Privacy Policy

1. General

This Privacy Policy describes the personal data that Adeptly Oy (the “company”) collects, how this data is processed, the purposes for which it is used, and the parties to whom it may be disclosed. The Privacy Policy also provides information on the obligations the company follows when processing personal data.

The company pays special attention to data protection and complies with the Data Protection Act (1050/2018), the EU General Data Protection Regulation (2016/679) (the “Data Protection Regulation”), and other applicable data protection legislation and good data processing practice.

This Privacy Policy applies to the processing of personal data of current and potential customers and their users of the expert brokerage service (“service”) provided by the company.

Personal data refers to all information relating to an individual (the “data subject”), which can directly or indirectly identify them as defined in the Data Protection Regulation. Information that cannot directly or indirectly identify the data subject is not considered personal data.

2. Controller and Contact

Data Controller:   Adeptly Oy
Business ID:           2841207-4
Address:                 Mannerheimintie 12 B, 00100 Helsinki
Email:                     privacy@adeptlyworks.com

3. Purposes and Legal Basis for Processing Personal Data

Personal data is processed for the following purposes:

• Providing, producing, maintaining, developing, ensuring quality, and informing about the service
  

• Targeted customer communication and monitoring of the use of the service
  

• Marketing and targeted marketing to customers, potential customers, and experts
  

• Ensuring the security of the service and preventing misuse
  

• Invoicing
  

• Complying with statutory obligations
  

The legal basis for processing personal data is the contractual relationship between the company and the customer, based on the ordering and provision of the service. Processing personal data is also based on statutory obligations, such as accounting obligations. Processing for customer relationship management and marketing is based on the company’s legitimate interest.
‍
Electronic direct marketing and subscribing to the company’s newsletters are based on the data subject’s consent or the company’s legitimate interest. The data subject has the right to withdraw their consent at any time (see the rights of the data subject below).

4. Personal Data Categories, Data Content, and Sources of Information

The company collects only such personal data of data subjects that are essential and necessary for the purposes described in this Privacy Policy. The following data is processed from the data subjects:

Providing the information mentioned in sections A–C above is necessary for the fulfillment of obligations based on the agreement between the company and the customer, as well as the legislation, and for the provision of the company’s service. Providing the information mentioned in section E is voluntary.

Primarily, personal data is collected from the registered individuals themselves when registering for the service, when entering into a contract, or during the customer relationship. The registered individual may have also provided information to the company, for example, by subscribing to an electronic newsletter, in social media services, or on the company’s website.

Regarding the reward program, information related to referred experts and shared leads is obtained from other registered individuals.

The company may use external service providers in marketing who handle contact information of the registered for marketing purposes.

Personal data may also be collected from a customer company on whose behalf the registered individual acts. In addition, in situations allowed by legislation, data can be collected and updated from registries maintained by third parties.

The company’s subcontractors and partners provide the company with registered personal data in situations required by legislation and contractual obligations.

The company uses external services for the visitor tracking of the service’s websites, which can use browser cookies and other identification information. More information on these can be found from the privacy statements of each used external service.

5. Retention of Personal Data

The company retains personal data for as long as is necessary for the purposes defined in the privacy statement, unless legislation requires the retention of personal data for a longer period (for example, responsibilities and obligations related to special legislation, accounting obligations, or reporting obligations), or unless the company needs the information for the drafting, presentation, or defense of a legal claim or to resolve a similar dispute situation.

The retention period and retention criteria vary by group of personal data, depending on the purpose of use of a specific group of personal data.

Personal data is processed during the validity of the customer and contract relationship and for a maximum of 6 months after the end of the customer and contract relationship. Regarding the reward program, personal data related to referred experts and shared leads is processed for a maximum of 18 months from the receipt of personal data unless a customer or contract relationship is established based on the referral or lead.

For customer companies, the retention of personal data of the company representative is linked to how long the registered individual acts as the representative of that company towards the company.

When personal data is no longer needed in the manner defined above, the data is removed within 6 months.

6. Parties Handling and Recipients of Personal Data

The company may outsource the processing of personal data to service providers or subcontractors participating in the provision and production of the service in accordance with this privacy statement. The company ensures proper handling of personal data with sufficient contractual obligations.

The company can provide the personal data of a registered expert to customer and partners for job opportunities, excluding the CV, for which transfer requires the prior consent of the registered expert.

Personal data may be disclosed to authorities in situations required and authorized by law.

The company does not disclose the personal data of the registered for direct marketing.

If the company is involved in a merger, business transaction, or other corporate arrangement, it may have to disclose the personal data of the registered to third parties.

Data transfer to a third party primarily takes place via electronic data transmission connections, but data can also be transferred in other ways such as by phone or letter.

7. Transfer of Personal Data outside the European Union or the European Economic Area

Data is not generally transferred outside the European Union or the European Economic Area.

If data is transferred outside the European Union or the European Economic Area, the company ensures an adequate level of protection for personal data by, among other things, agreeing on matters related to the processing of personal data in the way required by data protection legislation, such as using standard contractual clauses approved by the European Commission.

8. Principles of Personal Data Protection and Processing Security

The company processes personal data in a manner that aims to ensure appropriate security and data protection of personal data in all situations, including protection against unauthorized processing, as well as accidental loss, destruction, or damage.

Appropriate technical and organizational protective measures are used in the processing of personal data to ensure this, including the use of firewalls, encryption techniques, the use of secure device spaces, appropriate access control and access management, and instruction of personnel.

Contracts and other original documents to be kept in their original form are stored in locked spaces, with access rights limited only to authorized parties. Paper prints are securely destroyed.

All parties processing personal data have an obligation of confidentiality based on employment contract law and confidentiality clauses regarding matters related to the processing of registered personal data.

The company can outsource the processing of personal data to service providers in accordance with this privacy statement, ensuring that personal data is processed properly and lawfully with sufficient contractual obligations.

9. Cookies and Third-Party Links

The service uses cookies. The content of cookies is explained on the website of the service (Cookie Policy).

The service’s website uses Google Analytics, which does not collect IP addresses but collects anonymized information about the use of website.

There may be links to third-party websites on the service’s website, which the company does not control and for which the company is not responsible for the content and privacy practices.

10. Rights of the Data Subjects

Data subjects have rights guaranteed by data protection legislation.

Data subjects have the right to confirm whether their personal data is being processed. They have the right to inspect and view the data relating to themselves and, upon request, the right to receive this data in written or electronic format.

Data subjects have the right to demand correction of inaccurate or incorrect information. In addition, data subjects have the right under current data protection legislation to demand the deletion of their data. The company also initiates deletion, correction, and supplementation of personal data that it has detected as incorrect, unnecessary, incomplete, or outdated for the purpose of the processing.

Under current data protection legislation, data subjects have the right to demand the transfer of their data to another data controller.

Furthermore, under conditions set by data protection legislation, data subjects have the right to request a restriction on the processing of personal data. Also, in situations where suspected incorrect personal data cannot be corrected or deleted or if there is uncertainty about a deletion request, the company restricts access to this data.

Data subjects have the right to object to the use of their data for certain types of processing. Data subjects have the right to refuse the disclosure and processing of their data for direct marketing purposes.

Requests related to the rights of data subjects are made during personal visits, in writing, or electronically, and are directed to the contact person mentioned in this data protection appendix. Identity is verified before providing the data. The inspection request will be responded to within a reasonable time, if possible, within one month from the request and identity verification.

If a data subject’s request cannot be complied with, refusal will be communicated to the data subject in writing. The company can refuse requests, such as deletion of data, due to a statutory obligation or the company’s statutory right. Consent for electronic direct marketing can be revoked or a prohibition on direct marketing can be made by contacting the company’s contact persons. Additionally, data subjects can unsubscribe from the company’s mailing list at any time by clicking on a link in an email.

Data subjects have the right to lodge a complaint with the Data Protection Authority (www.tietosuoja.fi) if they believe that their personal data has been processed in violation of applicable legislation.

11. Changes to the Privacy Policy

The company continuously develops its service and may therefore need to change and update this privacy policy. Changes may also be based on changes in legislation. We recommend regularly reviewing the content of the privacy policy. Changes will be announced on the service’s website by publishing an updated privacy policy. The company may also communicate changes it deems significant to data subjects by email.