AAC Global is committed to respecting your privacy and complying with the laws applicable to processing personal data. Our operations and services require the collection and processing of personal data.
Our data protection principles describe the purposes for which we collect and process personal data, in addition to indicating who processes your personal data and what rights you have concerning your data, among other aspects.
Serving as the controller, AAC Global Oy and AAC Global AB process your personal data in accordance with these principles and the applicable laws, so please read these data protection principles carefully.
We may also update these principles as our operations develop or amendments are made to laws, so you should revisit this page from time to time.
AAC Global respects your privacy and is committed to complying with the laws applicable to processing personal data, meaning the EU General Data Protection Regulation (GDPR) and section 10 of the Finnish Personal Data Act (523/1999).
Your personal data is confidential. As a rule, your personal data is only processed by our employees. Under certain circumstances, however, our contractual subcontractors may process a limited amount of identifiable data.
We avoid unnecessary collection, processing and storage of personal data.
With regard to processing personal data, we only use subcontractors that enter into written agreements with us and commit to protecting personal data.
Our processing of personal data is always based on written agreements or a customer’s decision to provide us with their personal data in conjunction with using our website or signing up for our services. We never process personal data for purposes other than the customer’s interests, and the data is processed in accordance with the instructions provided by the customer.
We primarily use personal data to provide services, manage customer relationships, issue invoices, and market and sell services. In addition, we use personal data to further develop these operations.
Customer information is only processed within the scope permitted by the GDPR and the Finnish Personal Data Act in AAC Global’s own personal data files.
We only collect, store and process personal data for predetermined purposes.
We process personal data in conjunction with matters related to customer relationship management, such as providing and delivering services, invoicing, collecting debt, processing complaints, providing customer support and measuring customer satisfaction.
Some of our services may also require registration for our customer portal using personal user credentials. In addition, we may use personal data to issue notifications related to using our services.
To the extent permitted by law, we may also process personal data for marketing and direct marketing purposes. This may include processing and analyzing personal data with regard to targeted marketing or services.
For example, we may display targeted messages or content on our channels based on your earlier interests, or contact you by means of direct marketing.
We are continuously developing our operations. For this reason, we may also use personal data to further develop our marketing services, such as creating and introducing new service concepts and improving our processes.
We may also collect and process personal data to meet our statutory obligations with regard to accounting or the authorities, for example.
As a rule, we only process personal data concerning employees and job applicants for HR administration purposes and to meet our obligations with regard to employment contracts as well as our statutory obligations related to employment relationships, and to assess job applicants and fill open positions.
We mainly collect personal data from you directly when you contact us or use our services. We may also collect personal data about customers from public sources and registers, such as LinkedIn and other social media channels.
We use services provided by Google Analytics, HubSpot, Giosg and Hotjar to collect data about our website visitors in order to analyze and further improve our website and target relevant marketing.
As a rule, we only process personal data related to our customers (including potential customers), employees and job applicants.
With your consent, we may also collect and process other information; for example, when making reservations for a breakfast event, we may ask you about your food allergies.
We are responsible for ensuring that we always have legal grounds for processing your personal data. We may process personal data on several grounds, but we always ensure that at least one legal reason exists.
With regard to the information stored in our customer and marketing data files, we mainly process data to prepare and execute agreements and based on our legitimate interests, which include in particular the provision, delivery and development of our services; customer relationship management; direct marketing and the implementation, targeting and development of marketing; the processing of complaints and customer feedback; and the provision of maintenance and further development services.
With your consent, we may also use your e-mail address for sending newsletters and marketing messages, or to process other data related to you. If we are only processing your personal data based on your consent, you are entitled to withdraw your consent at any time.
We may also process your personal data to meet our statutory obligations.
As a rule, your personal data is only processed by AAC Global’s employees as part of their work.
Concerning personal data about our customers, we may use subcontractors, particularly with regard to data storage, customer relationship management (cloud storage services, project management and communication, CRM) and technical support.
We may also otherwise disclose data to meet contractual obligations or if required to do so by law or a competent authority.
In addition, we may disclose your data in conjunction with a business acquisition.
We may also disclose anonymized or statistical information that cannot be connected to an individual. If such information is no longer regarded as personal data, we may disclose it to third parties for purposes other than those specified here.
Under certain circumstances, your personal data may be transferred outside the EU. Some of the cloud services we use, such as our CRM system and automated marketing system, are located outside the EU.
If data is transferred outside the EU, we ensure that the destination has an adequate level of data protection as determined by the European Commission, that transferees located in the United States have Privacy Shield certification, or that the transfer takes place under the Model Contract Clauses issued by the European Commission. In other words, we always ensure that any transfers of data are carried out on legal grounds and are subject to sufficient protection mechanisms.
We do not store your personal data for longer than is necessary for its purpose of use or is required by a contract or agreement or by law.
However, the storage periods for personal data may vary depending on the situation and purpose of use. We regularly delete our customers’ personal data once 24 months has passed since the latest measure carried out with regard to the data.
We also seek to update your data, if necessary. Any unnecessary data is deleted.
If we are required to store customer information or other personal data by law, such as the Accounting Act, we store the personal data until the statutory obligation expires.
Your personal data is mainly stored in electronic format on our service provider’s servers, which are protected in accordance with general practices in the field.
The personal data that we collect and process is kept confidential and is only disclosed to people who need it as part of their work or to our contracting partners, such as our subcontractors, confidentially and to a limited extent.
Access to your personal data is limited and protected by means of user-specific identifiers, passwords and access rights. Our facilities are locked and protected.
If you refuse to provide your personal data or prohibit us from processing your personal data, we will probably not be able to serve you and fully meet the purpose of our operations.
On our website, we use services provided by HubSpot Analytics, Google Analytics, Hotjar and Giosg to provide visitors with the best possible user experience.
Cookies are small text files stored by the network server on the user’s terminal. Cookies provide us with information about how visitors are using our website.
Website visitors can allow or block cookies from their browser settings. Most browsers automatically allow cookies. Please note that blocking cookies may limit the functionality of our website.
If we are processing your personal data based on your consent, you may withdraw your consent at any time by notifying us by, for example, sending an e-mail to email@example.com.
You have the right to receive confirmation from us on whether we process personal data concerning you and to know what personal data we are processing. You also have the right to receive supplementary information about the grounds for processing your personal data.
You have the right to request that we correct any inaccurate, outdated or otherwise incomplete personal data concerning you.
You have the right to prohibit us from processing your personal data for direct marketing purposes by sending an e-mail to firstname.lastname@example.org.
If we are processing your personal data based on a general interest or our legitimate interest, you have the right to object to the processing of your personal data to the extent that the processing is not based on compelling legitimate grounds that override your rights or to the extent that the processing is not necessary to meet a statutory obligation.
Please note that this may limit our ability to serve you, or even prevent us from serving you.
Under certain circumstances, you have the right to demand that we restrict the processing of your personal data.
If we have processed your data based on your consent or to execute an agreement, you have the right to receive in a commonly used format the data that you have submitted to us in electronic format, so that the data can be transferred to another service provider.
You can exercise the rights describe above by contacting us by, for example, sending an e-mail to email@example.com.
Please include your name, address and telephone number in your message, as well as a copy of your passport, driving license or other form of identification, so that we can confirm your identity.
Contact person: Petri Lehmus, firstname.lastname@example.org.