Although we provide services to businesses and organizations, there are always people behind them. That’s why we collect, store, and process personal data such as contact information from staff at our client companies and from partners. Personal data refers to all information that can be linked to an identified or identifiable person, such as name, email address, and job title.
In some cases, we may also act as a data processor for our clients, who themselves act as data controllers. In these situations, we follow our clients’ privacy policies, and the processing of personal data is always based on a clearly defined service and privacy agreement with the client company. We then process personal data solely for that particular client and only for the duration of the agreement.
1. Data Controller
The Data Controller for the processing of personal data described in this privacy statement is Exove Design Oy (also referred to as “Exove Design” or “we”):
Identifying the customer and managing access rights.
Delivering orders and maintaining and developing customer relationships.
Providing or delivering our services.
Marketing and customer communication.
Improving our services.
Research related to customer projects, including customer-requested surveys. Participation in surveys is voluntary and will be communicated in advance to those participating.
4. Basis for Data Collection and Processing
Customer data is collected and processed with the customer’s consent, or to fulfill a contract with the customer.
For research related to our customer projects, the basis for data collection is the consent given by the individual participating in the research.
5. Data Content of the Register
Information collected from our customers or potential customers:
Company Name, Business ID, Email Address, Phone Number, Name, Personal ID, IP Address
Data collected during research related to customer projects:
Name, Email Address, Phone Number
The collected data my vary depending on the use case.
6. Data Retention Period
Personal data is stored as long as it is needed to execute a contract with the customer or for customer service improvement.
Especially for research materials, personal data is stored only until the research is concluded. The conclusion of the research is determined based on what has been agreed upon in advance with the customer. After that, all related personal data is safely deleted or anonymized.
7. Regular Data Sources
We mainly collect and process personal data related to our customers, potential customers, and customer project research.
Data is collected:
Primarily from the individual themselves.
From registers kept by authorities within legally permitted limits (e.g., ytj.fi).
For new potential customers, we may also collect so-called prospect data from sources like LinkedIn, company websites, or using prospecting tools (e.g., LeadFeeder or Albacross).
Data is also collected from our website’s contact forms and usage statistics are collected via the Matomo analytics service.
8. Regular Data Disclosures and Transfers Outside the EU or EEA
Data is not regularly disclosed outside the company. Some of the external service providers we use may store data outside the EU or EEA.
10. Register Security
Data is transferred over an SSL-secured connection.
Electronic data is protected by a firewall, usernames, and passwords.
11. Automated Decision Making
Automated individual decisions (Article 22 of the GDPR) are not made.
12. Rights of the Data Subject
The data subject has the right to inspect the stored data, to correct or delete outdated or incorrect data, and to object or restrict data processing according to GDPR articles 18 and 21. They also have the right to lodge a complaint with a supervisory authority and to opt out of direct marketing.
13. Supervisory Authority
If you feel that we have processed your personal data unlawfully or have other concerns, you have the right to lodge a complaint with the competent supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman: