Updated 26 August 2022
Utopia Analytics Oy (VAT ID: FI26411588), hereinafter referred to as “we”, respects your privacy. We provide services in relation to artificial intelligence (AI), text analytics and machine learning. We are committed to processing your personal data in accordance with the applicable data protection legislation. We kindly ask you to carefully read this document regarding processing of your personal data (“Privacy Policy”). The purpose of this Privacy Policy is to fulfill our obligation to inform you as a data subject regarding our personal data processing practices and your rights as the data subject. We reserve the right to reasonably amend this Privacy Policy.
For more information on how we may collect information about your use of the website through “cookies” and on our usage of web analytics services, please see our cookie policy in addition to this privacy policy.
Our website may also include links to third-party websites and services operated by other organisations. As they are not controlled by us, this Privacy Policy is not applicable to their use. Therefore, we encourage you to consult their privacy policies if you follow those links.
1. Contact information
Utopia Analytics
Data Protection Officer
Mikonkatu 6 C, 00100 Helsinki, Finland
dpo@utopiaanalytics.com
2. What personal data do we process, how do we receive it and for which purposes we process it? What is our legal basis for the processing of personal data?
We may process personal data as identified below considering our role either as the Data Controller or the Data Processor.
Type of personal data
Purpose of processing
Source of personal data
Our role
Legal basis for processing
Customer’s contact and communication data, such as company name, contact person, phone number, email address, position/role and personal data contained in messages between us and the data subject. We also collect meeting details and data necessary (e.g. specific interest/reference expressed by data subjects or observed by us) to tailor our offers and services to the customer.
Customer relationship management, fulfilling contractual obligations with the customer, invoicing and marketing of new services.
Data subjects themselves, public registers, company websites, data may be also obtained in course of business.
Data Controller
Legitimate interest of the data controller (communicating with customer, customer relationship management, marketing of new services), legal obligations, fulfilment of a contract.
Potential customer’s contact and communication data, such as company name, contact person, phone number, email address, position/role and personal data contained in certain messages between us and the data subject. We also collect and data necessary to tailor our offers and services to the potential customer.
Obtaining new customers, marketing
Data subjects themselves, public registers, company websites, our business partners, data may be also obtained in course of business
Data Controller
Consent of the Data subject, legitimate interest of the data controller (marketing our services and communicating with potential customer).
Job applicant’s data, such as name, address, phone number, employment background, academic history and other information the applicant provides in, for example, resume and cover letter.
Recruitment of employees
Data subjects themselves
Data Controller
Actions necessary prior to entering into employment contract, legitimate interest of the data controller( recruitment of the appropriate employee) consent.
Customer data,
such as text content of data moderated by us, user name, and other related content
Providing our services and fulfilling contractual obligations with our customer
Our customer
Data Controller
Contractual relationship with our customer and a data processing agreement with our customer whereas our customer is the data controller
Website visitor’s data, such as IP address and other observed data (see cookie policy)
Developing the website, marketing and ensuring that the website works properly and in secure manner
Personal data accumulated by website visits
Data Controller
Consent, legitimate interest of the controller (ensuring the security and functioning of the website)
Data of other persons contacting us, such as name, phone number, email address of the data subject, meeting/event details, personal data contained in certain communications between us and the data subject.
Answering to your enquiries and/or taking other necessary actions pursuant to your request
Data subjects themselves
Data Controller
Consent, legitimate interest of the controller (answering to your enquiries)
3. How long is personal data stored by us?
We will store your personal data for the period of time required for the purpose of processing listed above. However, we may store the personal data longer due to requirements arising from the Finnish Accounting Act or other similar legislation.
We store the customer data processed by us for the duration of the customer relationship and at maximum fifteen (15) months after.
We evaluate the necessity and accuracy of the personal data on a regular basis.
4. Where is your personal data located and transferred?
We aim to store your personal data within the European Union and European Economic Area (“EU and EEA”). However, certain personal data, due to systems and services used to support our business and providing our services, may be transferred outside the area of EU and EEA. In such case we make sure that one of the following instruments apply: (a) the personal Data remains located within a country recognized by the EU as providing an adequate level of protection for the personal Data (“Adequacy Decision”), (b) standard contractual clauses or a similar instrument in accordance with the applicable data protection legislation exist in case of transfer, or (c) binding corporate rules in accordance with applicable data protection legislation exist in case of transfer.
5. Who else may process your personal data and with whom we may share your personal data with?
Your personal data may be shared with and processed by our partners and subcontractors for the purposes of marketing, sales, accounting and invoicing as well as providing our services. In such cases we make sure that a data processing agreement exists between us and each of our partners or subcontractors together with one of the instruments defined under Section 4 above when needed.
We may also share personal data with third parties outside our organization if access to and use of the personal data is reasonably necessary to: (i) meet any requirements / obligations of applicable law, regulation, and / or court order or (ii) detect, prevent, or otherwise address crime or security issues.
6. Your rights as a data subject
As a data subject, you have the following rights for types of personal data listed above for which we are the Data Controller. Please send your request to our contact address. You may need provide a proof of your identification while we process your request.
- The right to access: You have the right to request copies of your personal data. We may charge you a small fee for this service.
- The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
- The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The right to withdraw consent: Where personal data processing is based on your separate consent, you have the right to withdraw your consent. The withdrawal shall not affect the lawfulness of processing based on consent performed before the withdrawal.
Please note that as a data subject you have always the option to request us to stop sending you marketing messages. Moreover, we shall on our own initiative delete, correct and complement any personal data which is discovered to be incorrect, unnecessary, incomplete or outdated for the intended purposes.
In the event we are the Data Processor, we advise you contact your data controller, who is a provider of the service in which you have been registered.
As a data subject you are always entitled to contact the data protection authorities in case of complaints. Further information is provided at www.tietosuoja.fi.