Privacy Information

With the entry into force of the EU General Data Protection Regulation (the “Regulation”), this privacy statement will replace our previous registry statements. In accordance with the Regulation, we want to inform users of our site and services (the “Customer”) about the processing of our personal information in a concise, transparent, easy-to-understand format in clear and simple language. If you have any questions about our privacy practices in addition to the information below, please feel free to contact us.

1. The controller

Espoon Seudun Uusyrityskeskus ry / CompanyEspoo
A Grid, Otakaari 5A, 02150 Espoo
Business ID 0951711-0
Tel. +358 (0) 10 3366550

2. Data Protection Liaison Officer

Questions about this privacy statement will be answered by Matias Holmqvist, our Privacy Officer, see contact information www.yritysespoo.fi

3. Our personal register

We process our customers’ personal data for different purposes and therefore partly in different registers.

4. Purposes and legal bases for the processing of personal data

We process personal data primarily for customer relationship management, but also for reporting / statistics and to inform and market our operations. We process data for the purpose of fulfilling the contract (business advice), fulfilling our legal obligations and on the basis of a legitimate interest (reporting / statistics) and consent (marketing). We may also send customer feedback surveys to our customers, the results of which we may use to improve our operations.

In summary, it can be said that our legitimate interest is in particular raising awareness of our operations, developing our operations and maintaining well-functioning networks.

5. Categories of personal data

In business consulting, we can process the following information about our clients:

Name

Home address

Telephone number

Email address

Business idea / business ID

The above information is recorded in the Ajas system upon appointment, from where it is transferred to the Nestor customer system.

In business advice, we also add the following information to the customer’s information at the first meeting:

Sexual

Year of birth

Home town

Citizenship

Language of instruction

Education class

Employment situation

What did you hear about Company Espoo’s services?

Business ID of the operating companies, date of registration and contact information of the company, which are automatically transferred from the Company and Joint Information System (YTJ).

In addition, notes are recorded about the customer meeting and the business idea, any expert referrals, and the customer’s business plan.

CompanyEspoo events are registered through the Lyyti service, which can also be used for event-related communication. In connection with the registration, the customer’s name, e-mail address and possibly the special diet will be asked, as well as any details required for the organization of the event. The customer can be asked for feedback about the event via e-mail, Lyyti or a similar tool. You can also register for some events directly, for example, by e-mail to a customer adviser.

6. Sources of information

In principle, we receive the information we process from the customer himself. On the other hand, for example, our staff uses public information sources (such as the NBPR and YTJ) if necessary. If the customer already has a company / business ID, the company’s information (registration date, contact information and TOL classification) will be transferred to our registers from YTJ. When a customer has established or terminated a company, this information is transferred from the NBPR’s trade register to our registers. If necessary, we receive information (informing the customer about this) from our various stakeholders (eg TE offices, Finnvera and our experts).

7. Recipients and processors of personal data

If the customer wishes, he or she can give consent to become a member of the local association of Finnish Entrepreneurs, in which case the customer’s information will be disclosed to Finnish Entrepreneurs.

In addition, information and a business idea can be discussed with the TE Office, Finnvera, our experts or other similar actors for measures that meet the customer’s needs.

We leverage the systems of our service providers to serve our customers. Our customers’ data can thus be processed in at least the following services: Ajas (appointment booking), Nestor (customer information system), Questback (customer feedback surveys), Mail Jungle (newsletter) and Lyyti (event registration, reminders and feedback surveys)

8. Data Transfer

The data will not be transferred from us outside the EU or the European Economic Area.

9. Marketing Authorization

If desired, the customer can join the CompanyEspoo mailing list either by giving written consent using the customer information form or by joining the distribution list via the Subscribe to newsletter link, which can be found e.g. from our website. If a person living in the main business area of ​​EnterpriseEspoo (Espoo, Kirkkonummi, Kauniainen) has downloaded the Establishment Guide on the website www.perustamisopas.fi and issued a marketing authorization, his or her e-mail address will be added to the mailing list of EnterpriseEspoo. A newsletter will be sent to the customer about matters related to entrepreneurship and events through the Postiviidakko service. Other entrepreneurship-related material can also be sent to customers by mail from time to time.

10. Retention of Personal Information

We process personal data according to each purpose and time. We would like to remind you that, for example, the reporting and statistical obligations that bind us may require that data be retained even after the end of business advice. In addition, customers should note that we may retain information that is relevant to the statistics, if necessary, so that the customer cannot be identified directly or indirectly.

11. Principles of protection of the processing of personal data

We process our customers’ personal data in principle in secure information systems, where the right to use requires e.g. username and password. The right of access shall be granted to a member of the staff of the controller whose status and duties include that right of access. In electronic communications (eg e-mail), we take appropriate measures to ensure an adequate level of data protection. Our customer information forms are stored in locked premises.

13. Rights of the data subject

Right of access to personal data:

  • our customer can contact us and check what information is stored about him

Right to rectify data:

  • Although we strive for complete and up-to-date information, our customers may contact us and request that inaccurate information be corrected.

Right to delete data:

  • if the purpose has expired and the customer has, for example, revoked his consent for a particular processing, we will delete the data and the customer has the right to demand this from us as well.

Right to restrict processing:

  • our customer can contact us and check what information is stored about him

Right to object:

  • we have put in place mechanisms for our customers to object to the processing of their personal data and we also remind you that insofar as the processing is based on consent (eg for marketing), our customer is always free to withdraw their consent

The right to transfer data from one system to another:

  • the customer may contact us if the customer needs their information in systems other than ours and we strive to provide the information so that it can be transferred to another system

14. Other things to consider

Although we strive to operate e.g. in accordance with the regulation, if necessary, the customer may contact our data protection officer or lodge a complaint with the relevant supervisory authority.

When collecting data, we strive to provide information that is voluntary and which is mandatory. In principle, at least the information listed above is necessary for the provision of business advice or other services (in order to fulfill obligations under the contract / law).

We do not use personal information for automatic decision making (including profiling).