Volare Ltd Privacy Policy for business customers, suppliers and partners

Contact information of the Controller in data protection matters

Name: Volare Ltd (hereinafter “Volare”, “Controller” or “we”)
Address: PO BOX 1188, FI-00101 HELSINKI, FINLAND
Email: info@volare.fi

Data subjects and the data collected

Volare collects following personal data concerning the decision-makers, contact persons and representatives ("Data Subjects") of Volare’s current and potential business customers, suppliers, or partners ("Companies"):

  1. Basic information, e.g.: name, title or profession and position in the Company, Company information, work-related contact information (postal and visiting address, e-mail address, telephone number), year of birth, gender, service language, desired contact method.
  2. Verification and identification information of the Data Subject
  3. Qualification data of the employees of supplier Companies in connection with procurements, e.g.: education, qualifications, work experience, CV, and suitability information of the Data Subject, including date of birth or personal identity code if necessary; information on European Union and UN sanctions against the Company or the Data Subject; non-disclosure obligations of the Data Subject; information on physical and digital access rights.
  4. Marketing information, e.g.: information on roles, positions, duties, and activities in the business or public sector, professional interests, other information provided by the Data Subject; marketing history, participation in events, direct marketing and other permits and consents, prohibitions, and restrictions regarding processing of personal data.
  5. Information on the use of Volare's electronic services or information systems, e.g.: information about the use and browsing of Internet services and newsletters, advertisements displayed and/or clicked; the page which referred the user to Volare's website, device model, unique device and/or cookie identifier, data collection channel (internet browser, mobile browser, application), browser version, IP address, session ID, session time and duration, screen resolution and operating system, country/city-level location; publicly shared social media account information.
  6. Profile and classification data, e.g.: marketing segments and profiles created based on analysis of the data described above and statistical classification data collected from generally available data sources.

Company information is not personal data

Communication and documents between Volare and the Company (e.g., contacts, e-mails, forms, feedback, chat conversations, call recordings, enquiries, requests for quotations, orders and contracts, etc., carried out by the Data Subject on behalf of the Company, are not personal data of the Data Subject even though they contain the name and other data of the Data Subject. Such documents and data are information of the Company. They are not subject to data protection legislation or legal rights of the Data Subjects. Accordingly, data of the Company´s purchases, or usage of Volare´s products and services is not personal data of the Data Subject.

Legal grounds and purposes of the processing of personal data

We process personal data of the Data Subjects

1) based on our legitimate interest for the purposes of
the creation, management, maintenance, and development of a customer, supplier, partner, or other relationship; design and development of our business, products, and services; customer and other satisfaction surveys and other communications based on the relationship between we and the Company.

  • assessment of the reliability, competence, and suitability of the employees of the supplier in relation to procurements.
  • detecting, preventing, and investigating fraud, money laundering and other crimes and abuses and to comply with sanction obligations.
  • performing advertising of our products and services in our own and other Internet and mobile media, and applications.
  • performing direct marketing (incl. newsletters) by telephone, letter by e-mail, SMS and otherwise digitally; conducting opinion polls and market research, organizing marketing competitions and other events.

2) based on the consent of the Data Subject for the purposes of

  • collecting and processing data from the use of our online and mobile services by means of cookies, advertising identifiers or other similar technical means of tracking. For more detailed information on the use of cookies, https://volare.fi/cookie-policy/

3) based on our legitimate interest to analyze and profile Data Subjects for the above-mentioned purposes.

4) based on our legal obligations

Where is the personal data collected from

The personal data is mainly collected directly from the Data Subject in connection with the use of our services and the website, request for information or quotation, orders and contracts, subscription of our newsletter, or in connection with other personal, electronic or telephone contacts or participation in events. In addition, personal data may be provided by the Company or collected and updated from Company´s website or other publicly available sources such as the Trade Register, postal operators, and business information services.

The verification and identification information of the Data Subject is obtained from banks or other providers of electronic signature and identification services.

Information on European Union and UN sanctions against the Company or the Data Subject is obtained from the authorities and sanctions list service providers.

To whom data is disclosed or transferred

We may disclose personal data to our partners when it is necessary for the purposes specified in this Privacy Policy, for example to deliver the agreed products or services.

Otherwise, the data will not be disclosed to third parties without the consent of the Data Subject unless it is necessary for the fulfilment of Volare's legal obligations, in connection with legal proceedings, at the request of the authorities or as part of business transfers or other corporate transactions.

We use subcontractors for example to perform ICT services, email and other electronic communication, analytics, marketing and sales, maintenance of personal data, conducting customer satisfaction surveys, and managing cookie consents.

Each subcontractor processes personal data only to the extent necessary for the performance of its services. The subcontractors are bound by written agreements on the processing of personal data, including confidentiality and data security obligations.

Personal data may be transferred for processing to a country outside of the EU/EEA. Unless the European Commission has approved the adequacy of the data protection in the processing country, we will ensure the appropriate data protection by entering into written agreements with subcontractors under the standard contractual terms approved by the European Commission. The standard terms and conditions can be found at:
https://ec.europa.eu/info/system/files/1_en_annexe_acte_autonome_cp_part1_v5_0.pdf

We also use services, such as Hubspot, Adobe Analytics and Google Analytics, to collect and analyze data about the users of Volare´s website, newsletter, and other electronic services or information systems. These service providers may use cookies to collect information for their own use in accordance with their own terms and conditions and privacy policies:

https://policies.google.com/privacy?hl=en
https://www.adobe.com/privacy/policy.html
https://legal.hubspot.com/privacy-policy

Based on the user's active consent, we might utilize user data on online advertising networks such as Google Ads and on social media platforms such as LinkedIn, Twitter, Facebook and Instagram for targeted marketing and advertising. A user can influence the targeting of advertising by social media through the privacy and advertising settings of said services.

https://www.google.com/settings/ads/
https://www.facebook.com/adpreferences/ad_settings
https://www.linkedin.com/mypreferences/d/categories/ads
https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads

Processing of personal data about social media users

Volare's website includes social media buttons like Twitter and LinkedIn buttons that take the user to Volare´s page at the social media page. If you link a social media account with us, we may collect information you have publicly shared on your account. Volare and social media providers can be partly joint controllers. Social media providers are responsible for complying with data protection legislation in their services and process personal data as explained in their privacy policies:

LinkedIn: https://www.linkedin.com/legal/privacy-policy, and about joint controllership with LinkedIn: https://www.linkedin.com/help/linkedin/answer/a1338708

Twitter: https://privacy.twitter.com/en

Data security and retention

Only persons who need personal data for the performance of their work are entitled to use the personal data and are bound by confidentiality obligations. Personal data is saved in databases that are protected by firewalls and anti-virus malware software, and other technical means. The databases are located in locked and guarded premises, and the data can only be accessed by predefined and designated persons.

The confidentiality commitment given by the Data Subject to Volare is stored for 10 years from the end of the confidentiality period specified in the commitment.

The data collected by using cookies will be deleted in accordance with the retention periods specified in connection with the cookie consents.

The basic information of the Data Subject, marketing data, and profile data specified in section 2 are stored permanently for direct marketing purposes, unless the Data Subject has prohibited the processing of the data.

Other personal data collected based on the relationship between Volare and the Company shall be deleted after the termination of the relationship or after Volare has been informed that the Data Subject is no longer employed by the Company.

Volare assesses the need for the retention of personal data on a regular basis, in addition to which it takes reasonable measures to ensure that no incompatible, outdated or incorrect personal data of Data Subjects is retained.

Rights of access and other rights of Data Subjects

The Data Subject has the right to access personal processed by Volare which concerns him/her and to demand the rectification or erasure of incorrect, outdated, unnecessary or unlawful data. The Data Subject has also the right to withdraw his/her consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of processing that has taken place before the withdrawal of the consent.

The Data Subject has the right to prohibit the processing of personal data for direct marketing and related profiling.

If the Data Subject has provided his or her personal data to Volare and the processing is based on consent or performance of a contract, the Data Subject has the right to receive this data in a structured, commonly used, and machine-readable format and the right to transfer the data to another controller in accordance with the current data protection legislation.

Where the processing of personal data is based on a legitimate interest, the Data Subject has the right to object to the processing on grounds relating to his or her particular situation.

In situations defined by law (e.g., when Data Subject and Controller disagree on the correctness of the data), the Data Subject may request restriction of the processing of personal data, for example suspension of processing.

Data Subject´s requests must be submitted in person, by letter or by e-mail using the contact details specified in paragraph 1. If necessary, Volare may ask the Data Subject to specify the request and to prove his/her identity.

The data subject has the right to lodge a complaint about the processing of personal data with the Finnish Data Protection Ombudsman https://tietosuoja.fi/en/home .