Brella Oy's Privacy Notice

Before we process your (see Section 3 below) personal data, with this this Privacy Notice we provide you with the information according to Articles 13 and 14 of the GDPR. We provide our personnel with similar notifications separately.

1)      CONTROLLER

Brella Oy

2765076-7

Kivääritehtaankatu 6 C, 40100 Jyväskylä

2)     CONTACT PERSON

Markus Kauppinen

hello@brella.io

 

3)     DATA SUBJECTS AND PERSONAL DATA

4)     PURPOSE FOR PROCESSING

5)     LEGAL BASIS FOR PROCESSING

Organizers and potential organizers

  • contact details

  • data relating to customer relationships

 

Customer relationships (contains profiling to match organizers with suitable attendees and vice versa)

Contract

→ to perform the contracts to which we are a party to

Direct marketing

  • emails
  • phone calls

Our legitimate interest

to manage and develop our customer relationships and further develop our business operations 

You have a right to opt-out of direct marketing each time we provide marketing to you

Attendees and potential attendees

  • contact details

  • data relating to customer relationships

 

Customer & attendee relationships (contains profiling to match organizers with suitable attendees and vice versa)

Contract

→ to perform the contracts to which we are a party to

Direct marketing

  • emails
  • phone calls

Our legitimate interest (for attendees)

→ to manage and develop our customer & attendee relationships and further develop our business operations 

You have a right to opt-out of direct marketing each time we provide marketing to you

Affiliates and potential affiliates:

  • contact details
  • affiliate relationship data

Affiliate relationships

Contract

to perform the contracts to which we are a party to

Jobseekers:

  • contact details
  • CV
  • other data the data subject chooses to disclose to us

Recruiting

Our legitimate interest

→ to manage our jobseekers and possibly employ them 

You have a right forbid us from processing your personal data.

People who contact us, including social media contacts (e.g. persons who like our Facebook-page)

  • contact details
  • possible other data the data subject chooses to disclose to us  

Management of contacts

Our legitimate interest

to manage contacts made to us 

You have a right forbid us from processing your personal data.

 

People visiting our website

  • IP addresses

Cookies

 Consent

Consent based on Act on Electronic Communications Services of Finland (917/2014)

6)     REGULAR SOURCES OF INFORMATION

Data regarding the data subject are regularly gathered:

Data subject:

Sources of information:

Organizers and potential organizers

  • Organizers and potential organizers
  • Affiliates
  • Public sources, as in internet, postal services, Trade Register, etc.  

Attendees and potential attendees

  • Attendees and potential attendees
  • Social media profiles

Affiliates and potential affiliates

  • Affiliates
  • Public sources, as in internet, postal services, Trade Register, etc.

Jobseekers

  • Jobseekers
  • LinkedIn, if the data subject so chooses

People contacting us

  • Persons contacting us

Social media contacts

  • Social media

People visiting our website

  • Cookies

7)     PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED

Data subjects

Retention period

7.1) Organizers and potential organizers

Necessary data shall be retained for three (3) years following the end of customer relationship.

7.2) Attendees and potential attendees

Necessary data shall be retained for three (3) years following the end of customer relationship.

7.3)  Affiliates and potential affiliates

Necessary data shall be retained for as long as it necessary, taking into consideration our field of business.

7.4)  Jobseekers

Necessary data shall be retained for a period of twelve (12) months following the first contact made, if the jobseeker has not become our employee.

7.5)  People who contact us (not including social media)

Necessary data shall be retained for a period of three (3) years following the contact.

7.6)  Social media contacts

Necessary data shall be retained for as long as the data subject deletes his/her data.

7.7)  People receiving our direct marketing

Necessary data shall be retained for as long as the client relationship or potential client relationship is relevant.

7.8)  Cookie data

Depends on each cookie.

 

  • However, we may retain only the necessary data of the data subjects for longer than is described above, where we are required to do so by law, it is necessary due to legal proceedings and it is necessary for any similar reason. We shall be careful not to apply this Section in vain.
  • We inspect the necessity of the personal data stored regularly and keep records of the inspections.

8)     CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The recipients of personal data may consist of:

  • our affiliates
  • data storage and communication service providers
  • accounting and auditing service providers

9)     INFORMATION TRANSFER OUTSIDE OF EU OR THE EUROPEAN ECONOMIC AREA

We can transfer data outside the EU /EEA. When doing so, we ensure adequate safeguards for the data. Such safeguards include e.g. model clauses, Privacy Shield and other such arrangements.

10)  DATA SUBJECTS’ RIGHTS

The data subject has a right to use all of the below mentioned rights.

The contacts concerning the rights shall be submitted to the contact details stated in Section 2. The rights of the data subject can be put into action only when the data subject has been satisfactorily identified.

Right

Description

10.1) Right to inspect

 

The data subject has the right to inspect what, if any, data the controller has stored of her/him.

10.2) Right to rectify and erasure       

The data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law.

10.3) Right to restriction of processing

The data subject can request the controller to restrict the processing of the personal data concerning the data subject on the grounds provided by law.

10.4) Right to data portability

The data subject shall have the right to receive the personal data concerning her/him, which he/she has provided to the controller, in a structured, commonly used and machine-readable format where the processing is based on consent or a contract.

10.5) Right to object

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing.

 

Where personal data are processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes in accordance with the law.

10.6) Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

10.7) Right to withdraw consent

Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.

11)  RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The complaint can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged infringement.

12)  COOKIES

Cookies are small text files that a website stores on your device when you browse that website. Cookies store data of your website use.

Our websites use cookies to improve our website. Cookies used to improve websites are a common part of all modern websites. Our websites use e.g. Doubleclick’s, Google’s, LinkedIn’s, Twitter’s, Hubspot’s, Hotjar’s and usemessages’ cookies.

You can control and/or remove cookies freely at the individual browser level. Instructions can be found for example in here: aboutcookies.org.

13)  SECURITY OF PROCESSING

We use the following security measures for protecting the personal data we are in charge of:

  • Personal data access is limited
  • We protect data with anti-malware, antivirus and other such software
  • Each category of data has been assigned with a responsible party
  • We use up-to-date and reliable systems and services to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
  • We use up-to-date and reliable systems and services to ensure the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • We regularly assess and evaluate our personal data processing activities

14)  MODIFICATIONS

We have a unilateral right to modify this privacy notice. The modifications take effect immediately when we post the up to date version of our privacy notice to our website. 

Matchmaking software made for all events.
Start now with our customer success heroes.

Contact sales