Data protection of the client and marketing register
Table of contents
Why and on what basis we process personal data
We process personal data for the following purposes:
- client and account management
- marketing communications and direct marketing
- In order to maintain our client relationships, we may send customer communications emails concerning the services or training purchased.
- We may send marketing emails if we have your consent (permission for online direct marketing). You can unsubscribe from marketing emails at any time through the link in the email.
- We may call you or send direct marketing by mail without separate permission. If you do not want to be contacted by mail or phone, please contact us.
- We send email newsletters to which you can subscribe according to your interest. You can unsubscribe from these newsletters through the link in the newsletter.
- We may also target advertising through the social media channels on the basis of your personal information. If you have given your consent for online direct marketing, we may transfer your personal information to social media companies, such as Meta and LinkedIn. You can unsubscribe the online direct marketing permission at any time through the link in the email.
- opinion polling and market research and other personalised mailing
- client segmentation
- targeting of online sales, marketing and client communications
- creation of personalized targeted content online
The legal bases for the processing of personal data are
- Consent (Article 6, Section 1(a) of the GDPR) when you consent to your personal data being processed, such as by subscribing to a newsletter or providing a direct marketing permit.
- Contract (Article 6, Section 1(b) of the GDPR) when you are a client of the Finnish Institute of Occupational Health, such as when buying a product or service.
- Legal obligation (Article 6, Section 1(c) of the GDPR) when the processing is related to the Finnish Institute of Occupational Health complying with its statutory obligations, such as the Accounting Act.
- Legitimate interest (Article 6, Section 1(f) of the GDPR) when we process personal data for a purpose such as managing a client relationship, statistical purposes or direct marketing. The legitimate interest consists of the client relationship between the controller and the data subject. We have estimated that we can use a legitimate interest as a basis for processing. For example, we can communicate with you about our activities.
What personal data we process
Typical processed personal data includes
- Contact information: name, language, phone number, email address, mailing address, profession/title, company information, position in the company, interests as provided by the client or potential client
- Data on the client relationship: client organization name, delivery address, billing address, Business ID, client group, sector, VAT group, payment term, client classification, company language, currency, sales area, foreign client VAT identifier, telephone number, website address, online store user name, visits and meetings
- Client event, agreement and product data: information on the purchase of products or services, tenders and agreements, deliveries, payment methods, as well as information on attended training courses
- Provided permits and issued bans: direct marketing permits and bans as well as information on newsletter subscription
- Behavioural data: data on a person’s behaviour in our online services, information regarding carrying out targeted measures and their results, data collected from opening e-mail messages and clicking on links in e-mail messages, other information necessary for contacting and targeting
- Chat discussions: their content, number, time and duration. Discussions are saved for the purposes of further development of our services and for statistical purposes. The chat includes a contact form that you can use to provide your contact information, if you wish.
- Technical identifying data: IP address, browser used, operating system, device model, cookies and other identifiers
How we obtain your personal data
The data is collected from our current and potential future clients’ themselves. Data collection happens in connection with orders, requests for offer, conclusion of an agreement or other form of contact. Data is also collected in various events, in connection with newsletter subscription, online purchases and registering for training, various services, marketing campaigns and competitions.
Data may be collected and updated through the Finnish Institute of Occupational Health information systems when the person registers to the services and uses them, as well as through the Finnish Institute of Occupational Health client register and the social media related to the controller’s activities.
Personal data may also collected from the authorities and companies offering services related to personal data.
Personal data can be collected via cookies.
For what purposes we disclose personal information
We use IT service providers that provide us with technical solutions for data processing. Personal data is processed in IT services suitable and secure for each type of data. The Finnish Institute of Occupational Health has an agreement with each IT service provider, and the terms and conditions for the processing of personal data have been defined.
As a rule, your personal data will not be disclosed to parties outside the Finnish Institute of Occupational Health or to our co-operative partners.
In connection with debt collection, we may provide personal data to a debt collection agency.
Companies that provide analytics and consultation services may be provided temporary login credentials to information systems that process personal data.
We may disclose personal data to parties conducting scientific research in accordance with the law.
We may disclose personal data to authorities as required by and in the ways permitted by law.
Do we transfer personal data outside the EU/EEA area
As a rule, we do not transfer personal data outside the EU/EEA area. Some IT service providers may constitute an exception, in which case data may be transferred outside the EU/EEA in accordance with the limitations posed by the data protection regulation.
How long we store personal data
We keep personal data for at least the duration of the client relationship or for as long as is necessary in order to comply with the objective of data processing and any legislative obligations. When the personal data is no longer needed in the defined manner, it is removed without undue delay.
Do we conduct automated decision-making or profiling?
We do not conduct automated decision-making with data of the client and marketing register. We use a person’s online behaviour for profiling in connection with targeted marketing communications.
What the provision of information signifies
Collection of personal data may be required in order to establish a client relationship with the Finnish Institute of Occupational Health.
You have several rights in regard to your personal data, which vary according to the situation. You can submit a request to the Finnish Institute of Occupational Health regarding your personal data either as a free-form request or using a form provided by the Finnish Institute of Occupational Health. Submit the request to the Data Protection Officer of the Finnish Institute of Occupational Health.
You may manage any marketing permits you have given and newsletters you have subscribed to at any time using the email messages. There is a link for managing this information at the end of every email message.
You can issue a direct marketing ban also by directly contacting viestinta(at)ttl.fi
Contact details of the controller and the Data Protection Officer
Finnish Institute of Occupational Health, P.O. Box 40, FI-00032 Finnish Institute of Occupational Health, switchboard +358 30 474 1
Finnish Institute of Occupational Health
Client and marketing register, bans on direct marketing viestinta(at)ttl.fi
The Data Protection Officer's phone number is +358 30 474 2429 and email tsv(at)ttl.fi
In the case of confidential matters, you may also send the Finnish Institute of Occupational Health a secure email message. You must have a valid email address and telephone number in order to communicate securely with the Finnish Institute of Occupational Health.
Send a secure email message to the Finnish Institute of Occupational Health
Contact information of the regulatory authority
The Data Protection Ombudsman’s Office is the data protection authority in Finland, which provides information on personal data processing and receives complaints.
Office of the Data Protection Ombudsman
Contact information of the Office of the Data Protection Ombudsman