General Privacy Policy
At Digitalist Experience (hereinafter “we” or “Digitalist”), we value the privacy of the following groups:
- Customer Relationship Management, Sales, and Marketing: the contact persons of our corporate clients and partners (hereinafter “Contact Person” or “You”)
- Customer Experience, Usability, and User Research: participants in these researches (hereinafter, “Research Participant” or “You”)
We process personal data in accordance with this privacy statement and applicable legislation, always maintaining confidentiality. The legally binding version is in Finnish. In case of discrepancies, the Finnish version shall prevail. All legal claims will be assessed under Finnish law and in the Finnish language.
1. Data Controller
Digitalist Experience Oy (Business ID 0997039-6)
Siltasaarenkatu 18-20 C, 9th floor
FI-00530 Helsinki, Finland
Contact person for matters related to the register:
You can contact us by email at dataprotection@digitalistgroup.com
2. Changes to This Privacy Policy
We may update and modify this privacy policy at any time. The latest version of the privacy policy is always available on our website. If there are new purposes for the processing of personal data, we will inform you in advance and request your consent if necessary.
3. Processed Personal Data, Purpose of Processing, and Legal Basis
3.1. Customer Relationship Management, Sales, and Marketing
We process the following personal data of the Contact Person:
PERSONAL DATA | PURPOSE OF PROCESSING | LEGAL BASIS |
---|---|---|
MAINTAINING CUSTOMER RELATIONSHIP | ||
Basic information such as name, date of birth, customer number, title, preferred language
Contact details such as email address, phone number, address Company-related information |
Fulfilling contractual obligations and other commitments | Contract |
Billing | ||
Accounting | Legal obligation | |
Information related to customer relationships and contracts such as details of past and current contracts and orders, correspondence and other communications with you, payment information, and other data you have voluntarily provided to our systems | Fulfilling contractual obligations and other commitments | Contract |
Billing | ||
Accounting | Legal obligation | |
UPSELLING AND CROSS-SELLING SERVICES | ||
Basic information such as name, date of birth, customer number, title, preferred language
Contact details such as email address, phone number, address Company-related information |
Selling services and products
Managing and developing customer relationships |
Legitimate interest |
MARKETING | ||
Basic information such as name, date of birth, customer number, title, preferred language
Contact details such as email address, phone number, address Company-related information |
Marketing of services | Legitimate interest |
Consent | ||
Event registration details such as name, email address, special dietary requirements, billing information | Sending information about the event’s time, location, or other arrangements
Implementing special dietary catering Billing for registration |
Contract |
Accounting | Legal obligation | |
Providing additional information related to the event, soliciting feedback after the event, or informing about future similar events | Legitimate interest | |
Marketing of services | Consent | |
Your contact and terminal device information such as IP address, device ID, or other device identifier, and cookies | Targeting advertising on our online services | Consent |
3.2. Customer Experience, Usability, and User Research
We process the following personal data of the Research Participant:
PERSONAL DATA | PURPOSE OF PROCESSING | LEGAL BASIS |
---|---|---|
REGISTRATION FOR RESEARCH | ||
Registration information such as name, email | Selection of participants from those registered | Consent |
PARTICIPATION IN RESEARCH | ||
Basic information such as name
Contact details such as email address, phone number, address, and/or residence Other information such as responses, which research was participated in, the timing of the research, information about consents signed during the research, confidentiality agreements, receipt of participation compensation |
Conducting market research and developing the controller’s services
Tracking participation in researches (e.g., who has participated in researches on a certain topic, during which time periods, what was the previous gender distribution or regional coverage) |
Consent |
Guardian’s information such as name, email address, phone number, address | Approving the participation of a minor in the research* | Consent |
Photographs related to the research | Analysis and reporting of workshops, usability tests, and other researches, and as support for notes | Consent |
Recordings (video & audio) related to the research including screenshots from video recordings and transcriptions (speech converted to text) from recordings, and AI-generated analyses and summaries from transcribed texts | Analysis and reporting of workshops, usability tests, and other researches, and as support for notes
Ensuring the quality and correctness of the research conclusions at the request of the client |
Consent |
Information related to participation compensation such as name, personal identification number, and amount | Taxation of rewards and delivery of rewards** | Controller’s legal obligation |
Information related to a draw such as name and email address | Conducting the draw and delivering prizes*** | Consent |
*Our intention is not to collect personal data from minors without the consent of a guardian. However, it is not always possible to accurately verify the age of a research participant, which is why our database may contain personal data of minors. We reserve the right to prevent participation in the research by a person who is or is reasonably suspected to be a minor. We ask that minors do not participate in our research without the consent of a legal guardian. If you are a minor, you must be able to prove, upon request, that you have the consent of your legal guardian.
**Participation in our researches may be compensated with a participation fee. Typically, such a fee is a gift card, movie ticket, merchandise/product prize, or similar. The payer of the participation fee can be either us, our partner or the commissioner of the research. The payer is responsible for the participation fee, its delivery, and any related notification obligations, registrations, etc., required by law. We reserve the right to define the content, type, and value of the participation fee for each research and may, if necessary, refrain from paying/delivering the participation fee.
***In some of the researches we conduct, prizes may be drawn among participants. In such cases, we act as the drawer and the commissioner of the research acts as the organiser. Participation details and the organiser can be found in the rules of the specific draw. The organiser is responsible for the draw prize, and any related notification obligations, lottery tax, etc., required by law. The draw prize is delivered by either the drawer or the organiser.
4. Methods of Collecting Personal Data
4.1. Customer Relationship Management, Sales, and Marketing
We collect personal data of Contact Persons from:
- the individuals themselves
- professional directories
- public registers
- social media platforms (such as LinkedIn)
- websites of client companies
- registrations for events
- direct communication, such as emails or phone conversations
- organised events/seminars, etc.
- contracts
- recommendations from other clients or partners
4.2. Customer Experience, Usability, and User Research
We collect personal data of Research Participants depending on the research from:
- the individuals themselves
- recruiters for the research
- clients commissioning the research
- public data registers (such as databases from the Population Register)
5. Disclosure of Personal Data
5.1. Customer Relationship Management, Sales, and Marketing
We do not forward the contact person’s personal data to third parties.
Exceptions to the above:
- We may occasionally disclose the contact person’s personal data to other companies within the same group (for more information on the companies in the group, see our Registration Document, in Finnish), as well as to certain service providers and subcontractors. These parties help us carry out various functions necessary for the processing of your personal data. In such transfers, we ensure through necessary measures (such as contracts) that the parties receiving the personal data are properly committed to data protection and process the data on our behalf only for the purposes described in this statement.
- We may disclose the contact person’s personal data to competent authorities if required by law, court order, or competent authorities.
- We may disclose the contact person’s personal data to legal advisors if criminal or improper conduct is suspected.
- We may disclose the contact person’s personal data to a buyer if we are involved in a corporate or business transaction.
5.2. Customer Experience, Usability, and User Research
We do not forward the research participant’s personal data to third parties as such. We provide the results of the research including possible photographs to the client commissioning the research, but always in a way that the identity of the research participants cannot be discerned.
Exceptions to the above:
- We may provide the client commissioning the research with recordings (video / audio) made in connection with the research.
- We disclose the personal data of the recipient of the participation fee to either the tax authorities if we pay the participation fee.
- We disclose the personal data of the winners of the draw prizes to the client commissioning the research only if the client handles the delivery of the draw prizes.
- We may occasionally disclose the research participant’s personal data to other companies within the same group (for more information on the companies in the group, see our Registration Document, in Finnish), as well as to certain service providers and subcontractors. These parties help us carry out various functions necessary for the processing of the research participant’s personal data. In such transfers, we ensure through necessary measures (such as contracts) that the parties receiving the personal data are properly committed to data protection and process the data on our behalf only for the purposes described in this statement.
- We may disclose the research participant’s personal data to competent authorities if required by law, court order, or competent authorities.
- We may disclose the research participant’s personal data to legal advisors if criminal or improper conduct is suspected.
- We may disclose the research participant’s personal data to a buyer if we are involved in a corporate or business transaction.
6. Transfer of Personal Data Outside the EU or EEA
6.1. Customer Relationship Management, Sales, and Marketing
We generally do not transfer the contact person’s personal data outside the EU/EEA.
Exceptions to the above:
- Some of our service providers may be located outside the EU because we store and process the contact person’s personal data primarily in digital form, through cloud services.
- In the event that we transfer the contact person’s personal data outside the EU, we ensure the security of that data transfer and use GDPR-required safeguards, such as standard contractual clauses, adequacy decisions, or other similar mechanisms. More information on the safeguards we use for transfers can be obtained by contacting us using the contact details under “Data Controller.”
6.2. Customer Experience, Usability, and User Research
We generally do not transfer the research participant’s personal data outside the EU/EEA.
Exceptions to the above:
- However, some clients commissioning our research may also be located in countries outside the EU and EEA.
- Some of our service providers may be located outside the EU because we store and process the research participant’s personal data primarily in digital form, through cloud services.
- In the event that we transfer the research participant’s personal data outside the EU, we ensure the security of that data transfer and use GDPR-required safeguards, such as standard contractual clauses, adequacy decisions, or other similar mechanisms. More information on the safeguards we use for transfers can be obtained by contacting us using the contact details under “Data Controller.”
7. Data Security and Protection
Both the Contact Person’s and the Research Participant’s personal data are properly protected against unauthorised access, accidental or unlawful destruction, alteration, disclosure, transfer, or other illegal processing. This data is stored in a password-protected and firewall-secured cloud service or database. Access to this personal data is granted only to our employees whose duties or roles include processing this information.
Any physical documents (e.g., signed consent forms) are stored in a locked space accessible only to those employees who have a work-related right to process such data.
If we use artificial intelligence for analysis and summaries, we anonymize the personal data.
If your name or other personal information appears in the recordings (video / audio), we will edit the recording to remove the information before any possible onward transfer. We aim to update or delete unnecessary, incorrect, or outdated contact person’s personal information at least once a year.
8. Retention of Personal Data
8.1. Customer Relationship Management, Sales, and Marketing
The retention period for the Contact Person’s personal data may vary depending on the purpose of use, the legal basis for processing, and circumstances. We retain the Contact Person’s personal data (also applicable to subcontractors or partners) only as long as:
- necessary for the respective purpose
- required by legislation
We delete the Contact Person’s personal data unless there are legal grounds for retention, if:
- the data subject withdraws their consent, if the collection of such personal data was based on consent
- the data subject requests the deletion of such personal data
- the data subject’s information becomes outdated or incorrect
8.2. Customer Experience, Usability, and User Research
The retention period for the Research Participant’s personal data may vary depending on the purpose of use, the legal basis for processing, and circumstances. We retain the Research Participant’s personal data (also applicable to subcontractors or partners) as long as:
- Registration data for researches: we need the registrations to conduct the research
- Personal data, consents, and confidentiality agreements: the material related to our research is necessary
- Photographs: our illustrative material exists
- Recordings (video / audio)and derived materials (screenshots and transcriptions): are necessary for managing our research projects, but no longer than one year from the date of recording
- Participation fee information and its receipt form: there is a legal right or obligation to retain some of your personal data, e.g., for our tax or accounting obligations (6 years), or to prevent fraud
- Contact details for the draw: as specified in the rules of the draw
- Other information provided in our researches: is necessary for managing our research projects
If we have transferred materials to the client commissioning the research, the client becomes an independent data controller, and all responsibility for the retention and deletion of the transferred materials is entirely transferred to the new data controller.
9. Cookies and Their Use
Cookies are small text files that are transferred to your device—such as a computer, smartphone, or tablet—when you visit websites. They enable and enhance the functionality of web services, making browsing smoother. Cookies allow us to develop our website’s functionality, better understand how visitors use our site, and provide you with a more personalised browsing experience. The information collected through cookies cannot be linked to your personal or contact details, nor do they allow access to or copying of information on your device.
We use the following types of cookies:
- Essential Cookies (Always Active): These cookies are necessary for the basic functions of our website. They enable secure access to our site and the use of its basic features, such as shopping cart functions. Since these cookies are essential for the website to function, they cannot be refused.
- Performance Cookies: These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us understand which pages are the most and least popular and see how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous.
- Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
- Targeting Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
You have the right to choose which types of cookies you allow to be used. Except for essential cookies, you can modify your cookie settings at any time from our website’s cookie settings. Please note that restricting cookie settings may affect the functionality of the site and your user experience. For more information on managing and deleting cookies in different browsers, you can find it at How to Enable and Disable Cookies on Every Web Browser [Guide].
Our services may include links to third-party websites or services. These websites may use cookies, web beacons, or similar technology, so you should check and accept the respective website’s cookies before using the website, as we do not have access to third-party cookies or similar technology.
If you have any questions about our cookie policy, please contact us using the contact details provided in the “Data Controller” section.
9.1. Customer Relationship Maintenance, Sales, and Marketing
We use cookies to gather information on how visitors use our website. We also use them to develop our services and website, analyse website usage, and target and optimise our marketing.
9.2. Customer Experience, Usability, and User Researches
We use cookies on websites that have forms for research registration, consent, confidentiality, and receiving participation incentives.
10. Your Rights
Applicable data protection legislation grants you several rights, which we are committed to respecting in our operations. Under certain conditions set by law, you have the following rights related to your personal data:
- The right to request us to provide you with a copy of the personal data we hold about you and certain information related to the processing of these personal data. You have the right to receive one (1) copy of your personal data free of charge. For additional copies requested, we may charge a reasonable fee to cover the administrative costs of the request.
- The right to request us to update your personal data or correct any incorrect personal data.
- The right to request the deletion of your personal data in certain situations, for example when your personal data is no longer needed for the purposes for which it was originally collected or processed.
- The right to request us to restrict the processing of your personal data in certain situations, for example, when you dispute the accuracy of the personal data or we no longer need the personal data for their original processing purposes, but the data is needed to establish, exercise, or defend legal claims.
- The right to object to our processing based on our legitimate interests.
- The right to withdraw your consent to processing at any time when our processing is based on your consent. Please note, however, that this does not affect the processing that has taken place before the withdrawal of consent.
- The right to receive your personal data in a structured, commonly used, and machine-readable format, and the right to transfer this data to another data controller.
- The right to lodge a complaint with the local competent supervisory authority, which in Finland is the Data Protection Ombudsman (www.tietosuoja.fi).
If you wish to exercise any of the above rights, you can do so by contacting us using the contact details provided in the “Data Controller” section. We may need to request additional information about your identity before we can fulfil your request to ensure that you are entitled to make the request.
11. Questions and Answers
11.1. Customer Relationship Maintenance, Sales, and Marketing
Where did you get my contact information?
- See the methods of collecting personal data in section 4.1.
How can I have my contact information removed so that I no longer receive invitations to participate in researches?
- Contact the person listed in the “Data Controller” section.
What personal data do you have about me?
- See the personal data processed in section 3.1.
How can I check what personal data you have about me?
- A request for inspection must be sent to us in writing using the contact details provided in the “Data Controller” section. You can exercise your right of inspection once a year free of charge.
How can I withdraw my consent?
- Contact the person listed in the “Data Controller” section. Please note, however, that this will not affect processing that has taken place before the withdrawal of consent.
11.2. Customer Experience, Usability, and User Researches
Where did you get my contact information?
- Your contact information was obtained either directly from you when you registered to participate in a research or responded to a desire to participate through a research panel, or you are a client in a customer relationship.
How can I have my contact information removed so that I no longer receive invitations to participate in researches?
- Primarily contact the person inviting you to the research and secondarily the person listed in the “Data Controller” section.
How do you contact me?
- We typically contact potential participants by email and, in exceptional cases, by phone.
How do you ensure that my identity is not disclosed to the client commissioning the research?
- We never link your contact information to the responses you provide, so you cannot be identified from the research data processed.
What personal data do you have about me (related to this research)?
- See the personal data processed in section 3.2.
How can I check what personal data you have about me?
- A request for inspection must be sent to us in writing using the contact details provided in the “Data Controller” section. You can exercise your right of inspection once a year free of charge.
How can I withdraw my consent?
- Primarily contact the person inviting you to the research and secondarily the person listed in the “Data Controller” section. Please note, however, that this will not affect processing that has taken place before the withdrawal of consent.