Privacy Policy

Profilence takes your personal data privacy seriously. This Privacy Policy explains which information is collected and processed through our website profilence.com (hereafter “Website”). It applies to personal data obtained by Profilence Oy, Elektroniikkatie 8, 90580 Oulu, Finland (hereafter “Profilence”, “we” or “us”).

Our Privacy Policy is based on the definitions of the General Data Protection Regulation (GDPR), including the following definitions:

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 (1) GDPR).

‘Processing’ means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (cf. Art. 4 (2) GDPR).

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (cf. Art. 4 (7) GDPR).

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (cf. Art. 4 (8) GDPR).

‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data (cf. Art. 4 (10) GDPR).

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (cf. Art. 4 (11) GDPR).

The controller processing personal data within the meaning of the GDPR is:

Profilence Oy
Elektroniikkatie 8, 90580 Oulu, Finland (hereafter “Profilence” or “we”, “us”)
contact@profilence.com

This Privacy Policy meets our obligations to provide the relevant information in connection with processing your personal data under Art. 12 – 14 GDPR.

Should you wish to receive information on your personal data processed by us or to update it, or should you have any questions about data protection on our Website, you are welcome to contact us by e-mail at contact@profilence.com or by post at the address above at any time.

How and how much of your personal data we process depends on whether you contact us via our Website, register for our Newsletter or merely use our Website for information purposes. You may exercise your rights in respect of the personal data processing described below at any time (see section 7 below).

When you use this Website, we collect and store your personal data if you provide it of your own accord, e.g. when you register for our Newsletter or contact us via contact form. You are always free to decide whether to let us have your personal data for the purposes concerned.

If you contact us by e-mail, we store your e-mail address and any personal content which the message contains to be able to process your enquiry (Art. 6 (1) (f) GDPR).

If your enquiry is product-related, e.g. concerns matters about products or orders, complaints, contract and supplier research, etc., we process your personal data to set up or implement contractual relations (Art. 6 (1) (b) GDPR).

Due to administrative reasons, it may be necessary for us in view of the nature of your request and the country in which you are located, to forward your request and your personal data to a sales partner of ours. The forwarding is based on our legitimate interest in being able to answer your inquiry in the best possible way (Art. 6 para. 1 f) GDPR). For additional information regarding the transfer of personal data to third parties, see section 4.1.
We will delete the personal data concerned once there is no further purpose in keeping it. You may also exercise your rights regarding the processing of your personal data at any time (see section 7 below).

If you contact us via our contact form or request form, we collect and store the personal data you enter in the fields concerned. This may include (depending on the specific contact or request form) in particular:

Details marked * are mandatory fields without which we cannot process your enquiry.

We only use this personal data to process your enquiry / request and save it in case that there are any follow-up questions. To answer your queries, we may forward them to our company’s internal contact concerned (Art. 6 (1) (f). This also applies in case your enquiry or request is product related, Art. 6 (1) (b) GDPR).

Due to the nature of your request and the country in which you are located, it may be necessary for us to forward your request to a sales partner of ours for administrative purposes. The forwarding is based on our legitimate interest in being able to answer your inquiry in the best possible way (Art. 6 para. 1 f) GDPR). For additional information regarding the transfer of data to third parties see section 4.1.

We will delete the personal data concerned once there is no further purpose in keeping it. You may also exercise your rights when it comes to processing the personal data at any time (see section 7 below).

Profilence's Website offers a newsletter which informs you about our products, services and campaigns. You can subscribe to this newsletter by ticking a checkbox and confirming with the “Send message button” or “Subscribe button”. By submitting you consent to the following:

Newsletter Declaration of Consent

I have read the Privacy Policy and I consent to my personal data being processed in accordance with section 3.1.3 of the Privacy Policy so that the newsletter can be sent to me. My consent is voluntary and can be revoked at any time.

If you order our newsletter and consent to your personal data being processed in accordance with Art. 6 (1) (a) GDPR), we will process your personal data as follows:

When you subscribe to the newsletter, we store your e-mail address. We use this data for internal statistical purposes and for further tailoring our newsletter’s content for you.

To design the content, send and analyse the resonance to our newsletter, we use the service HubSpot operated by HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA (“HubSpot”).

If you are resident in the European Economic Area, HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland is the controller for your personal data.

With this in mind, we have signed a personal data processing agreement with HubSpot, which ensures that HubSpot will only process your personal data as we instruct and in compliance with current personal data protection law in the EU. To guarantee an EU-equivalent level of data protection, we have concluded EU standard contract clauses with HubSpot (Art. 46 (2) (c) GDPR) under which HubSpot agrees to comply with European data protection standards.

If you subscribe to our newsletter (cf. section 3.1.3.1), HubSpot stores your IP address as evidence of your declaration of consent. When you subscribe to the newsletter and confirm your subscription, your e-mail address and any other personal data, which you provide to personalise your newsletters, will be saved on HubSpot’s servers in the USA. HubSpot uses this information to send out our newsletters and analyse how users respond when they receive it. In the course of this user analysis, HubSpot collects technical information, particularly on the browser you used, your IP address and time of retrieval. HubSpot checks whether and, if so, you open a newsletter or links which it contains. The only reason we use this information is to assess what the recipient of our newsletter expects and to tailor the content accordingly. HubSpot can also use the personal data to optimise or improve its own services, such as sending newsletters out more effectively by recording the language setting, local information or time zones. At no time will HubSpot write to you based on your personal data for its own purposes or pass your personal data to third parties.

To find out more, see the HubSpot’s privacy policy at https://legal.hubspot.com/privacy-policy

We use HubSpot services as a processor based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR). Our legitimate interest is to offer a centrally coordinated while at the same time legally compliant and special interest newsletter via a professional provider.

If you no longer wish to receive our newsletter, you may at any time object to receiving the newsletter (Art. 21 GDPR) or revoke the underlying consent (Art. 7 (3) GDPR) and thus unsubscribe. To do so, click on the respective link contained in each newsletter. You will then be guided through the unsubscribe process. Alternatively, you may also send us your objection to receiving the newsletter by e-mail to contact@profilence.com.

We record and use personal data, which is generated automatically when you visit our Website to provide our services.

If and when you visit our Website, our servers will record your personal data temporarily in logfiles as follows:

We process your personal data based on our legitimate interest in discovering abuse (spam, viruses etc.) and detecting and correcting problems (legal basis is Art. 6 (1) (f) GDPR).

At a number of points, our Website also uses ‘cookies’ to make our products more user-friendly and effective. Cookies are little text files which aim at putting our Website on your computer and/or other Internet-capable devices like tablets or smartphones. If your browser settings accept cookies, your browser will add this text in a little file.

The cookies we use are necessary for our Website to work and perform unless this Privacy Policy provides otherwise. There are two different kinds of cookies, which we may use: ‘session cookies’ and ‘persistent cookies’. Session cookies are temporary and stay on your device until you leave our Website again, while persistent cookies remain on your device or until you delete them manually, even once you leave our Website. (How long a cookie remains on your device depends on how long it’s ‘lifetime’ is.). We use the information in the cookies solely to offer you the services and functions you want.

Cookies themselves do not damage your computer, and do not contain any viruses. You can set your browser so these cookies cannot be saved in the first place or are deleted when your Internet session ends, but, please, remember that in that case you may not be able to use all functionalities of our Website.

Our Website uses tracking and marketing tools of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

If you are resident in the European Economic Area, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller for your personal data.

If you expressly consent to the processing of your personal date as described in sections 3.2.2.1 – 3.2.2.2 (Art. 6 (1) (a) GDPR), Google will generate the information its services require using cookies. The personal data is normally sent to one of Google’s servers in the USA and saved there. To guarantee an EU-equivalent level of data protection, we have concluded EU standard contract clauses with Google EU (Art. 46 (2) (c) GDPR) under which Google agrees to comply with European data protection standards.

There are a number of ways in which you may stop cookies being used, such as:

If you use different browsers/peripherals to use our Website, you must repeat these steps with all the browsers and devices you use.

We use Google Universal Analytics on our Website. Google Universal Analytics saves cookies in your web browser for up to two years since you last visit and records the personal data below amongst others when you visit our Website, sends it to one of Google’s servers in the USA and saves it there:

Google Analytics does not merge the IP address, which your browser sent, with any other personal data. We have also extended Google Analytics on our Website to include the code ‘anonymiseIP’. This guarantees that your IP address will be marked. Only in exceptional cases, will the full IP be sent to one of Google’s servers in the USA and abbreviated there.

The cookies which Google Analytics uses also contain a randomly generated user ID by which you can be recognised when you visit websites in future. The information the cookies generate is saved along with the randomly generated user ID, which makes it possible to analyse pseudo user profiles. This user-related personal data is automatically deleted after 14 months. Other data remains saved in aggregated form indefinitely.

Google Analytics uses the information obtained by using cookies to analyse how you use our Website, compile Website activity reports and provide us with Website usage and Internet-related services, so we can improve our offer and design it to be more interesting for you as the user. We also get information on how our site is working, such as detecting navigation problems.

Google Analytics may also use the information obtained for its own purposes, which is why we do not use Google’s services on our Website, unless you explicitly consent to thereto when processing your personal data (see Art. 6 (1) (a) GDPR). You may of course withdraw your consent at any time as stated in this section 3.2.2.

To find out more about personal data protection when using Google Analytics, please, go to https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376. To find out more about protecting your personal data when using Google services, you can also visit:
https://marketingplatform.google.com/about/analytics/terms/us
https://policies.google.com

This Website uses Google Tag Manager, a solution we use to manage website tags via an interface. The tool itself (which implements the tags) is a cookie-less domain and does not record any personal data. The tool serves to trigger other tags, such as Google Analytics (cf. section 3.2.2.1 above) which record personal data themselves in some cases. Google Tag Manager does not access this personal data. If you deactivate at domain or cookie level, these continue for all tracking tags implemented using Google Tag Manager.

We use the services of HubSpot not only for sending newsletters (cf. 3.1.3.2) but also for analysis service for the statistical evaluation of our Website and for optimizing our marketing measures. This includes, for example: IP address, geographic position, browser type, navigation information, referral URL, performance data, domain name, internet service provider, operating system version, domain names, access times, the length of stay of users, etc.

HubSpot uses cookies and other browser technologies to evaluate user behaviour and recognize users. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) on behalf of Profilence in order to generate reports about the visit and the pages visited.

If, as described in section 3.1.3, Profilence's newsletter is subscribed to and studies and other documents are obtained, HubSpot can also link a user’s visits to our Websites with personal information (especially name/email address), thus recording personal data and informing users individually and in a targeted manner about preferred subject areas. The processing of your personal data only takes place, if you have given your explicit consent (Art. 6 (1) (a) GDPR). Once you have given your consent, you may withdraw it anytime, e. g. by deleting cookies in your browser settings. This user-related personal data is deleted after a reasonable period of time. Other data remains saved in aggregated form indefinitely.

Further information on how HubSpot operates can be found in the privacy policy of HubSpot Inc., available at: http://legal.hubspot.com/privacy-policy.

More information as to HubSpots compliance with EU data protection regulations is available at https://legal.hubspot.com/security.

More information about cookies used by HubSpot is available at https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser and https://knowledge.hubspot.com/account/hubspot-cookie-security-and-privacy.

For the integration of videos on our Website, we use the provider Vimeo. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011 USA.

On some of our Websites, we use plugins of the provider Vimeo. When you call up a Website that is provided with such a plugin, your browser connects to the servers of Vimeo and personal data is transmitted to Vimeo, e.g. your IP-address and information about the Website you have visited and the video you have watched. If you are logged in to your Vimeo account, Vimeo assigns the collected data to your personal account. Vimeo uses your personal data, among other things, to improve its own service and to launch its own targeted advertising measures. You can prevent this assignment by logging out of your Vimeo user account before using our Website and deleting the corresponding cookies from Vimeo.

For more information on the purpose and scope of data collection and its processing by Vimeo, please see the privacy policy of Vimeo. There you will also find further information on your rights and setting options to protect your privacy: https://vimeo.com/privacy.
More information about Vimeo’s use of cookies can be found here: https://vimeo.com/cookie_policy?tid=331644994700.

Personal data will only be transferred to Vimeo if you have given your express consent (legal basis Art. 6 (1) a) GDPR). If you do not give your consent, no personal data will be transmitted to Vimeo when you visit our Websites with embedded Vimeo video.

Vimeo processes your personal data based on EU standard contractual clauses (Art. 46 para. 2 c) GDPR), according to which Vimeo undertakes to ensure a level of data protection equivalent to that of the EU when transferring data to the USA.

In addition to the third parties described above, such as our sales partners and others with which we share personal data in connection with the Website tools and features, we may also have to share personal data with other third parties in strict compliance with applicable data protection laws.

We may have to allow external service providers to access personal data (particularly IT service providers and sales partners), when requiring support and design services for our online profile and Website.

In such case, we will ensure that the transfer of your personal data will occur in full compliance with data protection laws (e. g. by signing DPAs in accordance with Art. 28 GDPR).

Drawing on professional suppliers of such services is expressly provided for by law and serves our legitimate interest in being able to professionalise what we offer you and offer it commercially rationally (under: Art. 6 (1) f) GDPR). We remain fully responsible for protecting your personal data.

In addition, we reserve the right to disclose your personal data to third parties, if the law, public authorities, such as fiscal or administrative authorities, or criminal prosecution authorities require us to do so. We do not disclose any personal data to third parties otherwise.

Your personal data is processed mainly in Oulu, Finland and we will store your personal data in locked facilities and behind firewalls: it is not transferred outside the European Union or the European Economic Area, unless it is established that the transfer of personal data offers an adequate level of protection as defined in Art. 45 (2) GDPR. Working on this basis, personal data recorded on our Website may be transferred to the United States (to HubSpot, Google, for instance).

We protect personal data by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. We use appropriate technical and organizational means to secure personal data from inappropriate access, accidental or unlawful destruction, amendment, distribution and transfer, and other unlawful processing (Art. 32 GDPR). We concluded agreements in line with Art. 28 GDPR if we use contract processing.

We only retain personal data as long as it is necessary to fulfill the purpose for which it was collected or to comply with legal or official requirements.

Right to be informed: You as a data subject may demand at any time that we inform you without charge how much of your personal data we save, where it comes from, whom we send it to and for what purpose we store it (Art. 15 GDPR). To exercise your right to information, you may contact any member of Profilence's staff.

Right to personal data portability: The data subject may request to receive your personal data, which you provided to us, in a structured, commonly used machine-readable format and to transmit those data to another controller (Art. 20 GDPR), provided (i) you consent to its being processed under Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or is based on a contract under Art. 6 (1) (b) GDPR and (ii) the processing is carried out by automated means.

Right to rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement (Art. 16 GDPR).

Right to erasure (‘right to be forgotten)’: The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without delay and the controller shall have the obligation to erase personal data without due delay where one of the following grounds applies (Art. 17 GDPR): (1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (2) the data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2), and where there is no other legal ground for the processing; (3) the data subject objects to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing; (4) the personal data have been unlawfully processed; (5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Right to object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6 (1), including profiling based on those provisions (Art. 21 GDPR).

If you as data subject object, we will not process the personal data concerned any more, unless we can show overriding legitimate grounds for processing it, which outweigh the data subject’s interests, rights and freedoms or processing serves to assert, exercise or defend claims in law. If we process personal data to engage in direct advertising, the data subject has the right to object to that personal data being processed for the purposes of such advertising at any time.

Right to withdraw consent under data processing law: The data subject shall have the right to withdraw his or her consent at any time (Art. 7 (3) GDPR).

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, the data subject has the right to complain to a supervisory authority, in particular in the Member State in which you are resident, in which you work or where the supposed breach was committed if you consider that processing of personal data relating to you is a breach of the GDPR (Art. 77 GDPR).

If you assert your rights as a data subject against us, we will examine it and uphold it unless the law requires otherwise, and notify you of the outcome.

As a data subject, you do not have to observe any particular formalities to claim your rights to complain to a supervisory authority. If you want to exercise, your rights stated above, please, contact us at contact@profilence.com.

Profilence reserves the right to make changes or updates to this Privacy Policy at any time by giving notice on this page. You are strongly recommended to check this page often, noting the date of the last modification listed at the bottom.

Last modified: April 2023