Lyyti Privacy Policy

Data that can be used include contact persons of the controller's current or past customer organisations, persons with connections to the controller, participants of Lyyti events, or persons who have consented to receiving marketing communication.

The register may contain data from following information categories relevant to the purpose of the use of the register:

• Basic information such as name and contact details (address, email address, telephone number) of the controller's current or past customer organisations as well as their contact persons’ name and contact details.
  
  
• Information relating to the customer relationship between the controller and the registered persons, such as information on orders or appointments, possible direct marketing permits and prohibitions, and other communications between the parties, and related information.
  
  
• Data, including the first and last name, address, contact details, date of birth, position, employer, gender, mother tongue, username and password of a person registered in the controller’s Lyyti service or its ancillary service, or information obtained through the application and the various functions contained therein, such as location and information the user has provided in the application. 
  
  
• Transaction information from the controller’s website on different websites, information on behavior on websites and other related category information, participation in events, information entered for events, contacts made with customer service, contacts made with other Lyyti employees and services, and information related to subscribing to the newsletter.
  
  
• First and last name of the person registered for the event, as well as possible contact details and information provided on the event. Registration information provided by the registered person may include the following: email address, phone number, address, birth date, allergy information, passport number or personal ID.
  
  We generally collect data from following sources:
• information provided by the customer
• customer data system and billing database
• user and transaction information on websites, blogs and newsletters
• Information on customer relationship management and customer service systems
• partners
• companies and authorities offering personal information services

Personal data is used for orders, credits, billing, recovery, contacts, transactions, customer enquiries, service development, reporting, marketing, and other customer relationship management measures.

Purchasing, transaction and location information in the filing system can also be used for profiling and targeting marketing activities and customer communications to make them more interesting and relevant to the registered. Personal information is also used when sending newsletters, or when people attend events and other marketing activities.

The data in the register is processed based on the customer relationship between Lyyti and customers, according to mutual agreement and/or explicit consent.

The data is technically protected. Physical access to data is blocked by access restrictions, as well as other security measures. Access to the data requires adequate access rights and multi-stage identification. Unauthorised access is also prevented by firewalls and technical protection. The filing system information can only be accessed by the controller and by specially designated technical persons. Only designated persons have the right to process and maintain the filing system information. Users are bound by professional secrecy. The filing system is backed up safely and can be restored as needed. The level of secrecy is audited at recurring intervals either by external or internal auditing.

Personal data is stored at least for as long as the customer relationship last or as long as it is necessary for purposes represented in this policy. In addition to that we can store some data longer, for example when the law obligates.

Filing system information can be shared within the Lyyti group and with Lyyti Oy's subcontractors.

Lyyti Oy can also outsource the processing of your personal data to companies outside the enterprise which may also be in countries outside the European Union and the European Economic Area, such as the United States of America. These companies can process personal data to provide, for example, infrastructure and IT services, or other services. In such cases, sufficient data security and the handling of the filing system are taken care of by an EU-U.S. - Privacy Shield arrangement, or by contract using templates approved by the EU Commission.

Rights of the registered are:

• right to check personal data in the register
• right to ask for correction, update or removal of personal data
• right to refuse or limit processing of personal data
• right to transfer personal data to another system
• right to obtain a copy of personal data
  
  When we process your personal data based on consent, you have the right to cancel the consent you have given at any time.

When you want to use your rights as registered, please direct a written request to the controller (help@lyyti.com). The request has to be individualized in a sufficient way in order for it to be processed.

If you feel that processing of your personal data is not up to standard, you have a right to complain to the national data protection authority (https://tietosuoja.fi/en/home).

Lyyti Oy reserves the rights to change this privacy policy.