Privacy notice
This is Lingo Languages Oy’s privacy notice prepared in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Updated on 1 November 2022.
1. Data controller
Lingo Languages Oy
Antinkatu 2
28100 Pori
2. Contact person responsible for the personal data file
Miia Virtanen
tel. +358 400 853 803
miia.virtanen@lingo.fi
3. Name of the personal data file
Lingo Languages Oy’s customer and stakeholder data file.
4. Legal basis and purpose for the processing of personal data
Personal data is processed on the basis of a contractual customer relationship, the customer’s consent, other legitimate business interests, or with the consent of the data subject.
The personal data of the data subject is processed for managing, maintaining, developing, analysing, and compiling statistics on Lingo Languages Oy’s customer relationships, as well as for producing, providing, and developing our services.
Personal data is also processed in order to comply with legal and regulatory obligations, including retention, reporting, and inquiry requirements.
The data will not be used for automated decision-making or profiling.
5. Content of the data file
The information stored in the data file includes:
name, job title, company/organisation, contact information (phone number, email address, address), website addresses, IP address, social media accounts/profiles, information on subscribed services and their changes, invoicing information, and other relevant information related to the customer relationship and subscribed services.
6. Regular sources of information
The information stored in the data file is obtained from the customer through, for example, messages sent via online forms, email, telephone, social media services, contracts, customer meetings, and other situations where the customer discloses their information. Personal data may also be collected for marketing purposes from public sources.
7. Regular disclosure and transfer of data outside the EU or EEA
Information from the data file is only shared with third parties acting on behalf of Lingo Languages Oy or involved in providing our services. Such third parties include, for example, accounting firms, subcontractors and content creators involved in our service delivery, and the system used for sending newsletters. Information may be published only as agreed with the customer.
Data may also be transferred by the controller outside the EU or EEA to servers used by Lingo Languages Oy’s Cloud9 cloud service. Personal data on these servers will be appropriately protected. We have ensured that all our service providers comply with data protection legislation.
8. Principles of data file protection
The data is processed with due care, and any data processed by information systems are adequately protected. When personal data is stored on online servers, appropriate measures are taken to ensure both physical and digital security. The data controller ensures that stored data, access rights to servers, and other information critical to the security of personal data are treated confidentially and processed only by employees whose duties require such access.
Physical data files are stored in locked premises. The data controller ensures that stored data, access rights to servers, and other information critical to the security of personal data are treated confidentially and processed only by employees whose duties require such access.
9. Right of access and right to request rectification of data
Every data subject has the right to access the data stored about them and to request the correction of any inaccurate or incomplete information. Requests must be submitted in writing to the data controller, who may ask for proof of identity if needed. The data controller will respond within the timeframe stipulated by the EU General Data Protection Regulation (generally within one month).
The data subject has the following rights, and any requests to exercise these rights should be submitted to lingo@lingo.fi.
Right of access
The data subject may review the personal data we have stored about them.
Right to rectification The data subject may request the rectification of inaccurate or incomplete data concerning them.
Right to object to processing The data subject may object to the processing of their personal data if they believe it has been processed unlawfully.
Right to opt-out of direct marketing
The data subject has the right to prohibit the use of their data for direct marketing purposes.
Right to erasure
The data subject has the right to request the erasure of their personal data if the processing is no longer necessary. We will process the request for erasure, after which we will either delete the data or provide a justified reason why the data cannot be deleted.
Please note that we may have a statutory obligation or right to retain certain data. In particular, accounting records must be kept for 10 years under the Accounting Act (Chapter 2, Section 10), so related records cannot be deleted before the expiry of this period.
Withdrawal of consent
If the processing of personal data concerning the data subject is based solely on consent, and not, for example, on a contractual relationship or membership, the data subject may withdraw their consent.
Data subjects have the right to lodge a complaint with the Data Protection Ombudsman
The data subject has the right to request that we restrict the processing of disputed data until the matter is resolved.
Right of appeal
The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they consider that the processing of their personal data violates the applicable data protection legislation.
Contact the Data Protection Ombudsman: https://tietosuoja.fi/en/contact-information
10. Other rights relating to the processing of personal data
The data subject has the right to request the erasure of their personal data from the data file (“right to be forgotten”). They also have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests should be submitted in writing to the data controller, who may ask for proof of identity if needed. The data controller will respond within the timeframe stipulated by the EU General Data Protection Regulation (generally within one month).