website functions possible. This includes saving users’ cookie preferences.

• Analytics cookies are used for improving the website’s functionality by tracking how users interact with the web pages. The collected data is used to analyse how users navigate our websites and make sure that the website is working properly. For example, Midagon utilizes Google Analytics to measure and analyze website traffic. Pseudonymised data collected by Google Analytics may be sent to servers located outside EU.

• Advertising cookies  are used for tracking how users navigate on our website, with the purpose of targeting users with personalized ads.

You can manage your cookie preferences as described below in chapter 9.

8. How is personal data protected?

Personal data is protected carefully with due organizational and technical security measures. Databases are protected with firewalls, passwords and other applicable measures. Backups, contracts and other physical documents are stored in locked facilities with strictly limited access. Midagon makes sure that access to personal data is strictly limited to personnel, whose tasks cannot be fulfilled without this. Access to Midagon’s office is restricted and supervised with clearances. In the case of third parties’ access, data security and appropriate processing is guaranteed with applicable contracts.

9. What rights do users have?

• Opt-out of and withdrawal of consent to direct marketing. You can opt-out of or withdraw consent to direct marketing at any time by contacting us or by using the automatic opt-out link in Midagon’s marketing emails.

• Access and correction of personal data. You are entitled to accessing and correcting your personal data. Upon your request, Midagon commits to deleting or correcting any outdated or incorrect data.

• Deletion of personal data. You can request their personal data to be deleted at any time by contacting us.

• Objection and restriction of processing. You have the right to object to processing we carry out on the basis of legitimate interest on grounds relating to your particular situation, unless we have compelling legitimate interests for the processing which override those interests. You also have the right to request the restriction of the processing of your personal data, for example, in case you object to processing or contest the accuracy of your personal data.

• Data portability. You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller when we process your data automatically based on a contract or your consent.

• Cookie preferences:

• Accepting or declining cookies. You can accept or decline non-essential cookies when entering our website. You can withdraw your consent at any time by clicking “cookie settings” on the footer of our website.

• Blocking and deleting cookies. You can block or delete cookies by using your browser’s settings. Blocking cookies can hinder functionalities of our website

• Google Analytics opt-out. To prevent your data from being used by Google Analytics you can install the browser plug-in from Google which is available here.

• Right to lodge a complaint. You have the right to lodge a complaint with the relevant supervisory authority in case you feel that we have processed your personal data contrary to this privacy policy or the applicable legislation.

To use your rights described above, please send your request to the address shown in chapter 1. Please note that we ask you to verify your identity when using your rights.

10. How can this privacy policy be changed?

Midagon continuously develops its services and may update this policy when necessary. Changes can also be made when applicable legislation or authority guidance is changed. We recommend you revisit this policy from time to time to notice any such changes.