Registry and Privacy Statement

This is Delva Oy’s Privacy Statement, according to the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Registry and Privacy Statement. Prepared on August 30, 2018. Last modified on October 29, 2018.

1. The owner of the register

Delva Oy, Vankanlähde 7, 13100 Hämeenlinna
Business ID 2831015-8

2. Contact person responsible for the register

Jarmo Kastell
+358 50 314 3487

3. Name of the register

PipeDrive customer register

4. Legal basis and purpose of the processing of personal data

We collect, store and process information about customers, suppliers and staff personal data for pre-defined purposes. We also make sure we always have at least one legitimate ground for treatment exists. Complies with the general EU data protection regulation the legal basis for the processing of personal data is a customer relationship or other material connection legitimate interest of the undertaking.
Personal information is used by Delva Oy:
• To manage, manage and maintain existing and potential customer relationships and development
• To produce, provide and develop services
• For information and marketing of services and events
• To manage training and courses
• Business planning and development
• Market research and the collection of customer feedback and customer satisfaction data and reporting
• Targeting communications and marketing
• To fulfill legal obligations
• Human resource management

The data is not used for automated decision making or profiling.

5. Information content of the register

We collect and process virtually only our customers, suppliers and
personal information related to the contact persons and personnel of our subcontractors. We collect this information mainly from the person himself. In addition, information is generated and collected during the customer relationship, which concern mainly the company, not the persons.

Typical data to be stored in the register are:
• Name of the company
• The name of the person
• Job title or job description
• Mobile phone
• Department / function
• Categories such as points of interest (used in marketing)
• Work email
• Information about the ordered services / products and their changes
• Billing information
• Other information related to the customer relationship and the services ordered
• Marketing consents / prohibitions

6. Regular sources of information

The information stored in the register is obtained from the customer e.g. messages sent via web forms, by e-mail, telephone, social media services, contracts, customer meetings and other situations in which the customer discloses their information.

7. Regular transfers of data and transfer of data outside the EU or the ETA

The information is not regularly disclosed to other parties. Information may be published to the extent so has been agreed with the customer. PipeDrive’s own Terms of Service and Privacy Policy are also part of this and fulfill the obligations imposed by the EU and the ETA.

8. Registry Security Principles

The register is handled with care and with the information processed by the information systems adequately protected. When registry information is stored on Internet servers, their hardware physical and digital security are adequately addressed. The registrar takes care that the data stored as well as server permissions and other personal information Security-critical information is treated confidentially and only by their employees whose job description it belongs to.

9. Right of inspection and right to request correction of information

Every person in the register has the right to check the information stored in the register and to demand it correcting any incorrect information or supplementing incomplete information. If a person wants to check or request the correction of the data stored about him, the request must be sent in writing to the controller. If necessary, the controller may ask the applicant to testify their identity. The controller is responsible to the customer in accordance with the provisions of the EU Data Protection Regulation time (usually within one month).

10. Other rights related to the processing of personal data

A person in the register has the right to request the deletion of personal data concerning him or her from the register (“the right to be forgotten”). Data subjects also have other rights under the EU’s general data protection regulation, such as restrictions on the processing of personal data in certain situations. Requests must be sent in writing to the controller. The registrar may request if necessary the applicant to prove his identity. The registrar is responsible to the customer for the EU within the time limit set by the Data Protection Regulation (generally within one month)