Privacy Policy of Isolta Ltd

Last updated 8 September 2017

Personal Data File and the Controller

Name of the File:

User Register of Isolta Ltd

Controller:

Isolta Ltd (“Isolta”)
Business Identity Code: 1854047-8,
Address: Kaisaniemenkatu 6 A, 00100 Helsinki, Finland
Phone: +358 0207 181 710
E-mail: info@isolta.com
Contact Person: Mikko Ilomäki (e-mail: mikko.ilomaki@isolta.com)


We care for your privacy

Isolta respects your privacy. Therefore, we comply with the applicable laws and do not process our customers' or their clients’ personal data without a legal basis for processing. We only process such personal data which is necessary for taking care of the relationship between us and our client, for providing high quality services or for the development of our operations, including informing you about new products and features.

This Privacy Policy is applied to processing of personal data concerning the users (“User”, “Users”) of services provided by Isolta. The Privacy Policy describes the relevant principles and purposes of processing of personal data by Isolta. The Users can be Isolta’s clients or representatives of client companies. We remind you that our services may contain links to websites and services of third parties. These websites or services are subject to their own privacy policies. Isolta does not take any responsibility of third parties’ privacy policies or processing of personal data in third parties’ operations. Please pay attention to their respective privacy policies and subsequent changes to them.

Categories and sources of personal data

As a rule, the personal data processed by Isolta is provided by the Users themselves in context of the registration or usage of the services.

(1) Isolta stores the data a User provides upon signing up for the service. In this context Isolta may request a User to provide data relating to the client company and the User, the name of a contact person and contact information such as the mail address, e-mail address and phone number. In addition, Isolta collects technical data on the use of the services and the communication between Isolta and a User. Data concerning the use of the services may concern information related to the use of user interfaces or user activity in the services.

(2) In order to use the invoicing service, a User has to provide its clients' relevant personal data. Isolta stores the data a User provides when using the service which in this context usually includes personal data such as a name, contact details, payment information and description of service invoiced. This data may also contain sensitive personal data or data related to children. It is the client company's and User's responsibility to take care that only necessary sensitive data is provided when using the service and that there is a legal basis to process such data. Isolta processes this data only as a data processor on behalf of the User.

Legal basis and purpose of processing personal data

We process personal data for the following purposes:

(1) Most of personal data is processed to deliver the service. This processing of personal data is primarily based on contract and client relationship between a User and Isolta. Personal data is collected during registration and some technical data is needed to run the service. Furthermore, the User must provide necessary client’s personal data to be able to use the invoicing service.

(2) The personal data stored in Isolta’s User Register may be used to manage the client relationship and communication as well as for marketing. In this respect, we base the processing on our legitimate interest to provide Users with relevant information as part of this service and to promote our service.

(3) Our goal is to provide high quality service. Therefore, we may use personal data to analyze the market, Users and services for the purpose developing and improving the quality of the services. We base this processing on our legitimate interest to grow and develop.

We will not use the personal data included in the invoices for direct marketing.

Sharing of personal data

We may disclose personal data to third parties in the following cases:

(i) Isolta may use subcontractors when providing its services. Our trusted subcontractors work on our behalf, and do not have an independent right to use the personal data we disclose to them. We make sure that our subcontractors only use the personal data in accordance with our instructions. They are subject to appropriate security and confidentiality requirements.

(ii) When required by law such as to comply with requests by competent authorities.

(iii) When we believe in good faith that disclosure is necessary to protect our rights, investigate fraud or to protect our clients’ safety.

Transfer of personal data outside of EU/EEA

Isolta may use subcontractors when providing its services. When necessary and to the extent required for the successful provision of the services, personal data may be transferred to a country outside of the EU/EEA. In this case we will use the required established mechanisms that allow the transfer to subcontractors in those thirds countries, such as the Standard Contractual Clauses approved by the European Commission. We will rely on the so-called Privacy Shield for those service providers located in the U.S that are Privacy Shield-certified. For more information about the Privacy Shield framework developed by the U.S. Department of Commerce and the EU Commission and the related principles concerning processing of personal data, please see here.

Data retention

The personal data will be retained only for as long as necessary to fulfill the purposes defined in this Privacy Policy. After that personal data will be removed except when required by law or rights or obligations by either party. As we are processing most personal data on behalf of Users' instructions, we follow those instructions regarding the retention of the data.

Data Security

Isolta has carried out the technical and organizational measures necessary for securing personal data against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. The manual data is stored in locked facilities. Access to automatically processed data is limited by user rights and passwords within the organization of Isolta and the personal data is secured by appropriate data security methods.

Cookies

Cookies are files which are received and transmitted by a User’s device when the User is using Isolta’s service. Isolta may use cookies and similar techniques to provide functionality of services, to improve their quality and to enhance the user experience. By using our services and consenting to the use of cookies in his/her internet browser settings a User consents to the use of cookies by Isolta. The User may prohibit the use of cookies by changing the browser settings. This may, however, affect the user experience of the services.

User rights and quality

Users have the right to prohibit Isolta to process personal data for purposes of direct advertising, distance selling, other direct marketing, market research and opinion polls. Isolta recommends the Users to notify Isolta’s contact person provided in this Privacy Policy of such possible prohibitions in writing. Users also have a right to data portability, i.e. right to receive your personal data in a structured, commonly used machine-readable format and transmit your personal data to another data controller.

A User has the right to access the data on him/her and upon request, obtain a copy of the data. Such request shall include information that is necessary for retrieving the data and shall be made using a personally signed document which can be addressed to the contact person provided in this Privacy Policy.

If a User thinks there is a problem with the way Isolta is handling personal data, the User has a right to file in a complaint to a data protection authority in the EU. In Finland the competent authority is the Data Protection Ombudsman. The User may contact Finnish Data Protection Ombudsman through this link.

Isolta aims at taking care of the quality of personal data processed by it. Isolta rectifies, erases or supplements possibly erroneous, unnecessary, incomplete or obsolete personal data at its own initiative or at the request of the data subject concerned. However, a User is responsible for the validity and quality of the personal data provided. A User also is responsible for notifying Isolta of any possible changes in the personal data provided by the User. The User is recommended to contact Isolta’s contact person provided in this Privacy Policy to correct any possibly erroneous data.

Changes to the Privacy Policy

Isolta may amend this Privacy Policy and the related information. Isolta recommends that the Users regularly access the Privacy Policy to obtain knowledge of any possible changes to it. We will always provide the date of the Privacy Policy to allow you to see changes.

Isolta will inform Users of possible changes by using reasonable and available channels.