Skip to main content

Privacy Policy

1. Introduction

The processing of personal data is necessary for the operation of Hapwork Ltd ( “we”). We follow policies and precesses to protect personal data in accordance with the requirements of data protection legislation.

This Privacy Policy sets out the basis on which data is collected and what the collected data is used for. The principles and practices set out in this Privacy Policy apply to all our activities involving the processing of personal data. Examples of applicable situations include the use of out Services in accordance with our contractual terms and conditions and the submission of a direct marketing consent. The Privacy Policy also applies to the processing of data of our staff and job applicants.

We act as a processor when we provide Services to corporate clients, such as companies that provide gifts to their staff, or for example, to their stakeholders. In such cases, the controller is each individual corporate client. In Section six (6), we explain how we process data when we provide Services to these customers in our role as a processor.

2. Purposes and legal basis for processing

Purposes of processing personal data

We collect and process personal data in order to:
– to market and communicate our services or those of selected third parties to potential and existing customers, for example through newsletters, various marketing campaigns or invitations to events
– we can fulfil our contractual obligations towards our customers, partners and, for example, our employees
– we can improve services and enhance the user experience
– our services can be managed
– in certain circumstances, we can investigate possible abuses

Legal basis for processing personal data

We have a legitimate interest in marketing our activities and maintaining and developing our business. We may have a legitimate interest in marketing our services to potential customers and clients.

In performing our obligations under contracts, we process personal data on contractual basis. This includes processing for identification, verification, customer relationship management, support and communication, software and system updates, contract management, troubleshooting and repair purposes.

The processing of personal data may also be based on consent. These situations include, for example, consent to electronic direct marketing by us or our partners. The processing of personal data is explained separately for each consent in accordance with data protection legislation, so that the individual knows what he or she is consenting to. If you have given your consent to the processing of your personal data, you also have the right to withdraw your consent.

3. What information do we collect

We collect the information necessary for the purposes of use as set out in this Privacy Policy:

A) Information received from community Customers

We obtain community customer stakeholder information from each community customer. In this case, our Community customer is the controller, and the processing of the personal data is described in more detail in section 6.

B) Information you provide to us

For example, the Sites ask for your contact information when you subscribe to a newsletter, request a quote, register for an event, leave feedback or request to be contacted. If you are a member of our community customer’s staff or a stakeholder and you give us your consent to direct marketing, we are the data controller of the direct marketing.  

C) Technical information observed and derived from the use of the Services

We use various technologies (including cookies) to collect and store information about users and visitors to the Site and its Services

D) Information collected from other sources.

We collect personal information from publicly available sources, such as registers maintained by public authorities (e.g. civil registers, tax registers) and commercial data brokers.

4. How long will user data be stored

We will only keep your personal data for as long as it is needed to provide the Service or for the maximum period permitted by law.

5. Disclosures to third parties

Your consent

If you have given your consent, we may share your information with selected third parties.

Service providers

We will only transfer personal data to the extent that third parties need access to the personal data we process in order to provide services to us or to the end customer for the purposes set out in this Privacy Policy.

For legal reasons

Your personal data may be disclosed in accordance with the requirements of a competent authority and in accordance with legal requirements.

6. Providing Services to our community customers

6.1 Personal data processed

We offer Services to Community customers on a contractual basis in the role of processor. In such cases, it is necessary to process personal data on behalf of each of our community customers. In such cases, we process basic and contact information of employees or partners, as well as contact information such a name, address, telephone number, e-mail address and contact history.

6.2 Why is data processed and on what basis

The purpose of processing personal data is to fulfil our obligations towards our customers. When we process data on behalf of a company, the company is fulfilling its obligations under law, such as labor laws and contracts.

6.3 How long will the data be kept

Personal data will be kept for as long as it is necessary for the performance of the contract and for as long as required by law and regulation regarding data retention.

6.4 Data subjects’ rights

Individuals have the right to access to their personal data, the right to rectify their data and, where the conditions are met, the right to erasure, the right to restrict or object to the processing of their personal data, the right to data portability and the right to lodge a complaint with data protection authority. The controller is each Community customer. Therefore, you can contact your employer or partner for information about your data subject rights.

7. International data transfers

We aim to provide Services and process personal data using operators and services located in EU or EAA.

Services, may however, in some cases also be provided using operators, Services and servers located elsewhere. In such cases, your personal data may be transferred between different countries. Such transfers may include transfers of personal data outside the EU and EAA to countries whose laws on the processing of personal data differ from the requirements of Finnish law. In such cases, we will ensure and adequate level of protection of personal data, for example by reaching an agreement with the processor.

8. Data protection

The security of data is ensured by the appropriate administrative, technical and physical protection measures.

9. Minors

The Service we provide is not directed to minors and we do not specifically collect personal data from minors. We ask minors to obtain parental consent before storing their personal data. We encourage guardians to regularly monitor their dependents’ use of Internet and our site.

10. Third Party Services

This Privacy Policy applies only to our Service and we are not responsible for the privacy practices of other sites. We encourage you to check the privacy policies of the sites you use.

11. Changing this Privacy Policy

We may change this Privacy Policy. If we make changes to this Privacy Policy, we will always post those changes on this Privacy Policy.

12. Your rights

Right to inspect

You have the right to inspect what information about you is stored in the contact register. We will provide the information in the format required by law.

Right to request rectification of information

You have the right to request the correction or completion of information that is inaccurate, incomplete, outdated or unnecessary.

Right to request the deletion of information

You can request us to delete your personal data from our systems. We will comply with your request unless we have a legitimate reason not to. Data may not be immediately removed from all our backup or similar systems.

Right to restrict the processing of data

You can request us to restrict the processing of certain personal data about you. A request for restriction of processing may result in reduced ability to use our website and services.

Right to object to processing

You may also request restriction on the processing of your personal data where our data is processed for purposes other than the provision of our Services or to comply with a legal obligation. Objecting to the processing of personal data may result in reduced ability to use our website. You have the right to opt out of direct marketing by electronic means by following the instructions included in any marketing communications we send you.

Right to data portability

You have the right to receive your personal data from us in structured and commonly used format so that you can transfer it to another processor.

Right to withdraw consent

Where the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.

13. Exercising your rights

You can exercise your rights by contacting us. We may request additional information necessary to verify your identity. We may refuse requests that are unreasonably repetitive, excessive, or unjustified.

If you consider that the processing of your personal data is in breach of applicable law, you may lodge a complaint wit your local data protection supervisory authority.

14. Who can I contact

In case of data security concerns, you can contact:

Timo Sammalvuori

tietosuojavastaava@happywork.fi