Skip to content

Readpeak takes your privacy very seriously. This privacy policy aims to inform you how we process personal data of our customers and potential customers and visitors of our website. 

For more information related to the Readpeak platform, please visit Readpeak Platform Privacy Policy.

Controller

Readpeak Oy Tammasaarenlaituri 3, 00180 Helsinki, Finland

Business ID 2615511-5

+358 50 575 2083 or info@readpeak.com (hereafter “we” or “Read Peak”)

Contact person 

Tomas Forsbäck Tammasaarenlaituri 3, 00180 Helsinki

+358 50 575 2083 or info@readpeak.com

What is the legal basis for and purpose of the processing of personal data?

The basis for processing personal data is the performance of contract (when the data subject is a party to the contract) and our legitimate interest based on customer relationship or other appropriate connection. In addition, the processing may be based legal obligation, such our legal obligation to retain accounting data. Placing of non-essential cookies and electronic direct marketing may also be based on your consent. 

The purpose of the processing of personal data is:

  1. delivery and development of our products and services (to offer the user more relevant content better experience with our product)
  2. fulfilment of contractual obligations and other undertakings of the company,
  3. management of customer relations,
  4. organizing events,
  5. analyzing and profiling of customer or other data subject,
  6. electronic direct marketing,
  7. targeting marketing within the networks of the company and other parties.

We use profiling and third party tracking technologies to build profiles based on  online behaviour and other data provided by the data subject. We use this information to target marketing and to develop our services. For more information please see our separate Cookie Policy.

We have a legitimate interest to process personal data of our customers’ and potential customers’ representatives. The processing of their data enables us to manage our customer relationship as well as market and develop our services. Given the categories of data subjects, the types of data, the nature of processing and the choices available to you, we have assessed that your interests or fundamental rights or freedoms do not override the legitimate interest described above. You can, however, object processing based on legitimate interest at any time as described below. 

What data do we process?

We process the following personal data of the customer or other data subject:

  1. basic information of the data subject, such as name*, email address*, phone number, country and city, customer number;
  2. device information, such as IP address, browser type and version, operating system;
  3. information regarding the company and its contact persons, such as business ID* and names and contact information of the contact persons, billing details*, currency, country and language;
  4. possible direct marketing prohibitions and consents;
  5. event participation details and possible information regarding the event;
  6. information regarding the customership and contract, such as information of past and excisting contracts and orders, other transaction information (job title/role, location and language);
  7. other possible information collected based on the consent of the data subject.

Providing the information marked with a star is a prerequisite for our contractual relationship and/or customer relationship. We cannor deliver the product and/or service without the necessary information.

Where do we receive the personal data?

We receive data primarily from the data subject. For the purposes described in this Privacy Policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. 

Whom do we disclose data and do we transfer data outside of EU or EEA?

We do not disclose data to external parties except in the following circumstances:

  1. Authorities: We may disclose personal data to authorities when we have a legal obligation to do so under applicable law. 
  2. Consent: Based on your consent we may disclose your personal data within the limits of the specific consent you have given. 
  3. Business transactions: We may disclose your personal data in connection with a business transaction to the other party or parties of the transaction, if and to the extent necessary.
  4. Our legitimate interests: We may disclose your personal data if it is necessary in order to protect or defend our legitimate rights and interests, or those of our other customers, employees, directors or shareholders, and/or to ensure the safety and security of our services.

We use subcontractors that process personal data on behalf of and for us. We have outsourced the IT and marketing management to an external service provider, to whose server the data is stored. The server is protected and managed by the external service provider. 

We transfer personal data outside of EU/EEA (such as USA). We have taken care of suitable safeguards for the transfer. We use standard contractual clauses accepted by EU Commission or EU-US Data Privacy Framework where applicable.

How do we protect the data?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons. 

How long do we store the data?

We store the personal data for as long as is necessary considering the purpose of the processing. After the customer’s account has been deleted, we retain minimised data to fulfill our legal obligations and for marketing purposes. We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register are not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such personal data without delay.

What are your rights as a data subject?

  1. Right to access, rectification and deletion: You have a right to inspect the personal data concerning yourself and a right to require rectification or erasure of the data. 
  2. Right to withdraw consent: You also have a right to withdraw or change your consent. Cookie consent may be withdrawn via the cookie consent mechanism.
  3. Right to object and restrict processing: You have a right to object marketing and the related profiling at any time. For specific personal reasons, you also have the right to object other processing operations which are based on our legitimate interest. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request for objection only on legal grounds. You also have the right to request the restriction of the processing of your personal data, for example, in case you object to processing as described above or contest the accuracy of your personal data. 
  4. Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller when we process your data automatically on the basis of contract or your consent. 
  5. Right to lodge a complaint: In addition, you have a right to lodge a complaint with a supervisory authority. There is a data protection authority in each EU and EEA country as well as in the UK. Please contact the authority of your country of residence for more information on how to complain. The contact details for the Finnish Data Protection Ombudsman may be found here: www.tietosuoja.fi.  

Who can you be in contact with?

All contacts and requests concerning this Privacy Policy must be submitted in writing or in person to the person mentioned in section two above.

Changes in the privacy policy

We are continuously developing our business and services, which is why we may occasionally need to make changes also to this Privacy Policy. Should we make amendments to this Privacy Policy we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit our webpage and this Privacy Policy and review possible amendments.