1. Data controller
Third Rock Finland Oy (2758301-5)
Eteläinen Makasiinikatu 4
00130 Helsinki
2. Person responsible for the register data
Leo Stranius
3. Name of the register
Third Rock’s customer register
4. Grounds for and purposes of processing personal data
The processing of personal data is based on Third Rock’s legitimate interest. The information collected from customers is used for customer relationship management and marketing purposes.
5. Data content of the register
The information collected from customers is necessary for customer relationship management and marketing purposes, such as contact names and contact details, ordering and billing information.
More specifically, the following information is collected from customers and their contact persons:
– Name
– E-mail address
– Telephone number
– Organisation and position
– Organisation details
– Business ID
– Order details
– Offer details
– Billing information
– Contact details
In addition, customer contact information is collected in a marketing register, where company and contact details are stored.
6. Regular data sources
The contact and customer relationship data contained in the register is obtained at the time the customer relationship is established and during its lifetime. Personal data may be collected and updated from publicly available public sources.
7. Principles for the protection and onward transfer of register data
Access to the data is granted to those persons employed by Third Rock and its subsidiaries and subcontractors (e.g. accounting, billing, mailing, etc.) whose work requires the processing of the data. We have ensured that all our service providers comply with data protection legislation. Employees who process customer data are bound by confidentiality obligations. Data is protected in an appropriate way: computers and systems are protected by technological solutions. Data is not passed on to third parties.
8. Transfer of data outside the European Union or the European Economic Area
Third Rock uses the HubSpot service for the maintenance of the customer data register. HubSpot operates outside the EU in the United States, but is part of the EU-US Privacy Shield certification company listing, meaning they comply with the EU Data Protection Regulation. The HubSpot service maintains the user data mentioned in section 5. information collected from customers. You can read the HubSpot privacy policy on the company’s website: legal.hubspot.com/privacy-policy.
Personal data will not be transferred outside the EU and the European Economic Area (excluding the HubSpot service mentioned above).
9. Rights of the data subject
The data subject has the right, in accordance with the applicable data protection legislation, at any time:
– to be informed of the processing of their personal data;
– the right to know what data relating to him/her are recorded in the register;
– to obtain the rectification of inaccurate or incorrect personal data and the completion of the data;
– request the erasure of his or her personal data.
The data subject must submit a request to exercise the above rights by e-mail or in writing to the company’s head office. The controller may refuse to execute the request on the grounds provided for by the applicable law.
10. Data retention period
The personal data contained in the register will be kept for as long as necessary to fulfil the purpose for which they were collected in accordance with this Privacy Policy.
11. Deletion of data
The data subject has the right to object to the controller processing data relating to him/her for the purposes of the marketing register. Such an objection may be made at any time by e-mail to [email protected] or in writing to the registered office of the company.
The data in the register may be deleted at the request of the person concerned, insofar as their retention is not based on a contractual relationship or a legal obligation. The request may be made by e-mail to [email protected] or in writing to the registered office of the company.
12. Changes to this policy
Third Rock may make changes to this Privacy Policy and related information. Third Rock recommends that data subjects review this Privacy Policy periodically to be aware of any changes that may be made to it.
This Privacy Policy was last updated on September 1, 2021.