Privacy Notice​
1 Controller
SDG Monitor Oy (business ID 3143258-6)
Puistokatu 7 B 12, 00140 Helsinki
hello@sdgmonitor.co
(hereafter ”we”)​
2 Contact person for register matters
​
Name Johanna Catani
Address Puistokatu 7 b A 12, 00140 Helsinki, Finland
Phone number +358-(0)40-595 2627
Email address hello@sdgmonitor.co
​
3 What is the purpose and the legal basis of processing personal data?
The purposes of processing personal data are:
-
the delivery and development of our products and services,
-
fulfilling our contractual and other promises and obligations,
-
taking care of the customer relationship,
-
electronic direct marketing and
-
targeting advertising in our and others’ online services.
​
We use automated decision-making (incl. profiling) to identify personal profiles, online behavior, age and consumer habits. We use this information e.g. to target marketing and to develop our services.
The basis of processing personal data is our legitimate interest based on the customer relationship and/or other relevant connection, to perform a contract and obtain consent. You have the right to object to the processing of your personal data based on legitimate interests. Where we process your personal data on this basis, we will stop processing your personal data unless compelling legitimate grounds exist for the processing that override your interests, rights, and freedoms or if the processing is necessary for the establishment, exercise or defense of legal claims.
To exercise your right to object to processing of your personal data based on legitimate interests, please contact us using the contact details provided in section two (2) above. We will respond to your objection as soon as possible and in any event within one month of receipt of your objection, unless there are exceptional circumstances. We may need to request additional information from you to verify your identity before we can respond to your objection.
​
Please note that if you object to the processing of your personal data based on legitimate interests, we are not able to provide you with certain products or services.
The data collected from users (as defined in the Terms of Service) can be employed in an array of applications, including but not limited to, analytical endeavours related to marketing, improving the overall user experience, and developing the service and platform. This usage can also extend to other areas like understanding user behavior and demographics, refining product recommendations, predicting market trends, bolstering customer support and services, enhancing security measures, personalising content and advertisements, managing operational efficiency, and facilitating research for future innovations and strategies. Moreover, the data might be used to fulfils legal requirements and to ensure compliance with regulations. For the avoidance of doubt, all data used in these applications will be anonymised to safeguard the identity of the users, maintaining our strong commitment to privacy and confidentiality.
​
4 What data do we process?
We process the following personal data of our customers or other data subjects, such as the participants of our trainings and webinars, in connection with the customer register:
​
-
basic information of the data subject* such as name, customer number, username and/or other identifier, password and preferred language;
-
contact information of the data subject* such as email address, phone number, address;
-
information of company and company’s contact persons such as business ID, field of business, staff headcount, turnover names and contact details of the contact persons;
-
possible prohibitions and consents of direct marketing;
-
information regarding the customer relationship and the contract such as past and current contracts and orders, user profile formed based on the customer relationship, call recordings, correspondence with the customer/data subject and other contacts, cookies and data related to using them;
-
other possible information gathered with data subject’s consent.
***Providing personal data marked with an asterisk is a requirement for our contractual and/or customer relationship. Without the necessary information, we are not able to provide the product and/or service.
​
We do not collect data related to special categories (sensitive data), such as health data or data related to racial or ethnic origin.
​
5 From where do we receive data?
We receive information primarily from the following sources: the users themselves, population register(s), authorities, credit information companies, contact information service providers and other similar reliable sources.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.
​
6 To whom do we disclose data, and do we transfer data outside the EU or the EEA?
We don’t disclose data from the register to external parties: We use subcontractors that process personal data on our behalf. We have outsourced the storage services to an external service provider, on whose administrated and secured server the personal data is stored.
​
We transfer personal data outside the EU/EEA. When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses. We disclose email data collected from the SDGm Free tool to MailChimp through an API for email marketing purposes. MailChimp’s privacy policy is available here: https://www.intuit.com/privacy/statement/
We deploy our website on the website service provider Wix that collects anonymised analytics data (page views, website traffic). This data is not able to differentiate individuals as it only collects data regarding individual devices visiting the site. We do not currently use this data in any form. You can access Wix’s privacy policy here: https://www.wix.com/about/privacy
​
7 How do we protect the data and how long do we store it?
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons.
We store the data for the duration of United Nations 2030 Agenda for Sustainable Development, and 2 years thereafter.
We assess the need for data storage regularly, taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
​
8 What are your rights as a data subject?
You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.
You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.
On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
​
9 Cookies and similar technologies
We use cookies and similar technologies on our website to enhance your browsing experience and improve our website's performance. Cookies are small text files that are placed on your device when you visit our website. They help us to remember your preferences and provide you with a more personalised experience.
We deploy our website on the website service provider Wix, which uses various cookies to keep track of user settings for security reasons as well as reasons relevant to marketing and collecting analytics. To see more information about Wix’s cookies, please see their relevant website here: https://support.wix.com/en/article/cookies-and-your-wix-site
Here is a breakdown of the categories of cookies we use:
-
Essential Cookies: These cookies are required for the performance of our website and cannot be disabled. They are used to remember your preferences, such as your language and location settings.
​
-
Marketing (Analytics) Cookies: These cookies are used to track your browsing behavior on our website and provide us with insights that help us to improve our website and marketing campaigns. We use tools like Google Analytics to collect data about your browsing behavior. This data is anonymous and cannot be used to identify you personally.
​
By using our website, you consent to the use of cookies and similar technologies as described in this Privacy Policy. Visitors of the website have the option to choose which cookies are enabled based on their initial consent when first visiting the website. If you wish to delete cookies, you can change your browser settings to disable or remove them. Please note that disabling cookies may affect the functionality of our website.
Our website uses cookies to collect data that is compiled in Google Ads and Google Analytics. We do not currently use this data in any form. You can access the Google Privacy Policy portal here: https://policies.google.com/privacy
We reserve the right to modify this cookie policy at any time.
​
10 Who can you be in contact with?
All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section two (2).
​
​