Privacy Policy

Personal data is collected for various purposes, and different types of information are processed according to the intended use. This document describes in more detail the data and purposes related to Letsperience Oy's customer and marketing registers.

Data Controller

Letsperience Oy
Business ID: 3483559-1
info@letsperience.com

Contact Person Responsible for the Register

Lotta Rautiainen
lotta@letsperience.com

Letsperience Oy's Customer Register

Purpose of Personal Data Processing:

  • The register contains contact information of companies in a customer relationship with Letsperience Oy and their representatives, such as names, email addresses, and phone numbers. The register is used to maintain customer relationships and for invoicing purposes. Collected personal data is utilized for actions necessary to manage customer relationships, such as the proper and secure organization of events, the delivery of ordered products or services, and the provision of customer service and support.

  • The purpose of personal data processing includes communication with customers, order management, maintaining customer relationships, and marketing

  • Data is not used for automated decision-making or profiling.

Content of the Register

The information stored in the register includes:

  • Name

  • Company or organization

  • Contact information (phone number, email address, address)

  • Ordered services

  • Billing information

Data is retained in the system as long as the customer relationship remains active. Billing and payment information are retained as part of accounting records.

Regular Data Sources

Data recorded in the register is collected from customers during situations such as requests for offers, orders, events, messages submitted via online forms, emails, phone calls, agreements, customer meetings, and other occasions where customers voluntarily provide their information.

Disclosure and Transfer of Personal Data Outside the EU or EEA

Personal data is processed outside Letsperience Oy only by contractual partners. Contracts specifically address data protection and the processing of personal data.

Data protection, security, and the processing of personal data are considered when dealing with subcontractors, partners, and contractual collaborators. They are required to comply with established quality standards. Personal data is not disclosed except as required by law.

Data is not transferred outside the EU or EEA unless necessary, such as for technical implementation of services. In such cases, the controller ensures that the level of data protection complies with legal requirements and that a high standard of data protection is maintained through agreements.

Principles for Register Security

Care is ensured in handling the register, and information processed through information systems is protected appropriately. When data is stored on internet servers, both the physical and digital security of the hardware is ensured. The controller ensures that stored data, server access rights, and other critical information for data security are treated confidentially and handled only by employees whose job responsibilities require it.

Right of Access and Correction

Every individual in the register has the right to check their data and request corrections to any incorrect or incomplete information. If a person wishes to review or correct their data, they must send a written request to the controller. The controller may require the person making the request to verify their identity. The controller responds within the timeframe set by the GDPR (usually within one month).

Other Rights Related to Personal Data Processing

Individuals have the right to request the deletion of their personal data from the register ("right to be forgotten"). In addition, registered individuals have other rights under the GDPR, such as the right to restrict data processing under certain circumstances. Requests must be made in writing and delivered to the controller. The controller may ask the requester to verify their identity and responds within the timeframe set by the GDPR (usually within one month).

Letsperience Oy's Marketing Register

Purpose of Personal Data Processing:

  • Consent to receive marketing messages

  • The purpose of data processing is marketing and communication with individuals in

    the marketing register

  • Data is not used for automated decision-making or profiling.

Content of the Register

The information stored in the register may include:

  • Name

  • Company or organization

  • Contact information (phone number, email address, address)

  • Information about ordered services

  • Billing information

  • IP address

  • Social media accounts or profiles

  • Other data related to the customer relationship and ordered services

Data is stored in the marketing register as long as the individual's consent remains valid.

Regular Data Sources

Data in the register is collected from customers during interactions such as requests for offers, orders, events, online forms, social media services, emails, phone calls, agreements, customer meetings, and other situations where customers provide their information.

Disclosure and Transfer of Personal Data Outside the EU or EEA

Personal data is not disclosed unless required by law.

Data is not transferred outside the EU or EEA unless necessary for technical service implementation. In such cases, the controller ensures that the level of data protection complies with legal requirements and maintains a high level of data protection through agreements.

Principles for Register Security

Care is ensured in handling the register, and information processed through information systems is protected appropriately. When data is stored on internet servers, both the physical and digital security of the hardware is ensured. The controller ensures that stored data, server access rights, and other critical information for data security are treated confidentially and handled only by employees whose job responsibilities require it.

Right of Access and Correction

Individuals in the register have the right to check their stored data and request corrections to any incorrect or incomplete information. Requests must be made in writing and delivered to the controller. The controller may require the requester to verify their identity. The controller responds within the timeframe set by the GDPR (usually within one month).

Other Rights Related to Personal Data Processing

Individuals have the right to request the deletion of their personal data from the register ("right to be forgotten"). Additionally, they have other rights under the GDPR, such as the right to restrict data processing in certain circumstances. Requests must be made in writing and delivered to the controller. The controller may require the requester to verify their identity and responds within the GDPR timeframe (usually within one month).

Use of Cookies

To improve the user experience and monitor usage of our online services, we use cookies. Cookies store short text-based information in the user's browser, which can be accessed later.

Persistent Cookies

Persistent cookies remain stored in your browser even after it is closed. This allows us to recognize you as the same user during future visits and tailor content accordingly.

We may store the following persistent cookies in your browser:

  • A tracking cookie from Google Analytics to monitor the general usage of our services and user activities on the website

  • A device identifier to optimize content for your specific device

Third-Party Data Collection

Third-party services include social media platforms as well as analytics and visitor tracking tools.

We utilize the following third-party services:

  • Google Analytics for monitoring general usage and user activities on our website

  • Facebook to target marketing communications on social media platforms where

    applicable