Created 23 May 2018, latest update 3 August 2022.
Thank you for your interest towards the privacy policies of Completo Consulting Oy (hereinafter Completo). This document has been created to maintain transparency of our processes.
Completo acts according to the European Union General Data Protection Regulation (2016/679, in force from 25 May 2018), the Finnish Data Protection Act (5 May 2018 / 1050) and the Finnish Information Society Code (7 November 2014 / 917).
Completo reserves all rights to change this document without notice.
1 Information and contact details
|Name of register:||Completo Consulting Oy customer and marketing register|
|Register controller:||Completo Consulting Oy
02240 Espoo, Finland
Business ID: FI1926489-0
+358 40 511 9135
2 Purpose of processing personal data
Personal data is utilized in:
- Maintaining customer relationships.
- Performing customer assignments.
- Maintaining co-operative relationships.
- Communication and customer service relating to Completo’s business.
- Targeted marketing.
3 Data content
Only the most necessary information is collected. The register may include the following:
- Contact details, such as first name, last name, email, phone number, language.
- Information pertaining to work role, such as job position.
- Contact and background information of the employer.
- Interests among Completo’s services.
- Participation data regarding Completo’s trainings or other events, products and services.
- Customer relationship information, such as notes, appointments.
- Permissions and consents given.
- Other information, such as dietary information, collected with the registered person’s consent.
- Marketing data, such as sent messages, opened messages, and clicks.
4 Data sources
The data can be collected throughout the customer or co-operative relationship or its planning, and through other communication, from the web forms of Completo’s web services, as well as other sources (for example publications and websites of customer organizations, news organizations, databases, and the Finnish Trade Register.
Completo collects data only on adults.
5 Disclosing data
Completo does not disclose any data to third parties unless this has been separately agreed upon with the data subjects.
Completo’s partners and service providers who handle personal data and/or who have a technical access to Completo’s systems include FinxS Oy Ltd, Microsoft, BA Advisors Oy, Procountor Oy, Mavidi Oy, Datajon Oy, The Rocket Science Group LLC.
A Data Processing Agreement (DPA) and a nondisclosure agreement (or a clause that can be equated to such) are signed with all third parties to which Completo may transfer personal data. Thus, third parties always handle personal data on Completo’s behalf without any right to independently process, disclose, or utilize it.
Personal data is not transferred outside the European Union or the European Economic Area, unless it is necessary for the technical implementation of our services. Completo requires compliance with the EU General Data Protection Regulation (GDPR) from all third parties, regardless of their physical location.
6 Data protection
In addition to the exceptions described above, only Completo’s employees have access to the register.
All who have access to the register and all who process personal data on Completo’s behalf are bound by nondisclosure agreements.
All systems, devices, and databases are kept up to date and protected digitally and physically.
In situations where personal data is stored on the devices or servers of third parties, they are accessed with a secured connection. These third parties are: Microsoft, FinxS Oy Ltd, Amazon Web Services, Seravo, and The Rocket Science Group LLC.
7 Retention period
Participation records are stored for a maximum of 5 years after the last communication, unless agreed otherwise.
Analyses are stored for a maximum of 1 year after the end of the associated project, unless agreed otherwise.
Usage data of Completo’s web services is stored for a maximum of 3 years.
Consent for marketing is valid until it is cancelled.
8 Rights of data subjects
Data subjects have the right:
- To view all of their personal data in Completo’s register.
- To have their personal data corrected.
- To disallow processing of their personal data.
- To exercise the rights granted by law, for example the right to contact the supervisory authority with concerns about data processing.
Demands by data subjects must be sent by letter or email from the registered email address to firstname.lastname@example.org. Completo does not disclose or update data before verifying the identity of the demanding party.
Our website utilizes cookies. Cookies are small text files that websites send to users’ devices after being visited. They are then stored on users’ devices and sent back to the same websites the next time they visit. By clicking “Accept all cookies” on our cookie banner, you agree to the use of tracking cookies on your device. You can decline the use of tracking cookies by clicking “Accept only essential cookies,” in which case you can continue to use our website normally.
This website uses:
- Session cookies, which are not used to collect personal data that can identify users, as they only send session-identifying data in the form of numbers automatically generated by the server. Session cookies are not permanently stored on users’ devices and are automatically deleted when the browser is closed.
- Third-party cookies, to enable the viewing of YouTube videos. Completo does not have access to the data that third parties collect and process on an autonomous basis. For more information about how and why data collected by social networks is processed, users are encouraged to read the privacy policies posted by the relevant service providers:
You may disallow saving cookies on your device from your browser’s settings, but it is not recommended because some websites may not function correctly without them. You can also delete cookies after using the internet.
Directions on how to delete or disallow cookies on different browsers: