1. INTRODUCTION

1.1 The purpose of this privacy statement is to fill you in on how Twoday Biit is gathering and processing your personal data, which you have shared with us or which we have collected from you via our website at https://biit.fi.

1.2 We handle your personal data strictly in accordance with this privacy statement and the laws applicable to our operations, including the General Data Protection Regulation 2016/679, issued on April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) and any other applicable national data protection legislation.

1.3 Twoday Biit is the controller of your personal information handling as described in this privacy policy. You can get in touch with us using the contact details provided in Section 10.

2. THE PERSONAL DATA WE COLLECT, PURPOSE OF USING PERSONAL DATA, AND THE LEGAL BASIS FOR PROCESSING

2.1 Twoday Biit may process the following types of personal data:

Contact Information (Names, addresses, email addresses, phone numbers, geographical locations, demographic data, etc.)

Financial Information (Invoices, Receipts, etc.)

User-generated content (Uploaded files such as images, videos, audio files, comments, reactions, articles, blogs, etc.)

Information on web traffic (Usernames, IDs, IP addresses, browser types and versions, etc.)

Statistics (Statistics related to website consumption and usage, such as clicks, pages visited, duration of visits, etc.)

Information collected through job applications and contracts (Applications, CVs, along with details pertaining to education, qualifications, grades, work experience, presentations, etc.)

2.2 When you send in your job application, including, for example, your resume, photo, video presentation, degree certificates, and provide us with information during job interviews and personality tests, we process your personal data to assess your suitability for the job in question as well as to manage the recruitment process. This includes getting in touch with you regarding your application, responding to your inquiries, organizing job interviews, and making hiring decisions. If you mention referees in your application, we might also gather information about you from them or verify the accuracy of the information you’ve provided during the recruitment process, such as your educational background and professional qualifications and experience.

2.2.1 The processing is necessary to potentially enter into a work contract based on your application and to fulfill our legitimate interests in evaluating the suitability of applicants for the position (GDPR Article 6(1)(b) and (f)). Requesting information from referees, utilizing aptitude tests, and verifying the information you have provided is based on your consent (GDPR Article 6(1)(a)), and in this regard, we comply with the relevant national data protection legislation.

2.3 By using our website, we can collect information about you, like using cookies for instance. We’ll only use cookies if you’ve given us your nod for it, unless we’re talking about those absolutely necessary cookies needed for the website to function. We also gather info on your IP address, login details and times, the type of browser and its version, time zone, network location, and other details regarding the devices you employ when visiting our homepage and other platforms. Moreover, we collect data on how you use our homepage and interact with it.

2.3.1 We process data to optimize the user experience and website functionality, such as creating statistics and improving the service. The processing of personal data is necessary for the realization of our legitimate interests, enabling us to operate and develop our website and to market our services. (GDPR Article 6(1)(f))

2.3.2 We utilize the following services, which might plant cookies on your device or gather information. We use cookies to improve or personalize our services.

WordPress. The WordPress content management system for websites may store cookies related to the use and settings of the website on your computer. However, this does not collect personal data.

Google Analytics. Google Analytics may store cookies on your computer and collect information related to the use of websites. The service does not store any personal data. In our use of Google Analytics, we also employ IP address anonymization.

Marketing Cloud Account Engagement (MCAE). MCAE can store cookies on your computer and collect information about website use. We are unable to link this information to an individual unless they themselves provide personal data.

Dealfront. The service by the name of Dealfront on our website is capable of storing cookies on your computer. This service records information about individuals who interact with it. We are unable to link the information to an individual unless they voluntarily provide their personal data.

2.4 Twoday Biit is all about gathering cookies by using your personal information to tailor content that’s right up your alley, aiming it directly at you through social media platforms, emails, websites, or within the Twoday Biit services themselves. This direct marketing spiel is shaped by your choices on how you’ve wanted your profile tailored. The personal deets we use are an aggregated bunch of info about you, like your IP address, what tickles your fancy (what you’ve clicked on, etc.), the browser you use, and your device of choice. Twoday Biit might also mix these bits and pieces of info with some juicy details about your business relationship with us, should we have any.

2.4.1 The purpose of profiling is to target marketing more accurately, enhance the user experience of our services and website, and to deliver products that our customers are truly satisfied with. The legal basis for this processing is your consent (GDPR article 6(1)(a)), which you provide by accepting marketing cookies in the cookie banner. Section 3 offers more details about your right to refuse profiling.

2.5 When you’re interacting with Twoday Beat, like popping by our website, snagging our content, diving into our webinars, shooting the breeze with us, and getting your hands on the Twoday Beat services, Twoday Beat will be handling your personal info, like your name, address, email, phone number, and the content you’ve whipped up as described in section 2.1, plus any bits and bobs of info you’ve tossed our way while in touch with us.

2.5.1 Processing is essential for us to handle your requests and to respond to other forms of contact. The processing is necessary for the pursuit of our legitimate interests, enabling us to get in touch with you and address your questions or other requests (GDPR Article 6(1) (f)).

2.6 When we strike a deal with you, Twoday Biit will handle your personal information—stuff like your name, address, email, phone number, and even your financials, like invoices, receipts, and how you choose to pay.

2.6.1 The purpose of data processing is the administration and implementation of the agreement, such as initiating customer relationships as well as managing and collecting payments for our services. The processing is necessary for the execution of the agreement (GDPR Article 6(1)(b)).

2.7 When you subscribe to our newsletter, we collect your personal information, such as your name and email address. We’ll shoot you marketing emails or reach you through other channels of electronic communication, provided you’ve given us the green light for this, or if we’re otherwise entitled to do so under the law of electronic communication services.

2.7.1 Processing is necessary for the realization of our legitimate interests so that we can market our services to you (GDPR Article 6(1) (f)).

2.8 Insofar as the personal data processing mentioned above is based on our legitimate interest, we have conducted a balancing test. The purpose of the balancing test is to ensure that your interests or fundamental rights and freedoms do not override our legitimate interest. Please contact the email address listed in Section 10 if you would like to receive more information about the balancing tests.

3. THE RIGHT TO REFUSE MARKETING AND PROFILING

3.1 You have the right to refuse the processing of your information for Twoday Beat’s marketing and related profiling. You can reject the processing either by:

By following the instructions on opting out included in our marketing communications

By reaching out via email at

By using a suitable order management tool

Through the cookie banner, you can always allow or deny cookies on a specific website.

3.2 Please be aware that even if you opt out of receiving marketing communications, you may still receive messages related to administrative matters from Twoday Beat, such as order confirmations, notifications necessary for managing your customer account, or services offered to our customers.

4. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

4.1 Twoday Biit primarily collects personal information directly from you or other individuals associated with our clients.

4.2 When you’re interacting with our website, we can collect technical information about your hardware, browser activity, and your browsing methods. We may gather this personal data by using cookies or other similar technologies. Furthermore, we could receive technical information about you if you visit other websites that use our cookies. We deploy cookies and similar technologies to ensure that we can provide the best possible user experience when you’re engaging with Twoday Beats’ website or contacting us via email. For more details on our use of cookies and similar technologies, take a peep at our Cookie Policy.

4.3 In some cases, we also collect information about you from other sources, such as:

From third-party aggregators

From third-party social networks

From Twoday Biit’s marketing partners

From public information sources

 

5. SHARING YOUR PERSONAL INFORMATION

5.1 Your personal data is shared with third parties who process personal information on behalf of Twoday Beat, acting as data processors. We have struck deals in line with GDPR Article 28 with all our processors to make sure that these data processors deploy necessary technical and organizational measures so that the processing complies with GDPR standards, ensuring the protection of your rights.

5.2 Your personal information is shared among the companies of Twoday Group. Twoday Group is made up of several subsidiaries, and we transfer your personal data internally between our group companies to ensure we provide the best user experience.

5.3 Twoday Biit may share your personal information with our partners if it is justified for the business and in compliance with the applicable data protection legislation.

5.4 The police and other authorities can request access to personal information from Twoday Biit. In such cases, Twoday Biit will only divulge information upon an order from a competent court, or if Twoday Biit is otherwise legally obligated to hand over personal information to the authorities.

6. TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES

6.1 We do not transfer your personal data to countries outside of the European Union or the European Economic Area unless we have ensured that the transfer complies with Chapter V of the GDPR requirements.

6.2 Some of the third-party service providers we use are located outside the European Economic Area, which means the processing of personal data they perform involves transferring personal data outside the European Economic Area. To ensure your personal data receives adequate protection, we have made sure to implement sufficient safeguards to enable such transfers. These safeguards include, among others, decisions by the European Commission that a certain country provides an adequate level of data protection (adequate decision) or Standard Contractual Clauses specially approved by the European Union Commission. These measures are considered to provide essentially the same level of protection for your data as they would receive within the European Economic Area.

6.3 If you’re hungry for more information about our personal data processors located outside the European Economic Area and the protective measures we’ve taken to facilitate transfers, please don’t hesitate to shoot us an email at .

7. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

7.1 Your personal data is protected by multiple security measures, such as:

Encrypted Web Traffic. Over at Twoday Beat’s website, we’re rockin’ the TLS – Transport Layer Security system. Your personal data? It only struts its stuff through encrypted channels.

Encrypted storage. All stored and processed personal data is encrypted when not in use.

The principle of least privilege. For all the personal data we collect, access rights have been assigned. Only staff members with duties related to your personal information have access to your data.

 
8. YOUR DATA PROTECTION RIGHTS

8.1 Under certain conditions, you have one or more of the following rights:

The right of a registered person to request access to their personal data. You have the right to request access to your personal data. Through this right, you can obtain a copy of all personal data we keep about you and ensure that we process this information lawfully.

The right to request the correction of personal data. You have the right to ask us to correct information about you that we hold. If you discover that the information we are processing is incorrect, we encourage you to contact us in writing, so we can amend any incomplete or inaccurate information we have about you.

The right to request deletion of personal data (“the right to be forgotten”). You might have the right to ask for your data to be deleted. This right allows you to request that we delete or transfer your personal data when there is no longer a valid reason for its processing. To the extent that processing the data is still necessary, for instance, to fulfill our legal obligations or to establish, exercise, or defend legal claims, we are not required to delete your personal data.

The right to restrict the processing of personal data. You might have the right to request that we limit the processing of your personal data to storage only. By using this right, you can ask us to pause the processing of your personal data for a while, for instance, while you verify the accuracy of the data or the basis for its processing.

The right to request the transfer of your personal data from one system to another. You might have the right to receive the personal data you’ve provided to us in a structured, commonly used, and machine-readable format, as well as the right to ask for those data to be transferred to another data controller.

The right to object to the processing of your personal data. You always have the right to object to the processing of your personal data for direct marketing purposes. Moreover, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, if our basis for processing is our legitimate interest.

The right to withdraw your consent. You have the right to withdraw the consent you’ve given us for the processing of your personal data. If you wish to withdraw your consent, please contact us using the contact information provided in Section 10.

Right to file a complaint with a data protection authority. You have the right to lodge a complaint with a national data protection authority if you’re unhappy with the way we handle your personal data. In Finland, you can file this complaint with the Office of the Data Protection Ombudsman at https://tietosuoja.fi/ilmoitus-tietosuojavaltuutetulle.

 

9. DATA RETENTION

9.1 Twoday Biit will keep your personal information only as long as there is a legitimate interest for it. This means that the retention of your personal data is based on various retention policies as follows:

9.1.1 You’ve applied for jobs at Twoday Biit

9.1.1.1 Regarding job applicants, we collect their basic information and other details provided by the applicant, such as employment history and references. For the purpose of retaining a CV beyond a specific recruitment process, we seek permission separately.

9.1.2 You’re using the Twoday Biit website

9.1.2.1 We retain your personal information related to the use of our website, but the information will be deleted if you decide to delete the cookies yourself.

9.1.2.2 Personal data related to contact information and purchases is retained so that we can document your purchases and the contracts we’ve entered into. Such personal data is also retained as necessary for accounting purposes.

9.1.3 Marketing Purposes

9.1.3.1 We hold on to information related to clients and customer contacts for as long as accounts are active or as keeping the information is necessary due to, for example, contractual obligations. You also have the right to demand the deletion of your data, in which case we will promptly remove your information from our systems.

9.1.3.2 Personal information collected when you subscribe to our newsletter will be deleted once you retract your consent to receive the newsletter.

10. CONTACT INFORMATION

10.1 We’re part of Twoday, a European company with law entities, business processes, administrative structures, and technological systems that span across borders. Twoday deals in both software and services to not only private but also public sector companies across Europe.

10.2 Twoday’s headquarters are nestled in the heart of Copenhagen. All the big moves concerning data protection are hashed out at the company level by the Twoday Data Protection Council, with our Data Protection Officer (DPO) taking the helm and keeping a watchful eye. The one holding the reins for the processing of your personal data is:

Twoday Group ja tytäryhtiöt
Pääkonttori: Gærtorvet 3, 1799 Kööpenhamina (Copenhagen) V, Tanska (Denmark)
Sähköposti:

10.3 Contact information for Twoday Biit can be found here:

Twoday Biit
Address: Keilaranta 4, 02150 Espoo
Business ID: 2138825-1

Regarding data protection matters, feel free to reach out to Twoday Biit’s Chief Technology Officer, Hannu Järvinen:

10.4 If you have any questions related to this Privacy Statement or wish to exercise your data protection rights listed in Section 8, please don’t hesitate to reach out using the contact information provided above in Section 10.2.

11. CHANGES TO THE PRIVACY STATEMENT

11.1 Should we make changes to this privacy statement, we’ll notify you via email. Our privacy statement is always accessible at the following site: https://biit.fi/en/privacy-statement/.

12. VERSIONS

This is version 2 of Twoday Biit’s privacy notice, dated November 21, 2023.