The EU adopted its new General Data Protection Regulation (GDPR) in spring 2016. The GDPR became fully applicable on 25 May 2018. In Delete Group’s online services, GDPR-related considerations have been taken into account as part of good service provision and the development of the best maintenance practices.
Utilisation of cookies and other similar technologies and of location data
We may collect and use data about the online behaviour of service users in Delete’s online services and mobile applications. Information regarding the user’s computer and other data terminal is collected with the help of cookies and other similar technologies.
We automatically collect information about the ways in which visitors use Delete’s pages and mobile applications (including the duration and time of the visit, the search words and phrases used as well as the search engine linked to the visit), the pages and sections that users visit as well as the technical data regarding the user’s computer or mobile device.
We use the data collected through cookies and other similar technologies to make our services increasingly better, to deliver more relevant advertising and to tailor the content of our services and marketing messages. Delete’s advertisements can be targeted in third-party services (such as Google’s) based on the visitor having used our services.
If you do not want us or our partners to target advertising or to tailor content based on your online behaviour, you can prevent this by disabling cookies in your browser settings.
Third-party services most commonly used by Delete
Google Ads Settings
Contact information and changes to these terms
This description was written on 22 May 2018. We reserve the right to change the data protection policies described herein and update the terms accordingly.
Delete Group Oyj
Privacy statement for Delete Group services’ customer register
- Data controller
Name: Delete Group Oyj
Business ID: 2340045-3
Postal address: Postintaival 7, 00230 Helsinki, Finland
- Head of register
Name: Janika Vilkman
Postal address: Postintaival 7, 00230 Helsinki, Finland
- Name of the register
Delete Group services’ customer register
- Legal basis for and purpose of processing personal data
The legal bases for the processing of personal data consist of the preparation or performance of a contract between the controller and the customer as well as the controller’s legitimate interest in processing data for the purposes of managing customer accounts, invoicing, direct marketing, etc.
Personal data may be processed for the following purposes: managing and developing customer accounts, implementing services, verifying customer events, developing customer service and business operations, marketing, targeted advertising in online services provided by us or third parties, analysis and statistics, polling and market surveys and other similar uses. Personal data can also be processed in other Finnish companies belonging to the Delete Group in accordance with the applicable personal data legislation. Personal data is processed in accordance with the limitations and requirements set in the applicable personal data legislation.
- Data content of the register
The following types of data may be included in the register: contact information, such as name, address, telephone numbers and e-mail addresses, registration information, such as user name, screen name, password and other potential identifier, age, sex, title or profession and first language, information regarding the customer account, such as invoicing and payment information, product and order information, customer feedback and communications, information related to prize draws and competition answers as well as cancellation information, information related to communications and marketing and to the use of services, such as browsing and search information, recorded customer service telephone calls, profiling and interest information potentially provided by the customer, permissions and consent potentially given by the customer and potential refusal of marketing as well as other information potentially gathered with the customer’s consent.
- Standard sources of data
Information related to the customer is regularly obtained from the customer by telephone, on return cards, via the Internet, by e-mail or another corresponding manner, with the help of cookies or other similar technologies, from the personal registers of Finnish companies belonging to the Delete Group, from the contact information registers of telephone companies and from other similar private and public registers.
- Standard disclosure and transfer of data outside the EU or the EEA
Data will not be transferred or disclosed outside the European Union or the European Economic Area.
- Data retention period
Personal data will only be retained and processed for as long as necessary to fulfil the purpose of processing said data. As a rule, customer-related information is retained and processed for the entire duration of the customer relationship and for five (5) years after the relationship has ended. However, information collected for marketing purposes will be retained for an indefinite period of time.
- Rights of the data subject
Right of access and right to rectification
Individuals whose data has been registered (‘data subjects’) have the right to review any information pertaining to themselves saved in the register. Communications regarding the right of access should be made in writing, signed and sent to the address mentioned in section 1. If there are any errors in the registered information, the individual can send a request for rectification to the head of register named in section 2. Furthermore, registered individuals have the right to demand that their information be erased completely from the register. The controller is obligated to comply with this request, unless there are legal grounds to refuse it.
Right to object and restrict processing and right to be informed
Registered individuals also have the right to object to profiling and other processing of their data for particular personal reasons, when the legal basis for processing the data consists of the controller’s legitimate interest. Objection should be based on grounds relating to the particular situation of the individual, and these grounds should be cited in the request to exercise the right to object. The controller is only allowed to refuse this request, if there are legal grounds to do so.
In addition, registered individuals have the right to restrict the processing of their data and to lodge a complaint about the processing of their data with a supervisory authority. Furthermore, registered individuals have the right to receive their data from the controller’s system in a standardised format, as specified in the General Data Protection Regulation.
Right to refuse
Registered individuals have the right to prohibit the controller from processing any information pertaining to themselves for direct advertising, distance selling and other direct marketing, market surveys and polling, or personal registers and genealogy purposes. In issues related to objections, refusals and rectifications, the individual can contact the customer service by telephone +358 (0)10 656 1000 or by mail using the address mentioned in section 1.
- Principles of protecting the register
Manual materials: There are no manual materials.
Electronically saved data: Only the employees who have the right to process customer information due to their work duties have the right to use the system containing customer information. Each user has their own user name and password to the system. Clearances are used to monitor access in the work facilities. The data is compiled into databases protected by firewalls, passwords and other technological means. The databases and their backups are situated in locked facilities and only the appointed individuals can access the data. To comply with the accounting requirements, we retain the data in our customer register for a minimum of 10 years.
- Changes to the privacy statement
Delete reserves the right to make changes to its privacy statement without a separate notice to the data subjects. It is the data subject’s responsibility to review the content of the privacy statement on a regular basis.