Version 3, last updated 18 March 2020
Version 3, last updated 18 March 2020
This Privacy Statement informs why and how Dispelix Oy (“Dispelix”) collects, uses or shares personal data and what rights Users have. The Users can be representatives of business customers or suppliers, potential business contacts or internet users visiting the website (together hereinafter “Users”).
This website may contain links to websites and services of third parties. These websites or services are subject to their own privacy statements. Dispelix does not take any responsibility of third parties’ privacy statements or processing of personal data in third parties’ operations. Please pay attention to their respective privacy statements and subsequent changes to them.
1. Data Controller
The data controller in accordance with the applicable data protection law is Dispelix Oy.
In Dispelix, the primary contact person is:
Privacy Contact Person
2. Legal Basis and Purpose of Processing Personal Data
Dispelix processes personal data of the Users for various purposes, which are explained below.
2.1 Business operations
Dispelix processes Users’ personal data for the following purposes:
- to provide and deliver products to business customers;
- to buy products and services from suppliers; and
- to communicate with Users.
Primarily, the legal basis for processing Users’ personal data is the performance of the contract, including processing needed prior to entering into the business relationship.
Users’ personal data can be used for marketing purposes. In this respect, the processing is based on Dispelix’ legitimate interest to provide Users with relevant and up-to-date information as part of the website and business relationship. The processing is based on Dispelix’ legitimate interest to promote its existing and new products.
Users should refer to section 7 below for further information about marketing communications and Users’ rights in this respect.
2.3 Information security
Dispelix processes technical data, including some personal data for information security purposes and fraud prevention. Dispelix maintains information security measures to safeguard business information and business assets, to protect personal data, to avoid criminal activities and to ensure the availability of the website. This processing is based on Dispelix’ legitimate interest to ensure an appropriate level of network and information security.
3. Collection of Personal Data
Dispelix processes the following categories of personal data for purposes listed above:
- Basic information about the User, such as name, email address and phone number;
- Basic information about the User’s employer, company name, address, email address and phone number;
- Information relating to business relationship, such as products ordered, starting and end time of business
- Billing information, such as account numbers, payments made and outstanding and bills delivered;
- Reasons for contacting Dispelix and details related to contact;
- Customer communications; and
- Surveys and competitions participated in (if any).
Dispelix automatically collects and processes the following technical data about the User and the use of website:
- IP address, device ID, device type, operating system used and application settings;
- User activity such as pages viewed and items ‘clicked’ on;
- timestamps and log data relating to the use of the website; and
- location/country of origin.
This technical data is collected automatically through the use of website.
Dispelix does not process Users’ special categories of personal data (sensitive data).
4. Sources of Personal Data
As a rule, personal data is collected directly from the User in connection with the business relationship or website activity. However, Dispelix may, from time to time, also collect information from publicly available sources and third parties, such as marketing companies.
5. Disclosure of Personal Data
Dispelix may disclose User’s personal data to the following third parties:
- when permitted or required by law to comply with requests by competent authorities, such as requests by tax authorities, law enforcement authorities and other authorities;
- trusted services providers, such as distributors, IT service providers and marketing service providers for the purposes listed above; and
- if Dispelix is involved in a merger, acquisition, or sale of all or a portion of its assets.
6. Transfer of Personal Data Outside EEA
Users’ personal data may be transferred outside the EEA by our service providers. When personal data is processed outside the EEA, we make sure that the service provider has committed to use the EU Commission’s standard contractual clauses and/or is covered by the Privacy Shield. Further, Dispelix Group operates in Finland and in the US, and data can be transferred between Dispelix Finland and Dispelix US. Such transfers are governed by the EU Standard contractual clauses.
7. Marketing Communications
When a User provides Dispelix with contact details, for example, in connection with a sale of product, contact Dispelix’ customer service, participate in survey, Dispelix may use User’s personal data for marketing purposes and to promote its latest products. Users are given the opportunity to opt-out of receiving marketing communications from Dispelix.
Dispelix may provide a User with product updates, newsletters and other communications about existing or new products by email. A User may unsubscribe at any time by clicking on the “unsubscribe” link located on the bottom of emails.
7.2 Statistics and segregation
Dispelix may create User group profiles or segment data for the purpose of creating aggregated statistics about the use of website, products, such as to estimate number of Users, viewed pages, email reads and detect which parts of the website the Users find most useful, to identify features that could be improved and to provide context based advertising to User groups. Data collected for these purposes is not used to identify a particular User but to analyse how the Users in general or User groups use the website.
7.3 Targeted advertising
When Dispelix collects or uses information about a User’s web browsing for e-marketing purposes, the User has the right to object to this at any time by contacting Dispelix. Regarding to the right to object please refer to section 9 below for further information.
8. Retention of Personal Data
The personal data will be retained only for as long as necessary to fulfill the purposes defined in this Privacy Statement. After that personal data will be removed except when retention is required by applicable law or rights or obligations by either party.
Here are the main rules for the retention periods:
- Personal data regarding business customers and suppliers will be retained during the business relationship and after that as long as necessary or required by law or rights or obligations by either party, for example for billing purposes; and
- Dispelix will delete or anonymise data used for marketing purposes after three years has lapsed from last contact between the User and Dispelix, unless data retention is required by law or rights or obligations by either party. Should a User have a concern about data retention for marketing purposes, User should refer to Section 9 for further information about Users’ rights in this respect.
9. Privacy Rights
Users have the following rights:
- The right to request access to personal data about himself/herself;
- The right to request rectification, restriction or erasure of personal data. However, please note that certain
information is strictly necessary in order to fulfil the purposes defined in this Privacy Statement and may also be required by law. Therefore, the deletion of such data may not be allowed by the applicable law, which prescribes mandatory retention periods;
- The right to object for processing based on legitimate interest of Dispelix;
- The right to object to processing for marketing purposes and opt-out of receiving future direct marketing;
- The right to withdraw consent at any time when the processing is based on consent. The withdrawal will not
affect the lawfulness of the processing carried out before the withdrawal; and
- Users have a right to data portability, i.e. right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law. This applies for personal data processed based on contract or consent.
- Users have a right to file in a complaint to the national data protection authority in the EEA.
Please send above-mentioned requests to Dispelix at email@example.com.
Dispelix maintains reasonable security measures, including physical, electronic and procedural measures, to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, Dispelix limits the access to this information to authorized employees who need to know that information in the course of their job description and third party service providers who may only process data in accordance with instructions provided by Dispelix.
Please be aware that, although Dispelix endeavours to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.
11. Contact Dispelix
For requests regarding our Privacy Statement or personal data Dispelix holds about the User in question, please contact Dispelix by email at firstname.lastname@example.org.
12. Changes to this Privacy Statement
Dispelix may amend this Privacy Statement and the related information. Dispelix recommends that the Users regularly access the Privacy Statement to obtain knowledge of any possible changes to it. Dispelix will inform Users of possible changes by using reasonable and available channels.