Fidelix Privacy Policy

Privacy Notice for the Business Customer, Partner and Stakeholder Register of Fidelix Oy

1. Controller

Fidelix Oy (Business ID 1770269-0)
Fidelix Tech Oy (Business ID 3329591-7)
Address: Myllynkivenkuja 1, 01620 VANTAA
Phone number: 092501288
(hereafter ”Fidelix Oy” or ”we”)

2. Contact person for register matters

Name: Mikko Alppivuori
Address: Myllynkivenkuja 1, 01620 VANTAA
Email: privacy@fidelix.com

3. What is the purpose and the legal basis for processing personal data and what data do we process?

Fidelix’s customer and customer contact information
PERSONAL DATAPURPOSE OF PROCESSINGLEGAL BASIS
Basic information such as name, customer number, username and/or other unique identifier, password and language; Contact details such as e-mail address, phone number, home address; Information on the company and its contact persons such as names, titles and contact information of contact persons.Producing, offering and developing our servicesOur legitimate interest
Fulfillment of our contractual and other undertakings and obligationsImplementation of the agreement
Electronic direct marketing (incl. electronic surveys)Consent (private persons) or our legitimate interest (businesses)
Management of our customer relationship or potential customer relationship incl. organizing events, sending customer satisfaction surveysOur legitimate interest
Consents and prohibitions regarding direct marketingElectronic direct marketing (incl. electronic surveys)Consent (private persons) or our legitimate interest (businesses)
Personal Data collected in connection with events and trainings such as event registration, special diets, billing informationOrganizing events and trainings and sending invitationsOur legitimate interest
Consent
Data related to the customer relationship or a potential customer relationship, partners and agreements such as information on past and current agreements and assignments, offers made, contact information, billing informationFulfillment of our contractual and other undertakingsFulfillment of the agreement
Taking care of, developing and maintaining the customer relationship; responding to communications from potential customers and making offersOur legitimate interest
Information on the technical connection and the terminal used such as IP address, device ID or other identifiers and cookiesAnalyzing behaviourConsent
The following information is collected from the Fidelix cloud service user when logging in and using the application
PERSONAL DATAPURPOSE OF PROCESSINGLEGAL BASIS
Basic information such as name, username and/or other unique identifier, password and language, employer information (if shown in the email address), information about the housing company or real estate company to which the data subject has been designated as a contact person;  Producing, offering and developing our servicesOur legitimate interest
Fulfillment of our contractual and other undertakings and obligationsFulfillment of the agreement
Electronic direct marketing (incl. electronic surveys)Consent (private persons) or our legitimate interest (businesses)
Information on the technical connection and the terminal used such as IP address, device ID or other identifiers and cookiesAnalyzing behaviourConsent
User log data in the cloud, such as login times, actions taken by the user, acceptance of terms of use and collection of personal dataEnsuring continuity of services, ensuring data securityOur legitimate interest
Fulfillment of the agreement

4. From where do we receive the data?

We may disclose personal data to the extent permitted and required by applicable law, for example, to group companies as well as legal and financial or other similar consultants who act as independent controllers of the data. Personal data may be disclosed to authorities which have a legal right to obtain information from the register.
We have outsourced the processing of personal data to subcontractors for the following services:

  • Marketing
  • IT management
  • Financial management
  • Business (e.g. services and trainings provided by us)

  • We have ensured the protection of your data by making the necessary contracts with the subcontractors. We cannot name all our subcontractors, in part due to projects in development, so we have decided on naming only the types of subcontractors.
    We do not primarily transfer personal data outside the EU/EEA. However, the marketing and IT management systems we use may allow the service provider to access data from outside the EU/EEA. When personal data is processed outside the EU or the EEA, we will ensure that the subcontractor is committed in complying with the EU Commission’s standard clauses on the processing of personal data.

5. To whom do we disclose and transfer data, and do we transfer data outside the EU or the EEA?

We may disclose personal data to the extent permitted and required by applicable law, for example, to group companies as well as legal and financial or other similar consultants who act as independent controllers of the data. Personal data may be disclosed to authorities which have a legal right to obtain information from the register.

We have outsourced the processing of personal data to subcontractors for the following services:

  • Marketing
  • IT management
  • Financial management
  • Business (e.g. services and trainings provided by us)

We have ensured the protection of your data by making the necessary contracts with the subcontractors. We cannot name all our subcontractors, in part due to projects in development, so we have decided on naming only the types of subcontractors.

We do not primarily transfer personal data outside the EU/EEA. However, the marketing and IT management systems we use may allow the service provider to access data from outside the EU/EEA. When personal data is processed outside the EU or the EEA, we will ensure that the subcontractor is committed in complying with the EU Commission’s standard clauses on the processing of personal data.

6. How do we protect the data and for how long do we store it?

Access control, data encryption, log monitoring, security policies, backup policies, operational control, technical restrictions as well as the detection of data security deviations and possible data security breaches are utilised in the Company’s premises. Persons handling documents are bound by a confidentiality obligation.

Only those of our employees, who on behalf of their work duties have the right to process personal data, are entitled to use the systems containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected with firewalls, passwords, and other technical measures. The database and its backups are kept in locked premises and only predesignated persons have access to the data.

We assess the need to store data regularly considering the applicable legislation. Additionally, we take all the reasonable measures to ensure that no data, which is incompatible for the purposes of the processing, obsolete or incorrect, is stored in the register. We correct or erase such data without delay.

7. What are your rights as a data subject?

You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. You may also inspect your data stored in the register and update and edit these by means of a technical access, username, and password. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.

On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is the legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

8. Who can you contact?

The contacts and requests concerning this privacy notice must be submitted in writing or in person to the person mentioned in section two (2).

Your current choices: