Annie Advisor logo

Privacy Policy

Last updated: 30th of March 2023

Annie Advisor Ltd (hereinafter the ”Company”) is committed to following good privacy practices. The purpose of this document is to inform the user of this website (hereinafter data subject) about the relevant privacy policies and practices. Personal data shall mean any information by which an individual can be identified.

Company contact information:

Annie Advisor Oy
Address:  Vilhonkatu 4 B 18 A, 00100 Helsinki, Finland
Puh. +358 40 847 2763
Email: annie@annieadvisor.com 

 

  1. Data controller and processors

The data controller is the party who is responsible for the handling of personal data. A processor, on the other hand, is the party who handles personal data on behalf of the controller based on a contract between the controller and the processor.

This privacy policy covers the websites where the Company is the data controller, through which the Company receives and processes personal data and the handling of the received data, i.e. the following:

a) the annieadvisor.com website

b) Annie Advisor Ltd customer information

c) The Annie WhatsApp bot

Personal data is not transferred to other third parties. The Company uses external data processors for the purposes stated above and no other purposes. Data is transferred, processed or stored outside the EU/EEA area only in the case of the Annie WhatsApp bot, the use of which is voluntary and data is processed only when initiated by the visitor.

  1. Categories of personal data and the legal basis for processing

Personal data will be processed in accordance with and in accordance with the provisions of the General EU Data Protection Regulation (hereinafter “GDPR”) and applicable national data protection law. Personal data will only be processed for the purposes mentioned below, and there is always a legal basis for such processing based on the data protection legislation mentioned above.

The following categories of personal information will be processed in connection with the provision of the Company’s website and services:

 

a) annieadvisor.com website

Data category Purpose of use Legal basis for processing Deletion (ie at what stage is personal data deleted or irrevocably anonymised) Controller
Contact information of an individual using the website to set a meeting, request materials or subscribe to a newsletter Complying with the request of the individual Implementation of the agreement between the Company and the visitor (GDPR Article 6(1)(b)) After the request is processed or latest 1 year after the request The Company
Customer information Implementation of an agreement Implementation of the agreement between the Company and its customers After the agreement is terminated or by explicit request The Company
Google Analytics and LeadFeeder website analytics Development of the website and the Company’s messaging to suit visitors’ interests and needs Explicit consent After the request is processed or latest 2 years after the visit The Company

 

b) Customer information

Data category Purpose of use Legal basis for processing Deletion (ie at what stage is personal data deleted or irrevocably anonymised) Controller
Customer contact person name, position, contact information Managing the customer relationship related to the Company’s services and informing about changes, fault conditions and new functionalities in the Company’s services Implementation of the agreement between the Company and the visitor (GDPR Article 6(1)(b)) Latest 5 years after the end of the customer relationship unless otherwise agreed The Company

 

c) Annie WhatsApp bot

Data category Purpose of use Legal basis for processing Deletion (ie at what stage is personal data deleted or irrevocably anonymised) Controller
WhatsApp message logs Providing the Annie WhatsApp bot for demonstration and research purposes Explicit consent After the request is processed or latest 1 year after the request The Company

d) Student Advisor community

Data category Purpose of use Legal basis for processing Deletion (ie at what stage is personal data deleted or irrevocably anonymised) Controller
Participant information and explicitly given feedback and opinions Co-developing the Annie solution for the purpose of improving the student experience Explicit consent After the request is processed or latest 1 year after the request The Company
  1. Information security

The Company protects personal information related to the Company’s websites or services with reasonable, appropriate safeguards to prevent unintentional data leakage, unauthorized processing of personal information, and accidental or unauthorized destruction, use, alteration or disclosure of personal information. The company has implemented appropriate technical and organizational measures to secure personal information. The above measures, such as restricting the access of the Company’s personnel and processors to personal data and storing and processing personal data in encrypted form, have been decided taking into account the harmfulness and probability of possible data leaks, the sensitivity of processed personal data, the conditions under which they are stored and developments in security technology.

 

  1. Rights of the data subject

The data subject under the GDPR has the following rights with regard to personal data, as further explained in Articles 15-21 of the GDPR:

a) Right to access: the data subject has the right to request confirmation of the processing of his or her personal data in connection with the Company’s website or services and to have access to his or her data

b) Right to rectification: the data subject has the right to ask the data controller to correct their erroneous or incomplete personal data processed in connection with the Company’s website or services

c) Right to be forgotten: the data subject has the right to request that personal data concerning him or her be deleted if they are no longer needed for the purpose for which they were collected or processed, if the data subject opposes processing and there are no compelling legal grounds for processing, if personal data are processed unlawfully or if personal data are deleted in order to comply with a legal obligation

d) Right to restrict processing: the data subject has the right to request a restriction on the processing of personal data if the accuracy of the personal data is disputed, if the processing is illegal or the controller no longer needs such data but the data subject has justified opposition to the deletion, or whether there is a legal basis for the processing

e) Right to object: the data subject has the right to object to the processing of his personal data insofar as the data is processed in connection with the Company’s website or services under Article 6 (1) (f) GDPR, in which case the controller must prove that there is a compelling legal basis for the  processing of such personal data

f) Right to transfer: the data subject has the right to have personal data concerning him and the right to have the above data transferred to another controller in so far as the processing is based on Article 6 (1) (b) of the GDPR

In addition, the data subject always has the right to complain to the competent data protection authority about the processing of his or her personal data in connection with the Company’s website or services. The competent data protection authority in Finland is the Data Protection Commissioner: www.tietosuoja.fi.

 

  1. Contact information in personal data matters

The Company strives to ensure that the personal information it processes is properly up-to-date, accurate and complete. If the data subject wishes to report inaccurate information, request the deletion of personal data relating to him or her or otherwise have questions, comments or other matters related to these security policies, or if the data subject wishes to complain about the processing of personal data of the Company or its customers, they can contact the Company at: annie@annieadvisor.com. In case of personal information processed by the Company on behalf of its customers, the data subject can contact the contact information provided by the customer (i.e. the data controller).

Upon contact, the data subject may be asked to provide proof of identity for data protection reasons.

 

  1. Changes to the privacy policy

Changes to this Privacy Policy can be made from time to time by uploading an updated version of the document to the Company’s website, after which the updated version will apply. If material changes are made to the data protection policies, the Company will also endeavor to inform about them by other means, such as e-mail, notice in a service maintained by the Company or by notifying the website or social media pages within a reasonable time before the changes take effect.

 

Cookie Policy

The Company uses the following cookies, which are anonymous and don’t identify a single user:

  • Leadfeeder -cookies, which allow the Company to analyze how users interact with the website on a general level and which companies or organizations the visitors may represent. The cookies have a lifetime of up to one year (https://www.leadfeeder.com/cookies-and-tracking/).

The Company website and services don’t use third party cookies or other cookies other than the ones mentioned above.  

By clicking “I Agree” below, you agree to the use of the above non-functional cookies in connection with the Company’s website. If you refuse to allow the use of cookies, you may not be able to use the website as intended.

In addition, you can block cookies by modifying your browser settings, for example, so that your browser always asks you before receiving a cookie, and allows you to reject the cookie. You can also delete cookies at any time.

More information about cookies: www.aboutcookies.org