Privacy Policy

Inmedia Systems Oy Privacy Policy

1.4.2023

Register holder

Inmedia Systems Oy (Y-tunnus: 1906813-6) – Later Inmedia Oy or Inmedia
Address: Pallaskatu 5 as. 7, 15900 Lahti
E-mail: karri.naakka@inmedia.fi
WWW-page: inmedia.fi

General

This privacy policy explains how Inmedia handles personal data. The privacy policy applies to websites, marketing and customer relationship management, as well as services provided by Inmedia. Inmedia complies with applicable data protection legislation, such as the EU General Data Protection Regulation and other applicable national legislation.

Inmedia's services and websites may contain links to other websites and services provided by other operators. This privacy policy does not apply to them. Even if you use links on Inmedia's services to visit other websites and external services, Inmedia is not responsible for their data protection practices.

Personal data refers to all information related to natural persons that can be directly or indirectly used to identify them, as defined in the data protection regulation.

Purposes and legal basis for processing personal data

Inmedia's services are available to legal entities. The services are available after registering and accepting the terms and conditions of the services. Inmedia processes only personal data that is necessary for each specific purpose. Personal data is processed mainly for the following purposes:

-        Customer service and communication

-        Providing, monitoring and developing services

-        Marketing, including market research, other marketing promotion and analysis, producing statistics and measuring marketing effectiveness

-        Improving user experience and tracking user traffic on the services and website

-        Fulfilling legal obligations (such as accounting and other special legislation) and reporting obligations

-        Preventing abuse

The legal basis for processing personal data is usually the performance of the agreement between the data subject and Inmedia and Inmedia's legitimate interest, such as service management and development, customer service and communication, marketing and its effectiveness.

The legal basis for processing personal data is primarily a legal obligation when personal data is processed to comply with legal requirements or reporting obligations.

Processed personal data and data sources

The processed personal data includes:

-        User identification and contact information, such as the customer's name, phone number, and email address provided when the customer makes a contract or registers for the service. In addition, information is collected that the user can publicly share or share directly with another user in the service.

-        User identification and contact information, as well as user-created content.

-        Information related to marketing and events, as well as consents and prohibitions given by the data subject.

-        Information related to the use of services and websites, such as IP addresses, electronic communication identification information, search and browsing information, browser and device information, and other similar technical information.

Inmedia may collect information from public sources, such as business information services and social media services. The user of the service can share the information they have provided in the service either publicly or directly with another user.

Retention of personal data

Inmedia stores personal data for as long as necessary to achieve the purposes defined in the privacy policy, but always for the time required by law (e.g. accounting or reporting obligations), or for resolving a legal dispute or similar disagreement. After the purpose of use has ended, personal data will be deleted within a reasonable time or anonymized. The necessity of retaining personal data and the accuracy of the information are regularly checked.

The user's information and any other content uploaded to the service will remain in the service until the registered individual personally deletes the information. In response to a request, Inmedia will provide additional information on personal data retention practices.

Personal data recipients

Personal data may be transferred to service providers and partners used by Inmedia, such as technical solution or server space providers and financial management service providers. Contracts ensure that service providers and partners process personal data in accordance with applicable data protection legislation and otherwise appropriately. Inmedia provides additional information on recipients upon request.

Personal data may be disclosed to third parties in situations where required by law or authorities or to investigate misuse of the Services and to ensure security. In addition, personal data may need to be disclosed in legal proceedings or similar legal proceedings.

If Inmedia is involved in a potential merger, business acquisition, or other corporate restructuring, personal data may be transferred to other parties to the transaction or to parties assisting in the transaction.

Transfer of personal data outside the EU/EEA

If personal data is transferred outside the EU/European Economic Area, the adequate level of protection of personal data is ensured, among other things, by agreeing on matters related to the processing of personal data in the manner required by data protection legislation, such as by using model contractual clauses approved by the European Commission.

Regarding the transfer of personal data related to the use of social media, the guidelines of the respective service providers are followed in accordance with their privacy policies.

Working with a social media service provider

When Inmedia acts as the administrator of business pages on social media, the respective social media service provider and Inmedia are joint controllers of the personal data of visitors to the social media service provider's page, to the extent applicable under data protection legislation. In addition, the social media service provider and Inmedia are joint controllers to the extent applicable for the social media service provider's services, such as Facebook's "share" function, which allows for sharing of Inmedia's service content on Facebook.

Social media service providers process personal data in accordance with their own privacy policies. The privacy policies can be found in the privacy policy statement of the respective service provider, and the service provider is responsible for complying with data protection legislation and for ensuring the realization of the data subject's rights in their service. Inmedia is responsible for complying with its own obligations under data protection legislation and processing visitor data for business pages in accordance with this privacy policy, for example for targeted advertising. Information about the processing of personal data performed by social media service providers and page administrators as joint controllers, as well as the distribution of responsibility, can be found on the social media service providers' websites.

You can manage the privacy settings of social media service providers on their websites. If necessary, you can contact the service providers to exercise your rights as a data subject. Contact information can be found in the privacy policy statements of the social media service providers.

Protection of personal data

Access to personal data is limited only to authorized parties. Service providers meet the required data security requirements. Inmedia uses technical and organizational security measures to secure personal data and ensures the fault tolerance of systems and the possibility of data recovery. Only employees who need personal data for the performance of their duties have access to them. Parties processing personal data are subject to confidentiality obligations.

Rights of registered individuals

According to the data protection regulation, registered individuals have the following rights:

-        The registered individual has the right to know whether their personal data is being processed and other information related to the processing of their personal data. The registered individual has the right to obtain a copy of their personal data.

-        The registered individual has the right to request correction or deletion of inaccurate or incorrect information, as well as deletion of their personal data. A deletion request cannot be fulfilled if the personal data is required, for example, to fulfill a contractual obligation, to comply with a legal obligation, or to resolve a legal dispute.

-        The registered individual has the right to request restriction of processing of their personal data.

-        The registered individual has the right to request the transfer of their personal data, which they have provided automatically, to another data controller, if the processing is based on the registered individual's consent or a contract.

-        The right to object to processing. The registered individual has the right to object to certain types of processing of their personal data, such as profiling or processing for direct marketing purposes, based on legitimate interests.

-        The registered individual has the right to withdraw their consent, if the processing of personal data is based on their consent. Withdrawal of consent does not affect any processing that has already been carried out.

Exercise of Rights

The data subject can send a request by mail or email using the contact information provided above. Inmedia may request additional information if necessary. The request will be processed and answered within a reasonable time after Inmedia has verified the identity and obtained the necessary information. Refusal will be notified separately. Requests that are unreasonable, unjustified or disproportionately repetitive will be left unprocessed.

Right to Lodge a Complaint with a Supervisory Authority

If the data subject believes that his or her personal data has been processed in violation of applicable law, he or she has the right to lodge a complaint with the competent data protection authority. Contact information for the Finnish data protection authority can be found here.

Changes to the Privacy Policy

Changes to this privacy policy are possible. Changes may result from changes in data protection legislation. Service users should regularly check for any changes. Inmedia will inform separately if there are material changes to this privacy policy.