Every person values his or her privacy. That is why we are also committed to protect the privacy of our customers, users of our services, employees and partners. However, as we offer digital services platforms, we could not do business without processing some amount of personal data. Personal data is any data relating to an identified or identifiable person. Name, email address and a portrait photo are a few examples.
By offering our digital services platform, we may also be considered to be in the role of a data processor to our customers. For instance, our customers are usually data controllers regarding such personal data they enter into and manage in our service (if any). The data processing principles regarding this is described in our customers’ privacy policies and in the contracts we conclude with our customers.
The data controller relating to processing of personal data pursuant to this privacy statement is (hereinafter also “Builderhead”, “us” or “we”):
Business ID: 2951899-7
Alppikylänkatu 4 C 52
You can use the above details also for contacting us in privacy matters or contact Sami Kivensalo, email: sami.kivensalo@Builderhead.io.
For what purposes we collect personal data? What is the legal basis for processing personal data?
We collect, store and process personal data for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. The main purposes and the applicable legal basis for processing personal data are:
Providing our services. We collect and process personal data for fulfilling contractual obligations relating to provision of our services. During the customer relationship, we also use personal data for invoicing, debt collection, handling of complaints as well as for customer support purposes. The legal basis for this processing is a contract between Builderhead and the customer, or preparations made for concluding a contract, as well as our legitimate interest.
Sales and marketing. We contact potential customers and may execute direct and digital marketing campaigns, such as social media advertising and search engine marketing. We may also perform marketing based on customer profiles. The legal basis for this processing is primarily our legitimate interest as well as consent (if required by law). A person has however always the possibility to object direct marketing. For marketing purposes we may also perform automated decision making (incl. profiling), for instance when executing remarketing campaigns.
Customer communications. We use personal data for customer communication purposes. The legal basis for this processing is our legitimate interest, possibly also a contract between Builderhead and the customer.
Business development and business intelligence. We may also use personal data for developing our business relating to offering digital services platforms especially for the construction industry. The legal basis for this processing is our legitimate interest.
Fulfilling legal obligations. We may also use personal data for fulfilling legal obligations (e.g. bookkeeping, employment contracts act, tax laws, companies act).
HR and recruiting. Personal data relating to employees are mainly collected and used for human resources management purposes, such as payment of salaries, fulfilling other rights and obligations relating to employment contracts and meeting legal requirements relating to employment. The legal basis for this processing may be fulfilling a contract between Builderhead and the employee, consent as well as fulfilling legal obligations relating to employment. In recruitment situations we use personal data primarily for preparing an employment contract and on the basis of consent of the job candidate. Based on consent we may also process personal data from other sources than the job candidate or employee.
Whose personal data we collect? What personal data?
We collect, store and use personal data mainly relating to:
- customers and potential customers
- users of our services
- employees and job candidates
- partners and subcontractors
- shareholders and investors
Relating to customers, potential customers, partners and users we collect and use typically the following personal data:
- company name
- title / position
- invoicing details
- work email
- work phone
- marketing opt-in / opt-out
- user right details (login, password)
- business correspondence
Relating to employees we collect and use typically the following personal data:
- contact details
- social security id
- details required for payment of salaries and withholding taxes
- skills, education and work history/experience
- possible application and resume
- data relating to the person’s employment (job title, start date, data relating to work time and holidays, travel and related expenses, health data as required by laws, and other data possibly required by laws)
Relating to job candidates we collect and use typically the following personal data:
- contact details
- education, experience, previous employers
- possible application and cv
- references and data from other sources than the job candidate (with consent)
Relating to shareholders we collect and use typically the following personal data:
- contact details
- social security id / business id
- share of ownership
From which sources we collect personal data?
Customers (incl. potential), users and partners
Data is collected mainly from the person itself, for instance when making an agreement with us. Data is also collected and created during the business relationship, but mainly concerning the company, not persons. We may also get data from other external or public sources and registers.
New customers and partners are also prospected with inbound and outbound marketing activities.
We may also use Google Analytics or other similar analytics services to monitor and analyze our website use (see below for a list of technologies and services used by us).
Employees, job candidates, shareholders and investors
Data is collected mainly from the person itself or with consent from other sources. Some data is also generated or created during the employment. Relating to employees, we may also receive data from tax authorities as well as pension and insurance companies.
Who processes personal data? Is it transferred to anyone?
People within our organization have access to the personal data for the purposes of performing their work tasks.
We store most of data in electronic form only and we use a substantial amount of various services providers and tools for performing our work. Such services provider may be considered as a data processor to Builderhead. We use third party services especially in the following matters:
- data storage, hosting and maintenance;
- software development;
- marketing automation and CRM;
- internal communication;
- project and task management;
- finance and bookkeeping; and
- website analytics.
In these situations, we make sure contractually and otherwise that the confidentiality of personal data is secured and data is processed and transferred lawfully and for our benefit only.
We may also provide personal data to a third party due to a legal obligation or requirement by an authority or a court, for responding to or preparing legal actions, or based on a person’s consent. We may also provide personal data to a third party if we are involved in a business sale, transaction or restructuring.
Is personal data transferred outside the EU?
Personal data may be transferred outside the EU, as we store data and may use services of such services providers, which may locate outside the EU. If personal data is transferred outside the EU, we make sure that the transferee is located in a country with adequate safeguards (as decided by the EU commission from time to time), the transferee is Privacy Shield certified (if a US-based company) or the transfer occurs by using model clauses published by the EU commission.
How long is data stored?
We will not store personal data for a longer period than is necessary for its purpose or required by contract or law. The retention periods for personal data may vary based on its purpose and the situation as well as on the legal basis for processing personal data. The data may be deleted (1) when a person withdraws his/her consent or requests deletion of his/her data and we have no other grounds for processing personal data, (2) when a contractual relationship ends, (3) or when data becomes obsolete or is inaccurate. The retention period may also be based on laws (e.g. accounting, tax laws, employment contracts act, companies act). We may also update data from time to time.
How is data stored and kept secure?
Personal data is stored primarily in electronic form and it is secured in accordance with general industry standards and practices. We consider and keep personal data confidential. Access to personal data is also protected with user-specific logins, passwords and user rights. Our premises are also safe and secure.
Is it mandatory to provide personal data? What happens if you don’t provide it?
We need some amount of personal data especially in customer relationships to conclude and fulfill contracts. We may require some personal data to register a user account and for verification purposes. Relating to employment we also need to process at least the minimum personal data required to fulfill employment contracts and legal obligations relating to employment. Collecting certain minimum personal data relating to shareholders is also a legal requirement. Potential partners and customers usually can decide how much and whether to share personal data with us.
What rights do you have?
Withdraw your consent
If we process personal data based on your consent, you can at anytime withdraw your consent by notifying us, for instance by contacting us using the contact details provided above.
Access to data
You have the right to have confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.
Right to have errors corrected
You have the right to request that we correct any inaccurate or outdated personal data we have about you.
Right to prohibit direct marketing
You have the right to request that your personal data is not processed for direct marketing purposes by contacting us using the contact details provided above.
Right to object processing
If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.
Right to restrict processing
In certain situations you have the right to require that we restrict processing of your personal data.
Right to data portability
If we process your personal data based on your consent or fulfilling of a contract, you have the right to require transfer of the data you have provided to us to another services provider in a commonly used electronic format.
How can you use your rights?
You can execute and use your rights by contacting us, for instance by using the contact details provided above. Remember also that we need to use reasonable measures to verify your identity before executing your rights. If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervising authority (Finland: tietosuojavaltuutettu; www.tietosuoja.fi).
Third party technologies used by us and cookies on our website
What are cookies?
Usually it is not possible to recognize a person or the user of the website from the data contained in cookies, but if you have previously registered as a user on our website or we otherwise have already personal data about you, the data from the cookies may be incorporated with such data. Therefore, sometimes data in the cookies may be considered as personal data.
Third party cookies and applications on our website
When using our website, we may run third party applications and certain third party services providers may store cookies on your device for the purposes of website and marketing analytics and development as well as targeting of content and advertising. These may include services providers such as Youtube, Google Analytics, Facebook and other similar services providers and marketing networks. Some of these may be located outside the EU. More information about the cookie and privacy policies of these services providers can be found from their website. We are not responsible on their data processing practices. Third party advertising targeting can also be managed on Your Online Choices website.
We may update our practices relating to cookies due to changes in our business practices or in applicable laws.