Privacy policy

Data Controller

CAPEX Advisors Oy (Business ID: 2912448-8) (hereinafter referred to as “CAPEX Advisors” or the “Data Controller”)

Visiting Address: Arkadiankatu 23 C, Helsinki 00100

Email: info@capexadvisors.fi

Registers Covered by This Privacy Policy

CAPEX Advisors’ customer, supplier, marketing, and job applicant registers

Person Responsible for Register Matters

Name: Jon Forssell

Phone: +358 50 435 4337

Email: info@capexadvisors.fi

Purpose and Legal Basis for Processing Personal Data

Personal data is processed for the following purposes:

  • Ordering services and client instructions
  • Managing customer relationships and customer service
  • Customer satisfaction and market research
  • Billing
  • Service development, offering, implementation, and marketing
  • Marketing and targeting marketing to customers and potential customers
  • Implementation of rights and obligations arising from legislation
  • Processing job applications and related recruitment communication

The primary legal basis for processing personal data in customer, marketing, and supplier registers is the Data Controller’s customer relationship, potential customer relationship, or other connection with the company or other entity the data subject is employed by, and the Data Controller’s legitimate interest in managing the customer or supplier relationship and targeting marketing. In the case of the job applicant register, the legal basis for processing is the job application submitted by the data subject and the Data Controller’s legitimate interest in processing it. In the case of contractual relationships, personal data processing may also be based on the Data Controller’s statutory obligations. The Data Controller may send direct marketing targeted at the company or other entity to the data subject based on their job title or position unless the data subject has objected.

Data Included in the Register

CAPEX Advisors’ personal data registers contain information about the following individuals:

  • Customer Register: Representatives and contact persons of the Data Controller’s customers
  • Supplier Register: Representatives and contact persons of the Data Controller’s subcontractors and suppliers
  • Marketing Register: Representatives and contact persons of potential customers
  • Job Applicant Register: Job applicants

The following data is processed for each purpose, as necessary:

  • Customer, Supplier, and Marketing Registers:
    • Name
    • Email address
    • Phone number
    • Company and position
    • Company address details
    • Information related to the customer relationship
    • Billing information
    • Newsletter subscription
    • Participation in events
    • Marketing opt-out
  • Job Applicant Register:
    • Name
    • Contact information
    • Job application, CV, and other information provided by the job applicant

Sources of Data for the Register

Personal data is primarily obtained from the following sources:

  • Directly from the data subject or the party they represent for the purpose of managing the customer relationship
  • Directly from the data subject in connection with job search and recruitment
  • Directly from the data subject or the party they represent in connection with other cooperation
  • Publicly available sources (e.g., the internet and business register)
  • Representatives of the data subject’s employer or another party in a customer, cooperation, or other contractual relationship with the Data Controller

Disclosure and Transfer of Data

Data collected in the registers is not disclosed outside CAPEX Advisors for marketing, sales, opinion, market research, or other purposes. However, data may be transferred to the Data Controller’s partners or service providers in connection with an event organized with a partner or marketing a service offered solely or jointly with a partner, in which case the partner or service provider may process the data only for the agreed purpose. In the event of a business transaction or other corporate restructuring involving the Data Controller, data collected in the register may be transferred to the corresponding register of the party involved in the business transaction. Personal data may also be disclosed to authorities in Finland in accordance with Finnish laws upon request. The register is stored and located in a manner that prevents unauthorized parties from accessing the data. Data is not transferred outside the EU/EEA.

Security and Data Protection of the Register

The Data Controller ensures the security of the register in an accepted manner and takes appropriate technical measures to prevent unauthorized access to both the data systems maintained by IT and manually maintained and stored records.

CAPEX Advisors’ personal data registers are only processed by those authorized to do so in the course of their duties. Only designated employees of the Data Controller and companies working on behalf of the Data Controller are granted access to the register’s data.

Recipients of Personal Data in the Customer Register:

  • Employees of the Data Controller whose duties involve processing such data
  • Service providers used by the Data Controller, such as cloud service providers and marketing agencies, as part of the Data Controller’s assignments
  • Limited access by other partners in the case of an event or service jointly marketed with a partner

Access to the register’s data maintained by IT requires a personal user ID and password. Those handling the data have the necessary access rights granted by the Data Controller. Data is stored on a secure server located in the EU/EEA. Agreements with service providers handling the data ensure compliance with the EU Data Protection Regulation and other applicable laws.

Personal data is stored only for as long as necessary to fulfill the purposes defined in this privacy policy. Outdated and unnecessary data is securely destroyed. Due to accounting law or other applicable law, regulation, or authority directive, data may need to be retained longer than what is necessary for the purposes defined in this privacy policy.

Rights of the Data Subject

The data subject has the following rights, which may apply depending on the situation:

  • The right to obtain confirmation from the Data Controller on whether personal data is being processed
  • The right to receive personal data concerning them, which they have provided to the Data Controller or which has been collected by the Data Controller, in a structured, commonly used, and machine-readable format
  • The right to request the Data Controller to correct incorrect data or to remove any personal data or to restrict processing based on statutory grounds
  • The right to object to the processing of their personal data based on legitimate interests
  • The right to opt-out of direct marketing at any time, and to withdraw consent for marketing communication according to instructions provided in marketing messages or by contacting the Data Controller using the contact details in this privacy policy
  • The right to file a complaint with the supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman, whose contact details and instructions can be found at www.tietosuoja.fi.

Exercising Rights

The data subject can exercise their rights by contacting the Data Controller using the contact details provided in the “Further Information” section. We strive to respond in a reasonable time and provide further instructions or ask additional questions regarding the request.

Before fulfilling the request, we have the right and obligation to verify your identity, meaning we must be able to identify you sufficiently.

If the same person makes repeated unjustified requests, the Data Controller has the right to either charge a reasonable fee based on administrative costs or refuse to carry out the requested action.

Further Information

For questions related to the register, you can contact the Data Controller through the contact form on the website www.capexadvisors.fi or directly by email at info@capexadvisors.fi.

This privacy policy was last updated on 10.12.2019.

To ensure security and prevent misuse, the Data Controller uses Google’s reCAPTCHA cookie, the privacy policy of which can be reviewed here and here.