We at Bitcomp (Bitcomp Oy and our affiliates) are committed to protecting your privacy. Bitcomp collect and process personal information under the General Data Protection Regulation and Personal Data Act (1050/2018) and other applicable legislations.

This document describes the general principles of Bitcomp Oy’s processing of personal data for the various services and the website www.bitcomp.com. Different products or services can also have their own privacy and processing statements. You can read privacy policy and term of use of our different services from our websites.  We encourage you to read this document carefully before using Bitcomp Oy’s services or browsing the website.

Our business is based on legal business. We comply with EU legislation when we collect and store personal data:

• All gathered personal data are processed legally, fairly and in a transparent manner. You have the right to access your personal data, to have it corrected and the right to recourse; at any time if you believe your data protection rights have been breached.
• We collect personal data only to the extent necessary to fulfil a precise purpose related to our tasks. We do not hand out data collected to third parties without consent.
• We minimize our data and keep them accurate. We only control the data we need.
• We restrict the storage of information. We do not keep your personal information for longer than necessary for the purposes for which we collected it. However, we may keep your information for a longer period under certain conditions outlined in law.
• We store only intact and reliable information. We put in place measures to guarantee that your data are kept up-to-date and processed securely.
• We collect and process personal data for customer relations and handling other appropriate business matters or to further communications with potential customers.

Controller

Decisions about your personal data are made by:

Company: Bitcomp Oy

Business ID: 2141044-7

Address: Yliopistonkatu 38, 40100 Jyväskylä

Phone number: +358 400 731 127

Data protection officer: Jani Hautanen

email: gdpr@bitcomp.fi

How do we collect your data?

We only collect personal information that you have provided or consented to us collecting. Personal data is collected when:

• you contact us via phone, email or by messaging us using our contact form.
• you apply to work for us (we use Solaforce to store job applications)
• you do contract with us or buy services from us
• you sign in and use our service
• you use our website through browser cookies
• we process your personal data on behalf of another controller.
• other situations where you give us permission to collect your personal data, such as client meetings or events.
• We also might collect your contact information based on our business intentions.

You do not have to provide us with your personal information, but in such situations, we may not be able to provide our services to you or act on your request.

We do not seek to collect, store or otherwise process your sensitive personal information (i.e. about race or ethnicity, political opinions, religious or philosophical beliefs, etc.) or any information that you have not given permission.

How will we use your data?

We only collect, process, and use personal data that is necessary for our business, customer relationship management and relevant commercial activities. There is always a legitimate basis for the processing of personal data, which we can specify as follows:

1. Contract and providing the service

We generally process personal data for the performance of a contract we have entered with you or a company you represent, or for the conclusion of such a contract or the provision of a service.

2. Marketing

The processing of personal data may also be based on our legitimate and legitimate interest to market and communicate about our services. We may also process your personal data for marketing research and customer surveys.

3. Service development, data security and internal reporting

We may also process personal data to ensure the security, development and quality improvement of our website and services. Personal data may also be used to compile internal reports. In these cases, the processing of personal data is based on our legitimate interest.

4. Compliance with the law

We may process your personal data to comply with our legal obligations, for example in relation to accounting or to carry out requests from public authorities (e.g. the tax authorities) as required by law.

5. Employer’s and recruiter’s rights

We may collect personal data from employees and job applicants in connection with the employer’s activities. We process personal data in the context of job applications in accordance with the Act on the Protection of Privacy in Working Life (759/2004).

6. Other uses to which you have consented

We may also process your personal data for other purposes if you have given your explicit consent to such processing.

Other processing of Personal Data

As a processor, we are responsible for processing personal data on behalf of the controller in accordance with applicable data protection legislation and to the extent necessary for the provision of the service.

We may also process personal data for statistical purposes, in which case the data are aggregated in such a way that it is not possible to identify the natural person from the result. The resulting statistics are not personal data because they cannot be linked to an individual person.

Personal Data Transfers and Regular Disclosure

Bitcomp does not share, sell, rent, or trade personal information with third parties. Personal data may be disclosed to third parties in the following cases:

• In accordance with applicable law, as requested by public authorities or similar bodies.
• Where there is a legitimate interest to disclose the data, such as when we organise an event with a third party. In such cases, you will always be informed of the disclosure of your data.
• Where we consider it necessary to enforce or protect our rights, such as to respond to legal claims, to protect your safety or the safety of others, to investigate wrongdoing or to respond to a request from a public authority.
• Where our partners or service providers process personal data on our behalf and in accordance with our instructions. We are responsible for the processing of personal data in these cases.

Data Transfer Outside the EU or EEA

Some of the services and service providers we use operate   outside the European Union or the European Economic Area (EEA) (for example newsletter-service Mailchimp). For this reason, some of the personal data processed by these services must be transferred outside the EEA. In these cases, we will has ensured that subcontractors are bound by the EU General Data Protection Regulation (679/2016) and covered by EU Commission Model Clauses.

Cookie Notice

Cookies are small data files that are placed on your computer, tablet or mobile device when you visit a website. Cookies can help in identifying your device when you visit a website and remember helpful details of your previous visits to improve your user experience. Cookies are widely used by online service providers in order and

data helps us figure out, which parts of our website serve you the best. But we won’t compromise your privacy to collect it.

Some cookies are required for technical reasons for our Sites and Services to operate, and we refer to these as “Basic Operations” cookies. Other cookies enable us to track and target the interests of Visitors to our Sites, and we refer to these as “Content Personalization”, “Site Optimization or “Add Personalization” cookies.

Data shared with 3rd parties to ensure the site is secure and works on your device.

Deadlines for Erasure of Personal Data

Personal data is stored for as long as it is necessary for fulfilling the purpose of the personal data. We do not keep your personal information for longer than necessary for the purposes for which we collected it. Unnecessary personal data, e.g. due to the end of the customer relationship, will be deleted after the deadline. We may also retain personal data after the end of the customer relationship to the extent permitted or required by applicable law. Such cases include responding to claims or lawsuits. The personal data of decision-makers will be stored permanently for direct marketing purposes within the limits of the law.

As a processor, we are processing personal data on behalf of a controller. Controller can request deletion of personal data.

Rights in Respect of Your Information

Our Company would like to make sure you are fully aware of all of your data protection rights. You can request access, correction or updates of your personal information. Upon written request, we provide a copy of the actual data or corrects inaccuracies relating to your information. Under the GDPR, the controller will answer the client without undue delay (mainly within a month). In principle, the exercise of rights is free of charge. We may have to charge a fee for certain activities.

The right to access

You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.

The right to rectification

You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.

The right to data portability

You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

The right to erasure and be forgotten

You have the right to request that Our Company erase your personal data, under certain conditions.

The right to restrict and object processing

You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.

You have the right to object to Our Company’s processing of your personal data, under certain conditions.

You also have the right to object to the use of your data for direct marketing purposes.

You have the right to lodge a complaint with a supervisory authority about the processing of personal data.

Principles of Registry Protection

Data is collected in databases that are protected by firewalls, passwords, and other technical measures. These measures ensure the protection of personal data against loss, destruction, misuse and unauthorised access or disclosure.

Databases and backups are located in locked spaces, and only certain pre-designated persons can access them. The only persons who have access rights to the personal data system are those employees of the controller who have the right to process personal data contained in this register for the purposes of carrying out their work. Each user has their own username and password for the system, and they work under an obligation of professional secrecy.

Please note that even appropriate measures cannot prevent all possible security breaches. In the event of a data breach, we will notify you in accordance with applicable law.

Changes to This Privacy Policy

Our Company keeps its privacy policy under regular review, and we reserve the right to amend this privacy policy as necessary. We place any updates on this web page.

This privacy policy was last updated on 4 March 2022.

Contact Information

If you have any questions about Our Company’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us. Email us at gdpr@bitcomp.fi