What data are we collecting?
Groups whose data Lyyti can process are contact persons of the Lyyti’s current or past customer organisations, persons with connections to the Lyyti, participants of Lyyti’s own events, or persons who have consented to receiving marketing communication.
The register may contain data from following information categories relevant to the purpose of the use of the register:
- Basic information such as name and contact details (address, email address, telephone number)
- Information relating to the customer relationship such as information on orders or appointments, possible direct marketing permits and prohibitions, and other communications between the parties, and related information.
- Transaction information from the Lyyti’s website on different websites, information on behavior on websites and other related category information, participation in events, contacts made with customer service, contacts made with other Lyyti employees and services, and information related to subscribing to the newsletter.
We generally collect data from following sources:
- information provided by customer
- Lyyti-service user information
- user and transaction information on websites, blogs and newsletters (cookies)
- companies and authorities offering personal information services
Where and why do we process personal data?
Personal data is used for orders, credits, billing, recovery, contacts, transactions, customer enquiries, service development, reporting, marketing, and other customer relationship management measures.
Purchasing, transaction and location information in the filing system can also be used for profiling and targeting marketing activities and customer communications to make them more interesting and relevant to the registered. Personal information is also used when sending newsletters, or when people attend events and other marketing activities.
The data in the register is processed based on the customer relationship between Lyyti and customers, according to mutual agreement and/or explicit consent.
How is my data stored?
The data is technically protected. Physical access to data is blocked by access restrictions, as well as other security measures. Access to the data requires adequate access rights and multi-stage identification. Unauthorised access is also prevented by firewalls and technical protection. The filing system information can only be accessed by the controller and by specially designated technical persons. Only designated persons have the right to process and maintain the filing system information. Persons are bound by professional secrecy. The filing system is backed up safely and can be restored as needed. The level of secrecy is audited at recurring intervals either by external or internal auditing.
Personal data is stored at least for as long as the customer relationship lasts or as long as it is necessary for purposes represented in this policy. In addition to that we can store some data longer, for example when the law obligates.
Who is processing my personal data?
Filing system information can be shared within the Lyyti group and with Lyyti Oy's subcontractors.
Lyyti Oy can also outsource the processing of your personal data to companies outside the enterprise which may also be in countries outside the European Union and the European Economic Area, such as the United States of America. These companies can process personal data to provide, for example, IT services, or other services. In such cases, sufficient data security and the handling of the filing system are taken care of by contract using templates approved by the EU Commission.
The registered person’s right
Rights of the registered are:
- right to check personal data in the register
- right to ask for correction, update or removal of personal data
- right to refuse or limit processing of personal data
- right to transfer personal data to another system
- right to obtain a copy of personal data
When we process your personal data based on consent, you have the right to cancel the consent you have given at any time.
How can I regulate the use of my data?
When you want to use your rights as registered, please direct a written request to the controller (firstname.lastname@example.org). The request has to be individualized in a sufficient way in order for it to be processed.
If you feel that processing of your personal data is not up to standard, you have a right to complain to the national data protection authority.