Your privacy is important to us. This Privacy Notice includes information required by Articles 12-14 of the EU General Data Protection Regulation (GDPR) and explains what personal data Automous Oy (“Automous”) processes about you, why we process it, and how we use it.
This Privacy Notice covers how we collect and use your data when you:
Automous Oy, Business ID 3406041-5, with registered address Otakaari 5 A, FI-02150 Espoo, Finland is the data controller (“Data Controller”) for visitors and users of our website and subscribers to our marketing communication and in relation to a (prospective) customer, partner or supplier. Automous does not belong to a group of companies.
To exercise your rights as the Data Subject (“Data Subject”) pursuant to the GDPR or if you have any questions about this Privacy Notice, you can contact Automous Oy / Privacy Matters by using the contact form on our website.
In certain cases, Automous transfers your data to third-party service providers (including contractors and designated agents) for processing as outlined hereinafter in section “Transferring data to third-party processors”.
Our third-party service providers and other entities are required to take appropriate security measures to protect your personal data. They act as processors and process data on behalf of Automous as the Data Controller, but they are not permitted to process your personal data for their own purposes.
Please note that Automous does not use automated decision-making in its operations concerning the Data Subjects and does not process personal data with the help of artificial intelligence. Automous as the Data Controller collects and processes the following personal data for the purpose stated in the following table:
| Purpose of the processing | Personal data processed | Legal basis for processing (GDPR) |
|---|---|---|
| Advertising and targeting of the Data Controller's services and events in the Data Controller's own and other internet and mobile media, services and applications; direct marketing and its targeting by phone, letter, email, text message and other electronic means; conducting opinion and market research, organising marketing competitions and other events; |
|
The Data Controller's legitimate interest in conducting business and marketing its services (Article 6(1)(f)) |
| Providing a newsletter |
|
|
| Organizing events and informing Data Subjects about events in the media, on the Internet, or social media and updates about the mission and achievements of Automous |
|
|
| Provision or acquisition of services between the Data Controller and the Customer; management, maintenance, development of customer or other relationships (e.g. planning and development of services; disruption and other notifications by letter, telephone, email, text message or other electronic means, customer communication and communication, feedback, customer satisfaction and other customer surveys and surveys, and other communication between parties) |
|
|
| Conclusion of a contract and establishment of a contractual relationship (e.g. inquiries, offers, and responding to them, contract negotiations, and documentation of the above actions) |
|
|
| Performing the Data Controller’s and Data Subjects' statutory duties and other statutory duties of the Data Controller |
|
|
Automous as the Data Controller may transfer personal data of the Data Subjects to the following parties, which process the data as independent data controllers in accordance with their own privacy notices:
| Transferee | Purpose of the transfer |
|---|---|
| Companies belonging to the same Group as the Data Controller | Implementation of the purposes of the register, e.g. providing services, managing customer relationships and marketing |
| Legal advisors and auditors of the Data Controller | Performing legal engagements and auditing |
| Authorities, e.g. Financial Supervisory Authority, Police, Enforcement Authority, Tax Administration | Implementation of the authority's statutory right of access to information |
Personal data shall not be disclosed to other parties without the consent of the Data Subject, except if it is required for the fulfilment of the Data Controller's legal obligations, in connection with legal proceedings, at the request of authorities or as part of business arrangements.
Automous as the Data Controller has the right to use subcontractors for processing personal data in accordance with this Privacy Notice. In such a case, personal data may be transferred to subcontractors to the extent required for the implementation of the subcontractor's services. Each subcontractor processes personal data only to the extent required for the performance of the subcontractor's tasks. Subcontractors process personal data on behalf of the Data Controller in accordance with the Data Controller's instructions. Subcontractors are bound by agreements with the Data Controller on the processing of personal data, including terms and conditions ensuring confidentiality and data security.
The Data Controller uses subcontractors for the following purposes:
| Subcontractor or subcontractor group | Task |
|---|---|
| IT helpdesk agencies | Responsive customer support |
| ICT suppliers | Telecommunications services, other electronic messaging services, information security services, information system services |
Automous shall not transfer your personal data outside the European Economic Area (EEA). Our external service providers processing (prospective) customer’s, partner’s or supplier’s personal data are based in the European Economic Area (EEA) so their processing of your personal data will not involve a transfer of data outside the EEA.
At Automous, we take appropriate technical and organizational measures to protect your data that are consistent with applicable data protection and data security laws and regulations. Your data is encrypted in our systems and password-protected, and only appropriate personnel have access.
Your data may be processed in IT systems not hosted by Automous, such as common cloud service providers. We always ensure that these systems offer an appropriate level of security, confidentiality, and data protection. We do not share your data with any other third party and we do not sell your data to anyone.
We keep your data only for the period necessary for the purposes for which it was obtained. As a general rule and default retention period, personal data provided directly by you is stored for 24 months from its collection.
If you are a (prospective) customer, a partner, or a supplier, we only retain your information for as long as is necessary for us to use your information to manage our (pre)contractual relationship. However, please be advised that we may retain some of your information after you cease to be a customer, a partner, or a supplier, for instance, if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
| Personal Data collected | Retention period |
|---|---|
| Information collected on the basis of consent | As long as the consent given by the data subject is valid. |
| Call and remote conference recordings | 12 months from the date of storage. |
| Other Electronic Services Usage Data | Up to 5 years after the end of the customer, supplier or other relationship between the Data Controller and the company or after the Data Controller has been informed that the Data Subject is no longer employed by the company. |
| Basic Information and Marketing Information collected for example through the website contact form | For the duration of the (prospective) customer, partner, or supplier relationship and 24 months after the (prospective) customer, partner, or supplier relationship has ended, unless the Data Subject has prohibited the processing of data. |
| Anonymized data | Data from which a person is not personally identifiable may be stored permanently. |
| Backups | In accordance with the Data Controller’s default retention and deletion periods. |
| Other personal data | Up to 24 months after the end of the customer, supplier, or other relationship between the Data Controller and the company or after the Data Controller has been informed that the Data Subject is no longer employed by the company. |
You as the Data Subject have the right to:
When the processing of personal data is based on legitimate interest, you as the Data Subject have the right to object to the processing of your data on grounds related to your personal special situation. In connection with the request, the Data Subject must specify the specific situation on which the objection is based.
If you as the Data Subject have provided your personal data to the Data Controller and the processing is based on consent or a contract, you have the right to receive this data in a structured, commonly used and machine-readable format and the right to transfer the data to another Data Controller in accordance with the applicable legislation.
You as the Data Subject can use the above-mentioned Data Subject rights by sending a request concerning yourself in writing or via the contact form on our website to the Data Controller (contact details are presented at the beginning of this Privacy Notice). If necessary, the Data Controller may ask you to specify the request in writing and prove your identity.
If you believe that your personal data is not processed in accordance with privacy law, you can also lodge a complaint to the local supervisory authority. In Finland, the supervisory authority for data protection is the Office of the Data Protection Ombudsman (www.tietosuoja.fi).
Automous reserves the right to amend this Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended privacy notices on our website. You are responsible to review our Privacy Notice from time to time for any amendments.
Our website may include links to third-party websites, plug-ins and applications. Using these by e.g. clicking on such links or enabling such connections may allow third parties to collect or share data about you. We do not have control over third-party websites and are not responsible for their privacy notices or policies. If you leave our website, we advise you to review the privacy notices of websites that you may visit.
Book a demo, ask for information, request a proposal - or just send regards via this contact form
You are welcome to follow us on LinkedIn: @Automous
Our office is at Otakaari 5 A, 02150 Espoo, Finland Map
Business ID: 3406041-5 | VAT ID: FI34060415