Last updated: January 2023
- What personal data we collect about you;
- How we use your personal data and on which basis;
- Who we share your personal data with;
- International transfers of your personal data;
- For how long we retain your personal data;
- What actions we have taken to keep your data secure;
- What are your rights as a data subject and how you may exercise them;
- WHAT PERSONAL DATA DO WE COLLECT?
In connection with our operations and during the lifecycle of business relationship with our customers, we collect various types of personal data, meaning any information that identifies or allows to identify you, including:
- data from your interactions with us, including visits to our internet websites or social media pages (connection and tracking data such as cookies, IP address), meetings, emails and other communication or correspondence with us;
- information about your device (IP address, technical specifications and uniquely identifying data);
- contact information, such as e-mail address, phone number, data relating to your role in your organization, and data relating to your habits and preferences, such as participation in our marketing events and areas of interest;
- usage data including information used to connect to our products and data created from use of our products;
- identification information related to your role as authorized representative or beneficial owner of our customer entity (e.g. full name, identity (e.g. ID card, passport information, etc.), nationality, place and date of birth, gender, photograph);
- video surveillance data (CCTV data recorded when visiting our sites).
- WHOSE PERSONAL DATA DO WE COLLECT AND FROM WHICH SOURCES?
We collect data of the following data subjects in connection with our operations:
- Contact persons or other representatives of our customers or customer prospects;
- Ultimate beneficial owners of our customers and their next of kins;
- Users of our products and services;
- Our website and social media page visitors and followers and participants to our webinars and events.
- Visitors to our sites.
We obtain personal data indirectly from the following sources:
- Our customers;
- Our business partners;
- Public sources (e.g. company registers, LinkedIn, company websites, press);
- Third parties such as data brokers or databases (e.g. databases used in marketing, KYC or sanction screening).
- ON WHICH BASIS AND TO WHICH PURPOSES DO WE USE YOUR PERSONAL DATA?
We collect and use your personal data to the extent necessary to carry out our operations and provide our services as well as to comply with any regulatory obligations in our activities. These purposes are defined in more detail below.
To comply with legal and regulatory obligations
We collect and use your personal data to comply various legal and regulatory obligations, such as:
- Anti-money laundering regulations and counter-financing of terrorism regulations, including Know Your Customer (KYC) obligations;
- Regulations relating to international financial sanctions and embargoes.
To fulfill our legitimate interest
We also use your personal data to fulfill our legitimate interests, which include the following:
- Provision and delivery of our products and services;
- Marketing and customer communication and development of our customer relationships;
- Development of our products and services;
- Security and safety of our IT and facilities.
Based on your consent
If processing of certain personal data requires your consent (e.g. cookies), we will inform you of this including details of the specific processing activity and request your consent to such processing. You may request to revoke your consent at any time.
Performance of Contract
We can collect and use your personal data to document and complete tasks in order to fulfil our contractual obligations towards you, i.a. providing and delivering our products and services to you.
- WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Sharing of information within 3stepIT
We share personal data within 3stepIT for the purposes set out above, so e.g. for the purposes of complying with legal obligations or the purposes of marketing or providing our services to our customers.
Disclosing information outside 3stepIT
To fulfil some of the purposes described in this policy, we may disclose from time to time your personal data outside 3stepIT to:
- Service providers which perform services on our behalf (e.g. IT services, logistics, marketing, telecommunication, advisory and consulting);
- Our commercial partners, including our financing partners;
- Authorities or other public bodies, if we are required by law to disclose such data;
- Certain regulated professionals such as lawyers or auditors when needed under specific circumstances (litigation, audit, etc.) as well as to actual or proposed purchaser of the companies or businesses of the 3stepIT.
- INTERNATIONAL TRANSFERS OF PERSONAL DATA
As some of our affiliates, service providers, and partners are located outside the European Economic Area, we may need to transfer personal data outside the European Economic Area to carry out our operations. Transfers of this kind are done according to the requirements of the applicable laws, and by following the applicable safeguards for the transfers, e.g. based on adequacy decisions adopted by European Commission, or using standard contractual clauses approved by European Commission.
- FOR HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
Personal data is deleted or returned once it is no longer needed for its purpose. The retention periods are defined based on e.g. the following factors:
- Requirements set forth in applicable laws and regulations; and
- Other requirements related to the purpose of the processing in question, e.g. operational requirements, such as proper account maintenance and management, security reasons, or responding to legal claims or regulatory requests.
- HOW DO WE SECURE YOUR DATA?
We apply appropriate technical and organizational measures to keep your personal data secure. We use physical, administrative, and technical security measures to reduce the risk of loss, misuse, or unauthorized access, disclosure, or modification of your personal data. Your data can only be accessed by persons for whom it is necessary in relation to their work.
- YOUR RIGHTS AS A DATA SUBJECT
In accordance with applicable regulations and where applicable, you have the following rights:
- To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
- To rectify: where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified accordingly.
- To erase: you can require the deletion of your personal data, to the extent permitted by law.
- To restrict: you can request the restriction of the processing of your personal data.
- To object: you can object to the processing of your personal data, on grounds relating to your situation. You have the right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
- To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
- To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
If you wish to exercise the rights listed above, please send your request to our Data Protection Officer, the contact information of which is provided at the end of this policy.
We may need to request specific information (such as copy of identification) from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority.
- HOW TO CONTACT US?
3Step IT Group Oy, Limited Liability Company registered in Finland (Group acts as a contact point for all 3step IT Group companies in Privacy related requests)
Registration number: 2087590-4
Office address is: Mechelininkatu 1A Helsinki 00180, Finland
The general phone number is +358 10 525 3200
Data Protection Officer: dpo(at)3stepit.com
By allowing all cookies, we can enhance your experience. This means helping you find the right information quickly and tailoring content to your needs. By Default, we enable only strictly necessary cookies required for the website to function and cannot be switched off. They are set in response to actions made by you such as setting your privacy preferences and to also help keep the website secure. These cookies do not store any personally identifiable information.
Because we respect your right to privacy, you can choose to allow performance, advertisement and functional types of cookies. Click ‘Manage preferences’ on the main cookies policy provided to you when landing to our website for more information on the data collected by our cookies and to adjust your preferences regarding the cookies used. You can use your browser settings to delete cookies that have already been set at any time.
- DATA REGISTER DESCRIPTIONS