This statement describes the data privacy practices related to information collected through websites (www.prospectum.fi, www.eventos.fi, www.viestiseina.fi, www.prospectumlive.com, www.tavoittaja.fi ) owned by Prospectum Ltd.

It also explains the processing of personal data collected through forms on the websites or from other public sources, as well as the related rights.

This statement explains the following:

• What information is collected through the website, how it is used, and to whom the information may be disclosed.
• What options individuals have regarding the processing of their data.
• Existing security practices to prevent misuse of the data.
• How an individual can request the correction of inaccurate information.

This privacy statement does not apply in cases where our customers manage a service provided by Prospectum Ltd., such as the Eventos event management service or the Tavoittaja.fi SMS service. In these cases, Prospectum Ltd. acts as the data processor, and the customer organization of Prospectum Ltd. serves as the data controller.

1. Data controller: 
Prospectum Ltd., FI23531293, Ylistönmäentie 24, 40500 JYVÄSKYLÄ

2. Person responsible for registry matters:
Pekka Neuvonen, CEO, +358 40 543 3500

3. Purpose of the register: 
Prospectum Ltd. collects information about companies belonging to the target groups of the services offered and the individuals working in those companies. The data is gathered from websites and other public sources.

Prospectum Ltd. is the sole owner of the collected data. We do not sell or rent this information to anyone. We only disclose data to the Finnish police or defense forces as a result of a criminal legal process.

We may contact individuals who have provided their information to us via electronic communication to inform them about our services or changes to this privacy statement.

4. Basis for collecting and processing data: 
The legal basis is an existing customer relationship or a identified potential user of our services, meaning the legitimate interest of the data controller. The purpose of processing personal data is to communicate with customers, maintain the customer relationship, and conduct marketing.

5. Regular sources of information: 
We collect personal data directly from the user through web forms, emails, or phone calls.

When a person uses our website, we automatically collect information about their activity, such as the pages visited, the device used, and the IP address, through cookies or other tracking technologies.

If a person fills out forms on the websites, the necessary name, company, and contact information required for communication are collected from them. 

The information is stored in Prospectum Ltd.’s customer information system.

6. Regular disclosures of information and transfer of data outside the EU or European Economic Area:
All data collected by Prospectum Ltd. is stored within the jurisdiction of the EU. Personal data is not disclosed to third parties except as necessary, for example, to fulfill an order.

7. Contents of the register: 
We collect information about organizations and the individuals working within them.

Examples of information collected about organizations include:

• Organization name, marketing name, trade names, and auxiliary trade names
• Organization contact information, financial information, industry classification

The following information is collected about employees of organizations:

• Name, job title, contact information
• Analytic data of the email sent to the individual
• Other information exchanges involving the individual

Prospectum Ltd. utilizes the following information systems and service providers for collecting and storing the above-mentioned data.

Website data collection: Google Analytics – web analytics service:

1. Purpose of processing personal data:

The purpose of processing personal data with the Google Analytics service is to collect and analyze anonymous user data about the behavior of website and app users. This information is used to understand user behavior, improve user experience, optimize the performance of websites and applications, and enable targeted marketing efforts. Personal data is neither collected nor stored through Google Analytics; the service primarily operates based on anonymous and aggregate statistical information.

2. Contents of personal data and disclosure to the Google Analytics service:

The website uses Google Analytics 4 cookies to collect the following data:

1. Number of users
2. Session statistics
3. Approximate geographical location
4. Browser and device information

3. Data protection and security

Google Analytics ensures that JavaScript libraries and measurement data are transmitted securely. By default, Google Analytics uses the HSTS (HTTP Strict Transport Security) protocol. This instructs browsers that support HTTPS (HTTP over SSL) to encrypt all data traffic between end users, websites, and Google Analytics servers using this protocol.

4. Data retention period

The retention period for the website’s Google Analytics data is 14 months.

5. International data transfer

Google uses standard contractual clauses applied when transferring personal data collected through online advertising and measurement outside of Europe. The Google Ads data processing terms, which apply to services where Google acts as a processor of personal data, include both the European Commission’s approved standard contractual clauses (to ensure data transfers comply with the GDPR) and the United Kingdom’s standard contractual clauses (to ensure data transfers comply with the GDPR as incorporated into UK law), in accordance with the requirements for proper data transfer.

Google is committed to conducting data transfers on a lawful basis and in compliance with applicable data protection laws.

You can read about Google Analytics data collection on their website here:
https://support.google.com/analytics/answer/6004245

Website data collection: DealFront – data collection service:

1. Purpose of processing personal data:

The collected data is used solely to support B2B marketing, communication, service delivery, and contract management. The data is processed confidentially and is not shared with third parties without your consent, except to fulfill legal obligations or contractual requirements.

2. Contents of personal data and disclosure to the DealFront service:

The website uses DealFront cookies to collect the following data:

1. Personal data (name, job title)
2. Contact information (email address, phone number, postal address)
3. Contract details (contract specifics, services, information about the company entering into the contract)
4. Company history related to the contract (calls, meetings, emails)
5. Website traffic data and metadata

3. Data protection and security:

The processing and use of personal data take place exclusively within the territory of the Federal Republic of Germany, a member state of the European Union, or another country that is part of the European Economic Area (EEA).

The transfer of data to a third country requires the prior consent of the data controller and may only take place if the specific requirements of Article 44 of the GDPR are met. This also applies to data backups carried out by the data processor.

The DealFront service acts as a data processor and is obligated not to use personal data for any other purposes, especially not for its own purposes. Copies or duplicates may not be made unless they are part of the order and necessary to fulfill the main agreement, or unless the data controller has given prior written consent.

Actions or processes in which clearly readable text or information is transformed into an encrypted, unreadable (i.e., difficult to interpret) string of characters (encrypted text) using an encryption method (cryptographic system). Description of encryption measures:

• Data Encryption in transit
• Data Encryption at-rest

You can read more about DealFront’s data security practices in their “Data Processing Agreement in accordance with Art. 28 GDPR” document:
https://marketing.dealfront.com/inside-eea-data-processing-agreement-dealfront-en.pdf

4. Data retention period:

Contact requests made on the website are stored in the customer relationship management (CRM) system, and the data is deleted upon request when the customer relationship ends.

Upon termination of the contract, the DealFront service is obligated to delete the personal data. Additionally, they are required to delete personal data in accordance with the GDPR if requested by the data controller.

SendGrid – email service:

1. Purpose of processing personal data:

We use the SendGrid service for sending and managing emails. With SendGrid, we can send important messages to individuals, such as order confirmations, information about our services, or other business-related communications.

2. Contents of personal data and disclosure to the SendGrid service:

To send emails to individuals securely and efficiently, we share certain personal data with SendGrid.
The personal data shared with SendGrid includes:

• the person's name
• company / organisation
• Contact information (email address, phone number)

3. Data protection and security:

We use precautionary measures to protect your data. When sensitive information is sent through the website, the data is secured both during transmission and while stored.

You can read about SendGrid’s privacy practices on their website:
https://www.twilio.com/en-us/legal/privacy

4. Data retention period:

The SendGrid service retains email activity/metadata (such as opens and clicks) for 30 days. It also stores sending history, suppression lists (bounced emails, unsubscribes), and spam reports (which may contain content) for as long as they are necessary.

You can read about SendGrid’s security practices on their website:
https://sendgrid.com/policies/security/

8. Data retention period: 

The retention period for the website’s Google Analytics data is 14 months.

The SendGrid service retains email activity/metadata (such as opens and clicks) for 30 days. It also stores sending history, suppression lists (bounced emails, unsubscribes), and spam reports (which may contain content) for as long as they are necessary.

Contact requests made on the website are stored in the customer relationship management (CRM) system, and the data is deleted upon request when the customer relationship ends.

9. Protection of the register: 

We use precautionary measures to protect your data. When sensitive information is sent through the website, the data is secured both during transmission and while stored.

When we collect sensitive information (such as usernames or passwords), the data is encrypted and transmitted to us securely. You can verify this by looking for a closed padlock icon at the bottom of your browser or by checking that the web address in the browser’s address bar begins with “https.”

In addition to encrypting sensitive data during transmission, we also protect the information while it is stored. Only employees who need access to the data for specific tasks (such as billing or customer service) are granted access to personal data. The computers and servers where personal data is stored are kept in a secure environment.

10. Automatic decision-making: 

We do not apply automatic decision-making to the data.

11. Rights of the data subject: 

A person has the right to:

• A person can refuse future contacts from us at any time by contacting us via email at: support@prospectum.fi or via phone at: +358 40 358 0600  
• A person has the right to see what information we may have about them.
• A person has the right to change/correct the information we have stored about them.
• A person has the right to request us to delete their data.
• A person has the right to express any concerns they have regarding the use of their data by us.
• Google Analytics:
  • “Opt-out” option – A person can refuse the use of the Google Analytics service on our website. We offer a clear choice to opt out of the collection of your data through Google Analytics.
  • A person can prevent broader data collection by Google Analytics by installing the “opt out” add-on provided by Google Analytics in their browser. This add-on blocks Google Analytics tracking from running in the browser when the person visits our website and other sites.
  • A person can download the “opt out” add-on from the following address: https://tools.google.com/dlpage/gaoptout/

Changes

Our privacy policy may change over time, and any changes will be mentioned on this page.

For any questions related to data protection, you can contact us immediately by phone at the number +358 40 358 0600 or via email support@prospectum.fi.