Privacy

General Principles of Personal Data Processing

Data protection and your privacy are important to us. When you use our services, you provide us with information about yourself, and we want to prove worthy of your trust.

  • We process personal data carefully and professionally.
  • We protect personal data with appropriate technical solutions.
  • The processing of personal data is systematic and according to the law.
  • We do not collect unnecessary information about you.
  • We strive for transparency in our operations.
  • We explain practices in plain language.
  • Personal data are all pieces of information that can be associated with a natural person.

Data Processor or Data Controller?

In some cases, we are the data processor and not the data controller. When we can't specify the purpose and manner of personal data processing, we act as the data processor. In this case, we have access to the data controller's personal data.

For instance, when a customer provides us with their employees' personal data for a specific use, the customer is the data controller. In this situation, our customer defines the purpose and methods of personal data processing.

The data processor can process personal data only for purposes defined by the data controller. The processor's obligations towards the controller are defined in the service agreement between us and the client.

We act as the data controller when we process personal data on our own behalf, meaning we decide ourselves why and how we collect personal data.

What Personal Data Do We Collect?

The data we collect depends on the service you use. If you only use the website and decline all cookies, we don’t collect any data from you. If you are our customer, of course, we know more about you. Not all information, however, is stored in our registry. Below are examples of different situations in which your personal data may be stored in our registry:

General Information: To contact you, we store your contact details in different systems. Such general data includes name, phone number, email address, and instant messenger contact details.

Customer Relationship Information: When a customer relationship is established between us, the amount of data naturally increases. We use this data to provide the service and manage the customer relationship. If you are a corporate client, we store details about your employer or company. Such data includes the company address, billing details, location of your workstation, services in use, company-specific IDs for required systems, and notes from meetings.

Calls and Other Contacts: We might record our phone conversations or other dialogues for quality control, training, or compliance purposes. Email and social media conversations are automatically stored, even if we didn't undertake the aforementioned actions. Log information, such as the time of sending, might also be stored from the conversations.

Newsletter Subscription: When you subscribe to our newsletter, we store your email address. Additionally, we might ask for your name and interests.

Website Visits: By default, no personal data from website visits is stored in our system. However, if you accept all cookies, Google Analytics will store your IP address and a unique user ID. With these, we distinguish individual users from individual website visits.

In Summary, Collection of Personal Data...

Customer
Quote requester
Newsletter subscriber
Website visitor
First Name
X
X
X
Last Name
X
X
Company
X
X
Department
X
X
Email
X
X
X
Phone
X
X
Job Title
X
X
Conversations
X
X
Offers and quotes
X
X
IP-address
X

Where do we get (i.e., collect) your personal data from?

Below are the sources from which we obtain personal information. The most common source is contact via websites or email.

Directly from you

We collect your information when you contact us, subscribe to a newsletter, or use our services.

From websites

Our site uses cookies to optimize your service experience. This information is not always identifiable, so it is not personal information. Read more about the use of cookies from our cookie policy.

From partners and public sources

For example, we may search for contact and billing information using various databases.

How do we use your personal data?

Customer management and service provision

We process your personal data to identify you as our customer, communicate with you, and send you messages at different stages of the customer relationship.

Business development

We process your personal data to develop our business and services and to conduct marketing research and analyses, such as customer satisfaction surveys.

Marketing

We collect and analyze personal data, such as your behavior on websites or your location, to send information about our services or other messages that you may find useful. Additionally, based on your personal data, we can improve the user experience of our website and the relevance of advertising.

Statistics

We also use the information we collect for statistics and to develop our operations.

Basis for processing personal data

We process your personal data based on the following reasons:

You have given us consent to process your information. Consent can be given by using our services or by contacting our customer service. You can withdraw your consent at any time.

Processing is necessary for our or third parties' legitimate interests. This might mean, for example, processing your data to prevent fraud, target you with direct marketing, or maintain the security of our information systems.

Processing is necessary to comply with our legal obligations.

Automated decision-making and profiling

We may use automated decision-making in some of our services, such as automatic processing of service requests. Automated decision-making is based on the data provided to us.

We use profiling to send marketing messages that we believe are suitable for you. This also helps us avoid sending irrelevant messages. You have the right to opt-out of profiling related to direct marketing.

Data retention and security

We are committed to ensuring the security of your data with proper data management and careful processing of personal data. We use appropriate technical, physical, legal, and organizational measures to protect your data.

We retain your personal data for as long as necessary for the purposes mentioned in the data protection and register statements unless a longer retention period is required or permitted by law.

Personal data is mainly processed for two years from the last offer or invoice sent.

Newsletter subscribers can unsubscribe themselves.

The information of website visitors is processed for two years.

Note that the data controller may have a statutory or other right not to delete the requested information. The data controller is obliged to keep the accounting material in accordance with the Accounting Act (Chapter 2, Section 10) for a specified period (10 years). Therefore, accounting-related material cannot be deleted before the expiration of the period.

Transferring your personal data to third parties

We do not disclose your personal data without your consent to third parties unless one of the following conditions is met:

  • The disclosure is based on law, regulation, or a contract binding us.
  • We and a third party have a contract for the processing of personal data.
  • Disclosing personal data is essential for delivering a service to you.

Your personal data was collected in connection with an event organized with our partners. We may disclose your information to the partners involved in organizing the event for event-related marketing communication.

We regularly use the following service providers to provide you with the services offered. We have ensured that all our service providers comply with data protection legislation and, if necessary, agreed separately on the use of data.

  • Accounting office
  • Website maintenance - Janne Parri Oy, Finland
  • Webflow - Webflow Inc., USA
  • Zapier - Zapier Inc., USA
  • Dropbox - Dropbox Inc., USA
  • Google Drive - Google LLC, USA
  • Microsoft 365 - Microsoft Corporation, USA
  • Google Tag Manager- Google LLC, USA
  • Google Analytics - Google LLC, USA
  • Google Ads - Google LLC, USA
  • ActiveCampaign - ActiveCampaign LLC, USA
  • Facebook Ads - Facebook Inc., USA
  • We may transfer data to a collection agency if necessary for payment monitoring.

International transfer of your personal data

Your personal data is primarily stored only within the European Union (EU) and European Economic Area (EEA).

However, we use cloud services, website platforms, advertising services, and other applications based in the United States. Therefore, it is likely that personal data will be processed outside the EU/EEA. The following services and their data protection statements are listed below.

  • Webflow Inc., USA - Data Protection Statement - PS*
  • Dropbox Inc., USA - Data Protection Statement - PS*
  • Google LLC, USA - Data Protection Statement - PS*
  • Microsoft Corporation, USA - Data Protection Statement - PS*
  • ActiveCampaign LLC, USA - Data Protection Statement - PS*
  • Facebook Inc., USA - Data Protection Statement - PS*
  • Zapier Inc., USA - Data Protection Statement

Companies marked with PS* operate within the framework of the EU-U.S. Privacy Shield program, whereby data transfer complies with the EU General Data Protection Regulation and ensures data protection: EU-U.S. Privacy Shield program.

Your rights

You have the right, among other things, to check the information in our registers, request the correction of incorrect information, the right to delete data (i.e., the right to be forgotten), the right to transfer your data to another service, and the right to restrict the processing of your personal data.

If you wish to perform any of the above actions, you can contact the person responsible for the register:

JOONAS KIRJAVAINEN
Production Manager
+358 41 543 5843
joonas@ottofilm.com