Privacy policy

AAC Global privacy policy.

AAC Global is committed to respecting your privacy and complying with the laws applicable to processing personal data. Our operations and services require the collection and processing of personal data.

Our data protection principles describe the purposes for which we collect and process personal data, in addition to indicating who processes your personal data and what rights you have concerning your data, among other aspects.

Serving as the controller, AAC Global Oy and AAC Global AB process your personal data in accordance with these principles and the applicable laws, so please read these data protection principles carefully.

We may also update these principles as our operations develop or amendments are made to laws, so you should revisit this page from time to time.

Table of contents:

  1. Our key principles
  2. How do we use your personal data?
  3. What data do we collect and from which sources?
  4. On what grounds do we process your data?
  5. Who processes your data? Is it disclosed to third parties?
  6. Is your data transferred to non-EU countries?
  7. How long do we store your personal data for?
  8. How do we protect your data?
  9. Are you obligated to provide personal data?
  10. How do we use cookies?
  11. What rights do you have?
  12. How can you exercise your rights?
  13. Can this privacy policy be updated?
  14. Who should I contact in matters related to data protection?

 

1  Our key principles for processing data

AAC Global respects your privacy and is committed to complying with the laws applicable to processing personal data, meaning the EU General Data Protection Regulation (GDPR) and section 10 of the Finnish Personal Data Act (523/1999).

1.1  The following key principles guide the processing of your personal data: 

1.1.1   Personal data is confidential information

Your personal data is confidential. As a rule, your personal data is only processed by our employees. Under certain circumstances, however, our contractual subcontractors may process a limited amount of identifiable data.

1.1.2   Personal data is collected and used according to a plan

We avoid unnecessary collection, processing and storage of personal data.

1.1.3   We have written contracts with our subcontractors

With regard to processing personal data, we only use subcontractors that enter into written agreements with us and commit to protecting personal data.

1.1.4   We only process personal data for your best interests

Our processing of personal data is always based on written agreements or a customer’s decision to provide us with their personal data in conjunction with using our website or signing up for our services. We never process personal data for purposes other than the customer’s interests, and the data is processed in accordance with the instructions provided by the customer.

1.1.5   Key purposes of processing personal data

We primarily use personal data to provide services, manage customer relationships, issue invoices, and market and sell services. In addition, we use personal data to further develop these operations.

Customer information is only processed within the scope permitted by the GDPR and the Finnish Personal Data Act in AAC Global’s own personal data files.

2  How do we use your personal data?

We only collect, store and process personal data for predetermined purposes.

 

2.1  The main purposes of use include the following:

2.1.1   Provision and delivery of services and customer relationship management

We process personal data in conjunction with matters related to customer relationship management, such as providing and delivering services, invoicing, collecting debt, processing complaints, providing customer support and measuring customer satisfaction.

Some of our services may also require registration for our customer portal using personal user credentials. In addition, we may use personal data to issue notifications related to using our services.

2.1.2   Communication and marketing of services

To the extent permitted by law, we may also process personal data for marketing and direct marketing purposes. This may include processing and analyzing personal data with regard to targeted marketing or services.

For example, we may display targeted messages or content on our channels based on your earlier interests, or contact you by means of direct marketing.

2.1.3   Product development of marketing services

We are continuously developing our operations. For this reason, we may also use personal data to further develop our marketing services, such as creating and introducing new service concepts and improving our processes.

2.1.4   Fulfillment of statutory obligations

We may also collect and process personal data to meet our statutory obligations with regard to accounting or the authorities, for example.

2.1.5   Human Resources

As a rule, we only process personal data concerning employees and job applicants for HR administration purposes and to meet our obligations with regard to employment contracts as well as our statutory obligations related to employment relationships, and to assess job applicants and fill open positions.

3  What data do we collect and from which sources?

We mainly collect personal data from you directly when you contact us or use our services. We may also collect personal data about customers from public sources and registers, such as LinkedIn and other social media channels.

We use services provided by Google Analytics, HubSpot, Giosg and Hotjar to collect data about our website visitors in order to analyze and further improve our website and target relevant marketing.

As a rule, we only process personal data related to our customers (including potential customers), employees and job applicants.

3.1  Typically, we may obtain the following data directly from our customer’s contact person:

  • The name of the customer’s employer company, the first and last names of the contact person, business address, business e-mail address, telephone number and job title
  • Information about the contact person’s marketing permissions and/or prohibitions
  • Categorization information (e.g., interests) provided by the individuals themselves
  • Information submitted via contact forms and chat
  • Customer feedback information

3.2  We may also process the following personal data when a customer uses our website or services:

  • IP address or other identifier
  • Order, invoicing and delivery information
  • Data collected through cookies
  • Data collected through the use of our online service
  • From other sources, we may obtain in particular the following information about the customer: data related to the use of social media, such as LinkedIn, Facebook and Twitter.

3.3  With regard to our employees and job applicants, we mainly process data provided by the individuals themselves and data generated during employment relationships:

  • Basic information about the employee or job applicant
  • The job applicant’s CV and application, as well as reference information received with the consent of the applicant
  • Information necessary for salary payments
  • Information necessary for fulfilling rights and obligations related to the employment relationship
  • Certain sensitive information about the employee (trade union membership and health information), but only to meet our statutory obligations as an employer

With your consent, we may also collect and process other information; for example, when making reservations for a breakfast event, we may ask you about your food allergies.

4  On what grounds do we process your data?

We are responsible for ensuring that we always have legal grounds for processing your personal data. We may process personal data on several grounds, but we always ensure that at least one legal reason exists.

With regard to the information stored in our customer and marketing data files, we mainly process data to prepare and execute agreements and based on our legitimate interests, which include in particular the provision, delivery and development of our services; customer relationship management; direct marketing and the implementation, targeting and development of marketing; the processing of complaints and customer feedback; and the provision of maintenance and further development services.

With your consent, we may also use your e-mail address for sending newsletters and marketing messages, or to process other data related to you. If we are only processing your personal data based on your consent, you are entitled to withdraw your consent at any time.

We may also process your personal data to meet our statutory obligations.

5  Who processes your data? Is it disclosed to third parties?

As a rule, your personal data is only processed by AAC Global’s employees as part of their work.

In some cases, your personal data may be disclosed to our subcontractors under a confidentiality obligation. Our subcontractors process personal data based on a written agreement for the assignment. Our subcontractors process personal data in a predetermined manner, in accordance with our written instructions and only for purposes specified in this privacy policy.

Concerning personal data about our customers, we may use subcontractors, particularly with regard to data storage, customer relationship management (cloud storage services, project management and communication, CRM) and technical support.

We may also otherwise disclose data to meet contractual obligations or if required to do so by law or a competent authority.

In addition, we may disclose your data in conjunction with a business acquisition.

We may also disclose anonymized or statistical information that cannot be connected to an individual. If such information is no longer regarded as personal data, we may disclose it to third parties for purposes other than those specified here.

6  Is your data transferred to non-EU countries?

Under certain circumstances, your personal data may be transferred outside the EU. Some of the cloud services we use, such as our CRM system and automated marketing system, are located outside the EU.

If data is transferred outside the EU, we ensure that the destination has an adequate level of data protection as determined by the European Commission, that transferees located in the United States have Privacy Shield certification, or that the transfer takes place under the Model Contract Clauses issued by the European Commission. In other words, we always ensure that any transfers of data are carried out on legal grounds and are subject to sufficient protection mechanisms.

7  How long do we store your personal data for?

We do not store your personal data for longer than is necessary for its purpose of use or is required by a contract or agreement or by law.

However, the storage periods for personal data may vary depending on the situation and purpose of use. We regularly delete our customers’ personal data once 24 months has passed since the latest measure carried out with regard to the data.

We also seek to update your data, if necessary. Any unnecessary data is deleted.

If we are required to store customer information or other personal data by law, such as the Accounting Act, we store the personal data until the statutory obligation expires.

8  How do we protect your data?

Your personal data is mainly stored in electronic format on our service provider’s servers, which are protected in accordance with general practices in the field.

The personal data that we collect and process is kept confidential and is only disclosed to people who need it as part of their work or to our contracting partners, such as our subcontractors, confidentially and to a limited extent.

Access to your personal data is limited and protected by means of user-specific identifiers, passwords and access rights. Our facilities are locked and protected.

9  Are you obligated to provide personal data?

If you refuse to provide your personal data or prohibit us from processing your personal data, we will probably not be able to serve you and fully meet the purpose of our operations.

If you do not wish us to process your personal data in accordance with the principles mentioned in this privacy policy, we request that you not provide us with any personal data.

10  How do we use cookies?

On our website, we use services provided by HubSpot Analytics, Google Analytics, Hotjar and Giosg to provide visitors with the best possible user experience.

Cookies are small text files stored by the network server on the user’s terminal. Cookies provide us with information about how visitors are using our website.

We may use cookies to further develop our services and website, to analyze the usage of our website, and to target marketing.

Website visitors can allow or block cookies from their browser settings. Most browsers automatically allow cookies. Please note that blocking cookies may limit the functionality of our website.

More information is available in our cookie policy.

11  What rights do you have?

11.1  Withdrawing consent

If we are processing your personal data based on your consent, you may withdraw your consent at any time by notifying us by, for example, sending an e-mail to privacy@aacglobal.com.

11.2  Access to data

You have the right to receive confirmation from us on whether we process personal data concerning you and to know what personal data we are processing. You also have the right to receive supplementary information about the grounds for processing your personal data.

11.3  Right to have errors corrected

You have the right to request that we correct any inaccurate, outdated or otherwise incomplete personal data concerning you.

11.4  Right to prohibit direct marketing

You have the right to prohibit us from processing your personal data for direct marketing purposes by sending an e-mail to privacy@aacglobal.com.

11.5  Right to object to processing

If we are processing your personal data based on a general interest or our legitimate interest, you have the right to object to the processing of your personal data to the extent that the processing is not based on compelling legitimate grounds that override your rights or to the extent that the processing is not necessary to meet a statutory obligation.

Please note that this may limit our ability to serve you, or even prevent us from serving you.

11.6  Right to restrict processing

Under certain circumstances, you have the right to demand that we restrict the processing of your personal data.

11.7  Right to have data transferred

If we have processed your data based on your consent or to execute an agreement, you have the right to receive in a commonly used format the data that you have submitted to us in electronic format, so that the data can be transferred to another service provider.

12  How can you exercise your rights?

You can exercise the rights describe above by contacting us by, for example, sending an e-mail to privacy@aacglobal.com.

Please include your name, address and telephone number in your message, as well as a copy of your passport, driving license or other form of identification, so that we can confirm your identity.

13  Updating the privacy policy

We may update this privacy policy if changes occur to our operations or data protection principles. We may also update this privacy policy if laws are amended. Any changes will come into effect once we have published the updated privacy policy.

For this reason, we request that you study the content of this privacy policy at regular intervals.

14  Who should I contact in matters related to data protection?

14.1  Contact information:

AAC Global Oy
Porkkalankatu 20 C*
FI-00180 HELSINKI
Business ID: 0103288-0
 

Contact person: Petri Lehmus, petri.lehmus@aacglobal.com.

This privacy policy was last updated on May 4, 2018.