PRIVACY POLICY AND COOKIE POLICY OF THE CUSTOMER INFORMATION AND STAKEHOLDER REGISTER

IN ACCORDANCE WITH THE EUROPEAN UNION DATA PROTECTION REGULATION (GDPR)

This policy data describes and specifies the principles governing the processing of personal data.

The description describes, among other things:

  • how our company handles customer data and other personal information received from stakeholders
  • what kind of personal data we collect
  • the purposes for which we may use the collected personal data
  • how registers containing personal data are protected

Updated 04.05.2022

1. The Controller

Trevian Asset Management Oy (Company registration number 2507543-9), Erottajankatu 2, 3rd floor, 00120, Helsinki 

email: tietosuoja@trevian.fi

phone: +358 10 581 3830

(”Trevian”, “We”, “Us”)

Responsible person for the register:

Daniel Tuori, Marketing and Communications Director

Data Protection Officer:

Matti Tossavainen

2. Name of the register

Customer infromation and stakeholder register

3. The purpose of the personal data management

Personal data is processed for the purposes of customer relationship management and communication, business and service and product development, analysis and statistics, publications, newsletters and marketing messages, direct marketing, opinion polls or other similar addressed broadcasts, including electronic direct marketing of the Controller. Personal information may also be processed to create classifications, groups or profiles and to target marketing to the registered.

The processing of personal data is based on the legitimate interest of the Controller and / or the consent of the Data Subject. When the processing is based on legitimate interest, the interest of the Controller is the need to market its products and services efficiently and the development of services.

4. Information content of the register

The register contains the following personal data provided by the Data Subject:

  • first name, last name
  • title, function and/or role
  • employer
  • department
  • work address, postal code, city, country
  • email address
  • work and/or mobile phone number
  • customer feedback and contacts
  • information related to the use of our services such as browsing and search data of our website
  • other necessary information based on the purpose of the use of the register.

and other descriptive identifiers (e.g., “Tenant” or “Service Provider”).

In addition, we record the following information: when the personal data was updated, the contact with the person by Trevian Asset Management Oy, any agreements made with the Data Subject and/or his/her employer by Trevian, and basic contract information.

5. Regular sources of the personal data

The register contains information provided by the Data Subject him/herself, for example by e-mail or otherwise. In addition, information can be collected from public websites and other public databases.

6. Transfer of the personal data

The information will not be disclosed to third parties without an order from the authority.

Trevian may disclose personal data to third parties in the following situations:

  • to the authorities when required by law, for example when making various statutory notifications
  • trusted service providers acting on behalf of Trevian, and who do not have an independent right to access the personal data provided to them. For example, for IT support, customer satisfaction surveys are outsourced services
  • to a new service provider to ensure continuity of the services in the event of a change of provider
  • when required by law, such as to respond to an action brought against Trevian or in connection with legal proceedings
  • if Trevian is involved in a merger or acquisition;
  • when acting in good faith that the disclosure is necessary to safeguard our rights, to investigate criminal offenses or to respond to requests from the authorities.
  • in addition, personal data may be transferred between properties managed by Trevian when Trevian in practice processes personal data on behalf of other companies in the group i.e. is a Joint-Controller or a Processor.

7. Data transfers within EU and outside the EU

Depending on the systems in use, the data is stored in Finland or outside Finland, however, as a rule, within the European Economic Area in the data centers of data system service providers. Some of the personal data may be processed and stored outside the European Economic Area in the United States operators who comply with the requirements of the European Union Data Protection Regulation. Trevian ensures that the transfer of data complies with the requirements of the Data Protection Regulation, such as the EU Commission’s standard contract clauses or the EU Commission’s decision on the adequacy of data protection (the “Adequacy Decision”). Personal data will also not be transferred outside the EU or the EEA without the express consent of the Data Subjects.

8. Storage of personal data

The personal data in the register may be kept for as long as it is needed for the purpose for which it was collected and processed, or for as long as required by law and regulations. However, the data will be deleted immediately if the Data Subject withdraws his or her consent or otherwise exercises his or her right to be forgotten.

9. Protection of the personal data

Personal data is collected on systems to which users of the data have specific access rights. Use requires a personal username and login to the information system. The register is protected by appropriate technical measures.

10. The rights of the registered

Every Data Subject has the right to know what personal data about him or her has been stored in the register or to find out whether he or she is in the register. In principle, the Data Subject has the right, in accordance with the applicable data protection legislation:

  • to obtain information on the processing of their personal data;
  • to have access to their own data;
  • to require the correction of inaccurate and incorrect personal data;
  • to request that the processing be restricted or that personal data be deleted;
  • to withdraw his/her consent and to object the processing of his/her personal data to the extent that the processing of personal data is based on the Data Subject’s consent and there are no other grounds for doing so.
  • the right to transfer data from one system to another, i.e. to obtain personal data about oneself in a structured and publicly available form, and to transfer the data to another Controller.
  • the right to lodge a complaint with the Office of the Data Protection Ombudsman (Finland) if the Data Subject’s statutory rights have been violated.
  • the right to have his or her data deleted and forgotten.

The address of the Office of the Data Protection Ombudsman:

The Office of the Data Protection Ombudsman

Address: PL 800, Ratapihantie 9, 00521 Helsinki, FInland

Phone: 029 56 66700

EMail: tietosuoja@om.fi

Website: www.tietosuoja.fi

The Data Subject must submit a request for the right of inspection in writing, stating at least his or her name and e-mail address. The Data Subject concerned must make a request for inspection either by e-mail or by handwritten letter. Requests for verification and information are not received by telephone, but we always require a written request for verification of information. Necessary and appropriate measures to identify the Data Subject shall be taken prior to the investigation and / or disclosure to the Data Subject.

TREVIAN.FI COOKIE POLICY

We use cookies on the website to enable a secure, efficient and user-friendly experience. If you wish, you can change your own cookie settings and block some cookies from your browser settings. Please note, however, that restricting cookies may restrict your use of the site and online services.

What are cookies?

Cookies are small text files that allow our website to remember, for example, when using tools, what information you have written in previous steps. In addition, we use cookies e.g. statistics and tracking of our pages in order to further develop them. You can read more about the use of cookies in our terms of use. More information about cookies https://www.kyberturvallisuuskeskus.fi/en/our-activities/regulation-and-supervision/cookies.

Our website uses cookies for four purposes:

  1. Necessary cookies: minimum requirements to ensure the operation of the website.
  2. Website Improvement Cookies: Necessary to improve the browsing experience of the website. For example, we monitor which pages visitors spend time on. The information is used to analyze the operation of the site and to develop the site.
  3. Functional Cookies: We use such cookies to enable certain functionality of the website.
  4. Social Media and Advertising: Allow a third party to use the information collected on our site for advertising purposes.

Do you want to block cookies?

The EU directive allows cookies that are necessary for the operation of the site and cannot be disabled, but you can restrict other cookies in your browser settings if you wish.

TREVIAN’S SOCIAL MEDIA PAGES

Trevian maintains several pages on social media, e.g. on LinkedIn, Facebook, Twitter, Instagram and YouTube. If you like a Trevian social media page, comment on a post, or otherwise interact with a Trevian social media page, your public profile information, such as your username and profile picture, will be visible to all users of these pages.

We process data e.g. to report on the sites, services, events we manage, to conduct marketing campaigns, to receive feedback, to purchase advertising on social media, and to measure the effectiveness of our advertising. If you have provided feedback, contacted us or made a complaint on the social media page, we may direct the handling of the contact, feedback or complaint outside of these pages, in which case we will process your information in the same way as in other customer service situations.

We also receive visitor information collected by social media service providers when users visit Trevian’s social media pages or interact with these pages or their content. Such aggregated statistics help us understand how users interact with Trevian on its social media pages.

Trevian processes information on its social media pages on the basis of a legitimate interest.

Facebook and Instagram

Meta Platforms Ireland Limited (“Meta”) and Trevian are the Joint-Controllers for visitor information on Facebook and Instagram, when applicable. Meta is primarily responsible for complying with data protection legislation and enforcing data security and data subjects’ rights. Meta processes personal data in accordance with its own data protection principles, and we cannot influence the processing. For more information on Meta’s processing of personal data on Facebook, visit www.facebook.com/privacy

and Instagram at https://en-i-.facebook.com/help/instagram/155833707900388. You can manage your Facebook and / or Instagram privacy settings on Facebook. Trevian is responsible for managing the content of its Facebook and Instagram pages. If you wish to exercise your privacy rights with respect to visitor information on Trevian’s Facebook and Instagram pages, you may contact them. More information on Joint-Controllers and personal data processing is available on Facebook at: https://www.facebook.com/legal/controller_addendum.

LinkedIn

LinkedIn Ireland Unlimited Company and Trevian are, where applicable, Joint-Controllers of visitor and personal information on the LinkedIn pages managed by Trevian. LinkedIn is primarily responsible for compliance with data protection laws and the security and privacy of the data subject, and we cannot influence the processing. For more information on LinkedIn’s processing practices, please visit: https://www.linkedin.com/legal/privacy-policy. You can manage your own LinkedIn privacy settings on LinkedIn. Trevian is responsible for managing the content of its LinkedIn pages. If you wish to exercise your privacy rights with respect to Trevian’s LinkedIn visitor information, you may contact LinkedIn. More information on Joint-Controllers and personal data processing is available at Linkedin at: https://www.linkedin.com/help/linkedin/answer/124838.

Twitter

Twitter International Company and Trevian are, where applicable, Joint-Controllers of visitor and personal information on the Twitter pages managed by Trevian. Twitter is primarily responsible for compliance with data protection laws and the security and privacy of the data subject, and we cannot influence the processing. For more information on how to handle Twitter, visit: https://twitter.com/en/privacy. You can manage your own Twitter privacy settings on Twitter. Trevian is responsible for managing the content of its Twitter pages. If you wish to exercise your privacy rights regarding the visitor information of Trevian’s Twitter pages, you may contact Twitter. More information on Joint-Controllers and personal data processing is available on Twitter at: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

YouTube

Google Ireland Limited and Trevian are, where applicable, Joint-Controllers of visitor and personal data on the YouTube pages maintained by Trevian. Google is primarily responsible for compliance with data protection laws and the security and privacy of data subjects, and we cannot control the processing. For more information on Google’s processing practices, please visit: https://policies.google.com/privacy?hl=en_US. You can manage your own Google privacy settings at Google. Trevian is responsible for managing the content of its YouTube pages. If you wish to exercise your privacy rights with respect to visitor information on YouTube pages, you may contact Google. The main content of the agreement between the joint controllers is provided by Google and may be found at the following link:  https://privacy.google.com/businesses/gdprcontrollerterms/.

This privacy statement may be updated from time to time, for example as legislation changes.