1 Data Controller
FCG Finnish Consulting Group Oy (1940671-3)
Osmontie 34, 00610 Helsinki
+358 10 409 2000
2 Contact person in data privacy related issues and Data Protection Officer
3 Name of the register
Register of FCG Finnish Consulting Group’s customers, stakeholders and training participants
4 Categories of data subjects
The register deals with the following categories of persons:
- Contact persons of the data controller’s customers
- The data controller’s potential customers/customer contacts
- Contact persons of the data controller’s stakeholders, incl. lecturers participating in the trainings
- Participants in the data controller’s trainings/events
5 Purposes and legality of processing personal data
The data controller maintains information database of active Finnish companies as well as corporations and government organizations.
In addition to the contact and background information of the organization, the register maintains information on the status and tasks of the persons working in the organization with their contact information.
Personal data is processed for the following purposes:
- Customer relationship management and other customer communications, such as marketing, newsletters, customer surveys, customer contact information maintenance and invoicing.
- The provision of expert and customer services in the services and assignments of the controller.
- For the planning and development of the data controller’s operations and supply, e.g. based on the online behavior of the data subjects.
- For the management of services (e.g. events and training) and assignments, including the processing of service requests, communication with customers, the distribution of lists of participants in the training event and the management of access rights, e.g. in the controller’s extranet and training management information systems’
- Stakeholder cooperation, such as maintaining areas of expertise for those who are acting in the role of lecturer and registering implementations and paying stakeholder invoices and fees.
- Disclosure of contact information for training / event to other stakeholders involved in the event for marketing purposes.
- For access control and video surveillance purposes
The processing of personal data is primarily based on the legitimate interest of the data controller (e.g. customer relationship management, legal certainty, marketing, invoicing, payment of fees, sharing of event participant lists, providing contact information to stakeholders for marketing purposes) or agreement (e.g. training registration) or legal obligation (including accounting obligations related to the storage of invoicing transactions). In addition, data subjects may be required to give their consent if necessary.
Special remarks related to the data controller ‘s trainings / events: Registration information can be used to organize the event and the names of the registrants can be shared in the list of participants. The event may be filmed. The purpose of filming is to enable participation in training remotely or the use of recordings/images for training or marketing purposes.
6 Categories of personal data and envisaged time limits for erasure
The register may contain the following information:
- Person’s first and last name
- Basic job / position information
- Contact Information
- Information related to the use of the Services, including billing information
- Information related to service requests
- Information related to the expertise of an external expert
- Information related to access control and video surveillance, if the registrant has visited our locations
- IT management information such as technical identifiers, log information, usernames, information, usernames, technical information related to the use of the provided services
Training videos and broadcasts or images may be recorded identifiable persons.
For marketing purposes, the data may be used for as long as the controller needs the information for that purpose. For accounting purposes, data will be retained for as long as required by law.
Service requests related to service activities are retained for 10 years from the end of the calendar year in which the service request is resolved.
Data can be deleted at the customer’s request.
7 Regular sources of information
- Registered or by an organization registered represents.
- Publicly available sources.
- Contact registers purchased from external service providers.
8 Categories of recipients to whom the personal data have been or will be disclosed
Responsible for planning and arranging trainings / events, responsible for customer care, service request handlers and responsible for invoicing. Information can be passed on to training / event stakeholders.
9 Transfer of data outside EU or ETA
Data will not be transferred outside the EU or the ETA.
10 General description of the technical and organizational security measures
A Paper material
The register typically does not generate paper material. If such occurs, the material will be disposed of securely in accordance with the Data controller’s data protection policy.
B Digitally processed data
Personal data is processed in several different information systems. The data controller shall ensure that the information systems are protected by restricting access rights and by appropriate updates. Information systems are also protected by network technology measures (use of firewalls and placement of information systems in different network segments).
11 Profiling and automatic decision making
Personal data may be processed for profiling purposes to develop operations and to target marketing and newsletters. There will be no automatic decision-making or profiling that would involve significant decision-making or have legal effects on the individual.
12 Data subject’s rights
The data subject has the right to request access to personal data concerning him or her, as well as the right to request the rectification or deletion of personal data concerning him or her or to restrict or object to the processing. The data subject has the right to prohibit direct marketing to him.
The data subject shall have the right to request personal data concerning him or her which he or she has provided to the controller in a commonly used and machine-readable form and to transfer such data to another controller if the processing is carried out with the consent of the data subject.
Any data subject has the right to make a complaint with the relevant supervisory authority or the supervisory authority of the EU Member State where the data subject lives or works if the data subject considers that his or her personal data have not been processed in accordance with the applicable data protection law.
Data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
The controller may ask the data subject to clarify his request in writing and to verify the identity of the data subject before processing the request. The controller may refuse to execute the request on the grounds provided for by the applicable law.
The data subject will be provided with the necessary information provided in this privacy notice when personal data is collected from the data subject or when personal data have not been obtained directly from the data subject.
The provision of personal information is not a legal requirement. The data subject is not obliged to provide personal data and failure to provide such data will not result in penalties. The provision of personal data may be based on a contract or the conclusion of a contract and may thus be a condition for the purchase of services as a controller.
The data subject always has the right to object to the processing of personal data for direct marketing purposes or for profiling related to direct marketing.
What are cookies?
A cookie is a small text file that is stored on your device. Cookies allow us to use several functions of our website as well as the best possible user experience. A cookie can be a session cookie that is stored on your computer only for the duration of your session, or a persistent cookie that is stored on your computer for a specific period of time.
We use the designation “first-party cookies” of cookies set by our own web site. In addition, some cookies are third-party cookies. Third-party cookies are stored to these service providers’ use.
You can read more information about cookies from the Finnish Transport and Communications Agency’s Traficom website.
- Provide you with the most interesting content.
- Make our websites easier and faster to use.
- Provide a secure online environment.
- Carry out marketing activities.
- Provide a better customer experience online.
- Monitor the use of our website.
- Follow the analytics of our website.
We do not use the information to identify individuals.
What kind of cookies do we use?
We have divided cookies based on the purpose of their use.
- Necessary cookies are required to provide core functionality. The website won’t function properly without these cookies. Necessary cookies are enabled by default and cannot be disabled.
- Analytical cookies help us improve our website by collecting and reporting information on its usage.
- Marketing cookies are used to track visitors across websites to allow publishers to target relevant and engaging marketing.
The cookies used on our website are listed on the cookie settings. You can access the settings by clicking the wheel icon at the bottom left of the page.
You can also clear or block cookies and other monitoring by changing your browser settings or stopping the use of the website.
If you do not want cookies to be stored on your device, you can adjust your browser settings to refuse to accept cookies (so-called incognito or private browsing setting). This action can be taken either before or during the use of the services. For mobile devices, you can also adjust the settings for your device and applications in terms of tracking features.
You may block the targeting of third-party advertising entirely or on a company-specific basis through Your Online Choices.
However, stopping cookies may cause deficiencies in some functionality of the site and is therefore not recommended.
Our services include so-called social plug-ins, such as Facebook, Twitter, YouTube, LinkedIn or Instagram. Social plug-ins are integrated into our services, but their functionality and content come from a third party. Some social plug-ins may also allow third parties to collect information about your use of the Services if the user is logged in to that service. If the user is logged out or if the user does not have a user account for that service, the user’s browser / device will send more limited information.