This privacy notice (“Privacy Notice”) shall become effective as of 11 November 2022.
The ARKhives Oy (“ARKhives”, “us” or “we”) is a personal data controller under the EU General Data Protection Regulation (2016/679, “GDPR”) and ARKhives is responsible for deciding how to use and store personal data about you. We value your privacy and the security of your personal data. On this Privacy Notice you may find out how we process personal data concerning our users (natural person), the representatives/contact person of our users and potential users, suppliers and other business partners (“Business Contacts”), event participants, as well as the visitors of our website (“Website Visitors”) http://www.thearkhives.com (“Website”).
What are the purposes and the legal basis for processing your data?
- To provide our services to our clients and to fulfil our contractual obligations;
- to maintain and develop our business;
- to administer and fulfil our legal obligations, including KYC and AML requirements, bookkeeping obligation and providing information to tax authorities; and
- to communicate with you and to market our services.
Legal basis: Contract (GDPR 6.1(b)); data controller’s legitimate interest (GDPR 6.1(f)); or Legal obligation (GDPR 6.1(c)) .
- For the arrangement of our events, including necessary communications relating to such events, e.g. sending event invitations;
- personal data collected from events will be used for marketing of our services; and
- photos taken at the event may also be used in marketing materials.
Legal basis: Data controller’s legitimate interest (GDPR 6.1(f)); or consent (GDPR 6.1(a))
When choosing to use your data on the basis of our legitimate interests, we always use the balance test to weigh our interests against your interests or fundamental rights and freedoms. If you would like to obtain information on the balancing test regarding the legal basis for data processing, please contact us by using the email address provided in this Privacy Notice.
What information do we process?
Business Contacts and Event participants Data
We may process the following data relating to you:
- name, phone number, email address, address
- organisation and title
- date of birth
- correspondence between ARKhives’ personnel and you
- information relating to meetings between ARKhives’ personnel and you
- information relating to the assignments
- details of contracts, including invoicing and billing information
- information relating to your participation to our events, including dietary preferences (Event participants only)
- photos taken at our events (Event participants only)
- information regarding any direct marketing prohibition
- origin of the information
We may process the following data when you visit our Website:
- IP address
- device ID and/or other device identifier
Where do we collect your personal data?
We usually collect personal data directly from you or other personnel of your employer. Sometimes, we also collect and update your contact information from public sources, such as search engines, public registers and social media sites.
Who are we going to disclose or transfer your personal data?
We may share personal data with processors that provide services to us, such as accounting firm, and with other third-party organisation for other legitimate reasons such as mergers & acquisitions. In addition, if the laws, regulations or other obligations so require, we may disclose information to authorities to fulfil our legal obligation or for legal processes. If we need to share personal data with third parties outside ARKhives for other reasons than the ones mentioned above, we will only do so when we have your consent. You have the right to withdraw this consent at all times.
All personal information processed or disclosed by us will be in accordance with GDPR and other applicable laws, and we will only engage service providers that agree to process personal data in accordance with the said laws.
Are we going transfer your data outside the EEA?
We do not normally transfer your personal data to recipients in countries outside the EEA. If we need to transfer your personal data outside the EEA, we will do so in accordance with GDPR and other applicable law, such as using the approved standard contractual clauses.
How long are we going to keep your data?
We keep your personal data as long as necessary for the purposes for which your personal data has been collected, for complying with our statutory obligations or for our legitimate interests. The data shall thereafter be destroyed unless legal basis for their continued processing remains.
How do we protect your data?
We have used appropriate administrative, organisational, technical and physical safeguards to protect personal data we collect and process from loss, misuse, alteration, or destruction, including: access control, firewalls, and password arrangements. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data.
Only authorised personnel of ARKhives are provided access to electronically or manually stored personal data, and these employees are required to treat this information as confidential.
Whenever a security breach that is likely to have negative effects to your privacy occurs, we will inform you as well as relevant authorities about the breach as soon as possible in accordance with the applicable law.
Our main rule is not to disclose your information to any third parties. However, if the laws, regulations or other obligations so require, we may disclose information to authorities. In certain circumstances, we may disclose information to a third party if we have agreed with you on doing so.
As a data subject you have the following rights which may be restricted according to the GDPR and other applicable legislation. You may exercise these rights by contacting ARKhives by e-mail using the contact information provided in this Privacy Notice:
- the right of access
- the right to rectification
- the right to erasure
- the right to restriction
- the right to portability
- the right to object
- the right to object to processing for direct marketing purposes
- the right to lodge a complaint with the Finnish supervisory authority: Tietosuojavaltuutetun toimisto (Office of the Data Protection Ombudsman), Ratapihantie 9, 00520 Helsinki, firstname.lastname@example.org
Updates of our Privacy Notice
We review and update our Privacy Notice on a regular basis. The date of the latest version of the Privacy Notice can be found on the top of this Privacy Notice.
Should you have questions relating to our data protection policies or need any assistance, please feel free to contact us:
Controller: The ARKhives Oy
Controller’s address: Linnoitustie 6, 02600 Espoo, Finland