Privacy policy

Information about the processing of personal data at Kipinä Software Oy.

Updated: 26.08.2024

Our company stores and processes personal data as required by the EU General Data Protection Regulation (GDPR).

Data controller:

Company name: Kipinä Software Oy

Business ID: 3201079-9

Address: Erottajankatu 2, 00120 Helsinki

Telephone: 040 535 2265

The person responsible for the register:

Name: Kari Kellokoski

Email: kari.kellokoski@kipina.fi

Name of the register:

Grounds for keeping the register

The retention of information in the register is based either on a contractual relationship with our company, consent from the individual to the storage of information, or our company's legitimate interest in collecting information for our business needs.

We collect and store information about potential new customers based on customer and employment relationships or business-related information. The collection of new potential data is based on business activity and we collect the data ourselves.

Purpose of use of personal data

We process personal data for the purposes of managing, analysing and marketing a customer relationship or other business relationship.

Our business is based on legitimate business practices, so we also comply with EU legislation on the storage of personal data:

The information we hold about you is lawful, fair and transparent in relation to the processing. This means that you can access your data at any time.
Data is purpose-bound - for example, the information we collect from individuals is only tied to a specific purpose. We will not disclose your data to third parties unless there is a good reason to do so.
We minimise the information we store - we only store what is necessary
We strive to keep our data accurate
We limit data retention - data has a defined lifetime, after which it is either automatically or routinely deleted unless there is a legal reason to keep it.
We store intact and reliable data, for example, backed up by backups

Data content of the register (fields in the personal data forms

First name and surname
Title
Contact
Other customer-related textual information
Marketing authorisation or prohibition
Data collected through eavesdroppers
Data collected from social media channels
We record minimal information about the customer relationship, which typically includes the individual's unique name, possibly company, and contact information such as email and phone number.

Data sources

Data collected from forms on the website.

In addition, for business purposes, for example, when acquiring new customers, we may use names picked up from the media that we may contact for business purposes.

Disclosure and transfer of data

The data may be disclosed to our partners at the discretion of the controller, within the limits permitted and required by the applicable legislation, unless the data subject has refused the disclosure. Disclosure of data to partners will only take place for purposes that support the purpose of the register.

Transfer of data outside the EU or EEA

The information will not be disclosed to parties operating outside the territory of the Member States of the European Union or the European Economic Area.

The information is disclosed to services operating outside the territory of the Member States of the European Union or the European Economic Area. The transfer of data will comply with the requirements of personal data legislation and we will share with these services in accordance with the principle of data minimisation and risk reduction. We use companies that are members of the Privacy Shield.

Protection of the register

The data contained in the register is stored in CRM and HR services, where it is protected by firewalls, passwords and other technical means generally accepted in the security industry. Manually maintained data are located in premises to which unauthorised access is denied.

Only identified employees of the controller and of companies acting on its behalf and for its account have access to the data contained in the register. A log is kept of all personal data processing operations, allowing us to check when and by whom the personal data was processed.