This is the General Data Protection Regulation (GDPR) compliant registry and privacy statement of Orange Advertising Oy.
The statement was drafted on 26.5.2021 and updated on 17.10.2023.
Who collects the information?
All data is collected and processed on behalf of Orange Advertising Oy.
The companies and services that process the information are listed under the sections “How is the information collected?” and “Who has access to the information?”
| Registry name: | Orange Advertising Oy’s marketing and customer register |
| Registry holder: | Orange Advertising Oy |
| Business ID: | 0109205-8 |
| Address: | Siltasaarenkatu 18 A |
| Postal Code: | 00530 |
| City: | HELSINKI |
| Phone number: | 010 836 6600 |
| Contact for data protection matters: | orangead@orangead.fi |
Why is the information collected?
The data controller processes personal data based on the following legal grounds and purposes:
- Responding to inquiries, requests for quotes, etc.
- Establishing and developing a relationship between the data controller and the person who provided their contact details
- Direct marketing and targeting of the data controller’s products and services (e.g. sending a newsletter) by email or other electronic means
- Collecting information about the use of the data controller’s online and mobile services using cookies, advertising IDs, or other similar technical tracking methods for the purposes set out in this statement
- Targeting advertising with the user’s consent
- Information collected through HubSpot, including but not limited to contact form information, email communication, website usage statistics, and other customer relationship management data.
Basis for data collection and processing
Customer information is collected and processed with the customer’s consent or to execute a contract with the customer.
What information is collected?
The register contains the following information about decision-makers and contacts of current and potential customer and partner companies and organizations.
Usage information for electronic services
Service usage and browsing information, the page from which the user has moved to the data controller’s website.
During login, we may collect identification information such as cookie ID and the user’s IP address.
Contact-related information
Contacts and emails, electronic transaction forms, chat conversations.
Information on the use of social media
Social media functions in use by the data controller, such as Facebook and Instagram.
Facebook may provide the data controller with information about comments and links the user shares on Facebook about the website. In addition, Facebook may provide the data controller with information included in the user’s public profile and other information that Facebook users share with the data controller’s services.
Community plugins are the responsibility of Facebook and you can familiarize yourself with its privacy practices here: https://www.facebook.com/privacy/explanation
HubSpot
Information collected through HubSpot, including contact form information, email communication, website usage statistics, and other customer relationship management related information.
How is the information collected?
Regular sources of information
The register collects information from the individual themselves. Information can be collected from official registers within the limits allowed by law (e.g. ytj.fi).
Identifying information
Information stored in the register is obtained from customers or users from messages sent via the contact form, by email, through social media services, from contracts, customer meetings, and other situations where the customer provides their information.
Contact information for companies and organizations can also be collected from public sources, such as company websites, trade registers, other public and private registers, and other business and decision-maker registers, as well as available classifications, segmentations, and analyses from other public and private registers.
Marketing data
With the user’s permission, we can collect data from our online services for online advertising. You can manage permissions from our cookie banner.
We collect user and session data that is anonymous or pseudonymized with the online marketing tools listed below, such as the details of the loaded page, user demographics, session duration, and the location of the nearest city.
If you log into our services, pseudonymized user data can be forwarded to analytics as a dimension, so that we can track cross-use of the site on different devices and combine information for remarketing lists.
- Google Analytics
- Google Ads pixels
- Google Floodlight pixels
- Facebook pixels
- Linkedin Insights pixels
HubSpot analytics and other HubSpot tools used for monitoring online services and targeting marketing.
To whom is the information shared?
The data controller can disclose information to its partners when it is necessary for the provision of the service. For example, to implement third-party services ordered by the customer from the data controller.
Information is not disclosed to other external parties unless it is essential for fulfilling the data controller’s statutory or contractual obligations.
The data controller has the right to use subcontractors in providing and implementing its services. In this case, personal data can be transferred to subcontractors to the extent that it is necessary for the provision of the services.
These subcontractors process personal data on behalf of the data controller and according to the data controller’s instructions and this privacy statement. The data controller ensures by contract that personal data is processed in accordance with the law.
Who has access to my information?
Principles of register protection
Only those persons who are entitled to do so because of their work have access to the data.
Data is stored in locked and access-controlled premises.
Electronic data is protected with firewalls, access right management (personal usernames and passwords), and other technical means.
HubSpot employees have limited access to data only to the extent necessary to implement HubSpot services on behalf of Orange Advertising Oy.
Data retention period
Personal data is retained as long as it is necessary for its intended purpose. Data is destroyed after the termination of the relationship between Orange and the company or after the data controller has learned that the registered person is no longer Orange’s contact person, with the following exceptions:
- Usage data of electronic services and communication-related data is stored for five years from the mentioned date.
- The basic data of the registered person and marketing data, and with the consent of the registered person, other data can be permanently stored for direct marketing purposes within the limits allowed by law.
- In situations allowed by the current legislation after the mentioned retention periods.
Note: The data controller retains company data on other grounds, i.e., data on the use of the data controller’s products and services, correspondence, and other communication, which the registered person has conducted as a representative of a corporate customer on its behalf, as they are not personal data.
Use of cookies
Read more: Cookie Statement
Rights of the registered
For all questions related to personal data processing and in situations related to exercising one’s own rights, the registered person should contact the data controller as indicated in section 1. The data controller may, if necessary, ask the registered person to specify their request in writing and prove their identity.
Right to check the stored information
The registered person has the right to check what information about them has been stored in the register and to obtain a copy of the processed personal data.
Right to correct information
If the registered person notices incorrect information, they must proactively correct, delete, and supplement the incorrect information in the register, if possible in the service, or notify the data controller of the errors and correct information.
Right to transfer information to another service provider
If legislation and official guidelines require it, the registered person has the right to obtain, mainly in machine-readable format, and transfer to another data controller the information that they have reported to the register and which is processed based on the consent or assignment given by the registered person.
Right to restrict the processing of personal data
The registered person has the right, due to their specific personal situation, to oppose the processing of their personal data. When making the request, the registered person must specify the particular situation based on which they oppose the processing. The data controller can refuse to implement the objection request on grounds provided for by law.
The registered person has the right to demand the restriction of the processing of their personal data on statutory grounds, for instance, when they are waiting for the data controller’s response to a request to correct or delete their data.
Right to contact authorities
The registered person has the right to file a complaint with the competent supervisory authority if the data controller has not complied with applicable data protection regulations in its operations.
Right to be forgotten
When we receive a request, we will do our best to delete your information from our services. You can also request the partial removal of your information from our registers, such as removing your email address from our mailing list.
Please note that despite the deletion request, we cannot destroy some data due to local laws, such as those related to accounting. We also cannot destroy anonymous data accumulated to us because we cannot associate it with the data source.
In our email marketing, there is an unsubscribe link at the bottom from which you can easily remove your email address from our mailing list. Note that this link is not in receipts, invoices, or personal emails sent to you by our staff.