This ZenTreasury Oy’s (hereinafter ZenTreasury Oy may also be referred to as “we” or “us”) privacy policy describes our personal data processing activities as a controller (hereinafter “Privacy Policy”) for the categories of data subjects described in Section 3 below (hereinafter our data subjects may also be referred to as “you”).
This Privacy Policy contains our records of processing activities as the controller and is also a privacy notice from us to you of the ways we process your personal data. Thus, this Privacy Policy covers at least the information required in Articles 13, 14 and 30 of the EU’s General Data Protection Regulation (679/2016) (hereinafter “GDPR”).
NB! We also act as a processor for the personal data our customers disclose to us when they use our SaaS services. When we process personal data on behalf of our customers, we apply the practices that are described in Sections 14 and 15 below. In addition, we comply with the provisions of our Data Processing Agreement (found in: https://www.zentreasury.com/data-processing-agreement) or each relevant data processing agreement.
We may make changes to this Privacy Policy.
1) CONTROLLER
Name: ZenTreasury Oy
Business ID: 2762104-2
Address: Otakaari 5, 02150 Espoo, Finland
2) CONTACT PERSON
Name: Lars Nevalainen
Contact details: +358942468301, info@zentreasury.com
3) DATA SUBJECTS AND PERSONAL DATA |
4) PURPOSE FOR PROCESSING |
5) LEGAL BASIS FOR PROCESSING |
---|---|---|
Customers and potential customers:
|
Management and development of customer relationships | Contract |
Marketing | Our legitimate interest | NB! You have a right to opt-out of direct marketing each time we provide marketing to you.|
Affiliates and potential affiliates:
|
Management and development of affiliate relationships | Contract |
Marketing | Our legitimate interest | NB! You have a right to opt-out of direct marketing each time we provide marketing to you.|
Jobseekers:
|
Management of job applications and jobseeker relationships | Our legitimate interest | NB! You have a right forbid us from processing your personal data.
Compliance with legal obligations | Legal obligations | |
Persons who contact us, including social media contacts (e.g. persons who like our
Facebook-page)
|
Management of contacts | Our legitimate interest | NB! You have a right forbid us from processing your personal data.
6) REGULAR SOURCES OF INFORMATION
Data regarding the data subject are regularly gathered:
from data subjects;
by ZenTreasury Oy’s other affiliate companies; and
from the public sources such as websites, Population Register Center/Population Information System, Posti’s address database, phone companies’ databases and other similar private and public registries.
7) PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
Data subjects | Retention period |
---|---|
7.1) Customers | Necessary data shall be retained for a period of three (3) years following the end of customer relationship. |
7.2) Potential customers | Necessary data shall be retained for a period of three (3) years following collection of the data, if the data subject has not turned into our actual customers. |
7.3) Affiliates | Necessary data shall be retained for a period of three (3) years following the end of affiliate relationship. |
7.4) Potential affiliates | Necessary data shall be retained for a period of three (3) years following the first contact made, if the potential affiliate has not turned into our actual affiliate. |
7.5) Jobseekers | Necessary data shall be retained for a period of twelve (12) months following the first contact made, if the jobseeker has not turned into our employee. |
7.6) Persons who contact us (not including social media) | Necessary data shall be retained for a period of three (3) years following the contact. |
7.7) Social media contacts | Necessary data shall be retained for as long as the data subject deletes his/her data. |
7.8) However, we may retain only the necessary data of the data subjects for longer than is described above, where we are required to do so by law, it is necessary due to legal proceedings and it is necessary for any similar reason. We shall be careful not to apply this Section in vain.
7.9) We inspect the necessity of the personal data stored regularly and keep records of the inspections.
8) CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The recipients of personal data may consist of:
ZenTreasury Oy’s affiliates;
parties who offer data storage services;
parties who offer accounting and auditing services;
parties who help ZenTreasury Oy to fulfill its legal obligations; and
ZenTreasury Oy’s customers.
9) INFORMATION TRANSFER OUTSIDE OF EU OR THE EUROPEAN ECONOMIC AREA
We can transfer data outside the EU /EEA. When doing so, we ensure adequate safeguards for the data.
10) DATA SUBJECTS’ RIGHTS
The data subject has a right to use all of the below mentioned rights.
The contacts concerning the rights shall be submitted to the contact details stated in Section 2. The rights of the data subject can be put into action only when the data subject has been satisfactorily identified.
Right | Description |
---|---|
10.1) Right to inspect | Having presented the adequate and necessary information, the data subject has the right to know what, if any, data the controller has stored of her/him. While providing the requested information to the data subject, the controller must also inform the data subject of the controller’s regular sources of information, to what are the personal data used for and where is it regularly disclosed to. |
10.2) Right to rectify and erasure |
The data subject has a right to request the controller to rectify the inaccurate and
incomplete personal data concerning the data subject.
The data subject can request the controller to erase the personal data concerning the
data subject, if:
|
10.3) Right to restriction of processing | The data subject can request the controller to restrict the processing of the personal
data concerning the data subject where one of the following applies:
|
10.4) Right to data portability | The data subject shall have the right to receive the personal data concerning her/him, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or a contract. |
10.5) Right to object | Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where personal data are processed on the basis of our legitimate interests, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes. |
10.6) Automated individual decision-making, including profiling | The data subject shall have the right not to be subject to a decision based solely on
automated processing, including profiling, which produces legal effects concerning him
or her or similarly significantly affects him or her.
However, the data subject shall not have the aforementioned right if the decision is:
|
10.7) Right to withdraw consent | Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent. |
11) RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The complaint can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged infringement.
12) COOKIES
Our service uses cookies which are used in order to make it more user-friendly and track your use of the Service: we gather, measure and analyze data concerning your use of the service including, but not limited to, activity, page views, unique visitors and bounce rate. This is a standard policy regarding most websites.
Cookies are small text files that a website stores on your device when you browse that website. Cookies store data of your website use. We do not use cookies for identifying a person.
You can control and/or remove cookies freely at the individual browser level. Instructions can be found for example in here: aboutcookies.org
We use the following third party cookies:
Cookie name | Provider | Purpose |
---|---|---|
__cfduid | hs-analytics.net | Used by the content network, Cloudflare, to identify trusted web traffic. |
__cfduid | hs-scripts.com | Used by the content network, Cloudflare, to identify trusted web traffic. |
__cfduid | hscollectedforms.net | Used by the content network, Cloudflare, to identify trusted web traffic. |
__cfduid | hubspot.com | Used by the content network, Cloudflare, to identify trusted web traffic. |
__cfduid | zentreasury.com | Used by the content network, Cloudflare, to identify trusted web traffic. |
__hs_opt_out | hubspot.com | This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again. This cookie is set when you give visitors the choice to opt out of cookies. |
__hssc | hubspot.com | This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. |
__hssrc | hubspot.com | Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. |
__hstc | hubspot.com | The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
_ga | zentreasury.com | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
_gat | zentreasury.com | Used by Google Analytics to throttle request rate. |
_gid | zentreasury.com | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
hubspotutk | hubspot.com | This cookie is used to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. |
lang | cdn.syndication.twimg.com | Remembers the user's selected language version of a website. |
utm_campaign, utm_source, utm_medium | Leadfeeder | We use these cookies to store from where you came to our website originally |
13) SECURITY OF PROCESSING
We carry out the appropriate measures (including physical, digital and administrative measures) to protect personal data against loss, destruction, misuse and unauthorised access or disclosure). For example, personal data can only be accessed by the people who need it to carry out their work.
14) DATA PROTECTION PRINCIPLES
ZenTreasury Oy uses all reasonable efforts to maintain physical, electronic, and administrative safeguards to protect personal information from unauthorized or inappropriate access, but ZenTreasury Oy note that the Internet is not always a secure medium. ZenTreasury Oy restricts access to information about data subjects only to the personnel of ZenTreasury Oy that need to know the information e.g. for responding to inquiries or requests made by the data subjects.