Canatu privacy notice
1. General information
This privacy notice contains the description as specified in the Personal Data Act and the new General Data Protection Regulation (referred below as GDPR).
2. Contact information
Contact person and email address:
3. Register names
Register names are Newsletter subscribers, Web page visitor statistics (Google Analytics), Customer database, Material bank users, Journalist database (via 3rd party).
4. The purpose and legal basis for personal data processing
4.1 The purpose of use of personal data collected when subscribing to newsletter
The purpose to collect personal data of newsletter subscribers is to inform customers and other interested parties about the Canatu news and offerings, and insights to markets where Canatu operates.
Canatu acts as the register controller and a named third party as the technical register and service administrator. See chapter 5.
4.2. The purpose of use of personal data collected when visiting Company website or social media channels
Analysing the data of visitors, for example: visitor amounts, geographic locations, activity, used devices and other basic data with Google Analytics and social media statistics (see chapter 11 for more information).
This information is used to develop Company’s services as informed on the website, to improve content and serve the visitors better, to provide appropriate contact information to the users, analysing of the web page usage, and risk management.
4.3. The purpose of use of personal data collected in customer data base (CRM)
Customer’s personal data may be used for both maintaining customer relationship and marketing of Company’s products and services and informing market insights.
Company’s right to process the customer’s personal data is based on customer and/or contractual relationship or customer’s consent or a legitimate interest.
4.4. The purpose of use of personal data collected to Material bank
Partner’s (such as advertising agency) data is collected purely to provide an access to Canatu’s material bank for utilizing Canatu marketing material (such as images, photos, logos) for further development of marketing content.
4.5 The purpose of use of personal data collected to Journalist data base
Canatu utilizes a third-party data base for contacting journalists with press releases or invitations to press events. This data is mainly collected by the third party, but Canatu has the option to add manually journalists to Canatu’s own list which is visible only to Canatu admin.
5. Third parties as processors
Company uses designated service providers when processing personal data (subcontractors). Service providers process personal data as assigned by the Company as a controller.
Third parties are used for hosting the data on external data centers that are located within EU area.
The primary service providers are email data base, customer data base, web page and social media analytics, material bank and journalist data base.
6. Personal data types and categories
Mandatory: email address to send the email. Optional: Company, Name, Phone number, Unsubscribe reason to leave the list.
IP-address, Device, see more in Chapter 11
Customer data base (CRM) for customer data:
Company name, contacts first and last name, contact information (phone number, physical address, email address), job title, category (e.g. customer, analyst, partner).
Company name, contact’s first and last name and email address.
Journalist data base:
A third party mainly collects data of the journalists which Canatu is entitled to use based on a yearly fee. Canatu can add and remove journalist data (Media, first name, last name, email address) also manually to the system. This manually entered data is visible only to Canatu admin of the service and in case of removal, contact added manually will be permanently removed.
7. Transfer of personal data
Company uses subcontractors for data processing as described above. For these purposes the Data can be transferred outside the EU or EEA, as applicable laws including GDPR allow. Company transfers data on these basis: the receiving country has similar data protection laws in place, or Company has a specific data transfer agreement in place with subcontractor, or USA-based subcontractor is certified under Privacy Shield program.
8. Personal data retention period and criteria for determining this period
Personal data will be processed during the contractual relationship. Once the contractual relationship has ended, the data will be deleted according to the Company’s standard procedure.
9. Your rights
All registered persons have the right to receive a reply from Company, whether their personal data will be processed or not, or if personal data already have been processed. You have the right to review your own data stored by Company and to request to correct or remove any incorrect or outdated personal data.
All these requests must be submitted to the Company’s contact person via email firstname.lastname@example.org.
If you believe that your personal data is not processed legally, you have the right to file a complaint to the data supervising authorities.
10. Data security
Company has taken the necessary technical and organisational steps to protect the security of the data, and the subcontractors must provide similar protection.
11. Other information
Cookies are small text files stored on a user’s computer when an online service has been used. Cookies come in two types: session cookies and persistent cookies. Session cookies only exist during the session and are deleted automatically when the browser is closed. Persistent cookies exist for a specific period and remain on the computer also after the session is over unless the user deletes them manually before that.
What cookies does Company use?
Our services use both session and persistent cookies provided by Google Analytics, in order to better inform our customers of our services. Cookies do not damage the user’s computer or files.
Users can adjust their browser settings to prevent cookies or to delete any cookies that have been saved in the browser. This will probably mean that certain operations do not function as efficiently as with cookies (see the end of this chapter for more information).
General statistical information is collected of the service use in order to improve the service and for marketing purposes to provide relevant information to targeted audiences. Collected information is used to provide the service, to give a seamless user experience and improve the service. Information collected from cookies cannot be used to identify an individual person, only IP address.
If users have chosen to enable Google to associate their web and app browsing history with their Google account and to use information from their Google account to personalize ads they see across the web, Google will use data from its signed-in users together with the users Google Analytics data to build and define audience lists for cross-device remarketing. In order to support this feature, Google will temporarily link users personal date with Google Analytics to form an audience.
Google users can customize their ad settings in their own google account of disable personalized ads.
The service uses Google Analytics tool, which may store cookies on the user’s device. You can read more about how the cookies are used in Google Analytics and advertising, and how long the expiration times of different cookies are at:
Website visitors have the ability to prevent their data from being used by Google Analytics:
The Google Analytics security and privacy principles:
Canatu uses Linkedin for informing company news, recruiting as well as marketing the company and its products to the target audiences. Canatu analyses visitor activity both in Linkedin and Google Analytics statistics by the tools Linkedin and Google Analytics provide.
Additional information: https://www.linkedin.com/legal/privacy-policy
Canatu analyses visitor activity statistics with the tools provided by Twitter.
Additional information: https://twitter.com/privacy
Last updated 23rd May 2018