Aurabear’s customers and potential customers
Aurabear’s employees and job applicants
Every person values privacy, also our customers and employees. However, it would not be possible to operate a digital marketing services business without collecting some amount of personal data. As a data controller, we collect and process personal data especially relating to our employees and our customers’ contacts and project team members. Same goes for potential customers and job applicants. Personal data is all data relating to an identified or identifiable person, such as name, email, social security id, and a photo.
Aurabear processes personal data relating to its customers, potential customers, employees and job candidates in accordance with this privacy statement and applicable laws, so please read this carefully. We may also make changes to this statement due to changes in our operations or applicable laws.
As a company offering marketing services, we may also operate as a data processor for the corporations and other organizations we have as customers. The data processing principles regarding this are described in our customers’ privacy policies, so you may need to familiarize yourself with them as well. With each of these customers, we also conclude an agreement with minimum data processing provisions, which also limits what we can do with our customers’ personal data.
Aurabear Oy Ab
Business ID: 2952899-2
Kaarelantie 86 H 96
Email: [email protected]
Tel: +358 45 125 69 29
Privacy matters are handled by Lynn Cu (HR matters). You can use the above contact details also for privacy-related questions and requests.
Offering and providing marketing services. We collect and process personal data for concluding and executing the marketing services contracts we make with businesses and organizations. During the customer relationship, we process personal data especially for managing and executing projects, invoicing, debt collection, customer complaints and handling other customer feedback. The legal basis for this processing is especially a contract between Aurabear and the customer, but also our legitimate interest.
Marketing and customer communications. We may perform digital marketing, email marketing, and communications, personalized marketing content and social media advertising targeted to potential and existing customers. For these purposes, we need to collect and process personal data. Marketing may also be based on automated decisions and profiles created for social media campaigns, search engine marketing, and website content. The legal basis for this processing is mainly our legitimate interest. A person has, however, a right to object direct marketing at any point. It is also possible that some direct marketing is based on consent (e.g. newsletters).
Developing our business. We may also use personal data for developing our business relating to the development of marketing services. The legal basis for this processing is our legitimate interest.
Fulfilling legal obligations. We may also use personal data for fulfilling legal obligations (e.g. bookkeeping, employment contracts act, tax laws).
Human resources management. Personal data relating to employees are mainly collected and used for human resources management purposes, payment of salaries, fulfilling other rights and obligations relating to employment contracts and meeting legal requirements relating to employment. The legal basis for this processing may be fulfilling a contract between Aurabear and the employee, consent as well as fulfilling legal obligations relating to employment.
Recruiting and job applicants. In recruitment situations, we process personal data mainly for preparing and concluding an employment contract and based on the job applicants consent. Based on consent we may receive job applicant data also from other sources than from the person itself.
We collect, store and use personal data mainly relating to our customer contacts (including potential customers), employees and job candidates.
We collect personal data relating to customers and potential customers mainly from the person itself. Relating to potential customers we also collect prospecting data, mainly from LinkedIn and corporate websites. The important source of data is also our website and its online forms. We also collect data by using Google Analytics, Facebook Pixel, Amplitude, and AgileCRM. Data is also collected and generated during customer relationship, but mainly concerning the companies and organizations. Data about potential customers may also be received through seminars organized with business partners.
Typically we collect and process the following personal data relating to customers:
Agile CRM-related data regarding use of website, such as: IP address, leadscore, filled forms, email opens and click throughs, call-to-action click throughs, data about website use and activities (dates, quantity, sources)
Similar, but more limited data may also be received from prospecting potential customers through LinkedIn or corporate websites.
Personal data relating to employees are received primarily from the employee and with her consent also from other sources. We may also process data that is generated during the employment relationship.
Typically we collect and process the following personal data relating to employees:
Personal data relating to job applicants is received primarily from the applicant and with her consent also from other sources. (such as LinkedIn, references and possible suitability tests).
Typically we collect and process the following personal data relating to job applicants:
Name and basic contact details
People within our organization have access to personal data for the purposes of performing their work tasks. Access to HR data is more limited than customer data, as most of our staff perform customer work but the only limited group of people has HR responsibilities.
We may also subcontract some personal data processing, such as the cloud services used for storing data. Most of the data we store is in electronic form only. We use subcontractors especially in the following matters: marketing automation, CRM, accounting and bookkeeping, website hosting and analytics, email marketing and project management.
In these situations, we make sure we have a written contract with the services provider with minimum data processing provisions and also otherwise that the confidentiality of personal data is secured and data is processed and transferred lawfully.
We may also provide personal data to a third party for fulfilling contractual obligations or due to a legal obligation or requirement by an authority. We may also provide personal data to a third party if we are involved in a business sale or restructuring.
Personal data is primarily processed inside the EU, but as data is stored and processed mainly in electronic form in cloud services, some of the service providers we use may locate outside the EU. These include Google, MailChimp, and AgileCR. If personal data is transferred outside the EU, we make sure that (1) the transferee is located in a country with adequate safeguards (as decided by the EU Commission from time to time), (2) the transferee is Privacy Shield certified (if a US-based company) or (3) the transfer occurs by using model clauses published by the EU commission.
We will not store personal data for a longer period than is necessary for its purpose or required by contract or law. The retention periods for personal data may vary based on its purpose, legal basis for processing data and the situation. The retention periods may also be based on laws (e.g. accounting, tax laws, employment contracts act). If consent was the only basis for processing personal data, the data may be deleted after a person withdraws her consent. We may also delete the data based on a person’s request if we do not have a legal basis for processing personal data that would override the request. We may also update data from time to time and delete outdated and incorrect data.
Personal data is stored primarily in electronic form and it is secured in accordance with general industry standards and practices. We consider and keep personal data confidential. We use only such services providers for data storage and processing that have a good reputation in terms of data security. Access to personal data is also protected with user-specific logins, passwords, and user rights. We do not sell or rent personal data for marketing purposes. Our premises are also safe and secure.
In many situations, it not mandatory to provide us with personal data. This concerns especially personal data relating to potential customers and job applicants. However, we need some amount of personal data especially in customer relationships to conclude and fulfill contracts. Potential customers provide us usually their basic contact details (email address) and other data, that we need for responding to a contact request. Relating to employment we also need to process at least the minimum personal data required to fulfill employment contracts and legal obligations relating to employment.
If we process personal data based on your consent, you can at anytime withdraw your consent by notifying us, for instance by contacting us using the contact details provided above.
You have the right to be confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.
You have the right to request that we correct any inaccurate or outdated personal data we have about you.
You have the right to request that your personal data is not processed for direct marketing purposes by contacting us using the contact details provided above.
If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.
In certain situations, you have the right to require that we restrict the processing of your personal data.
If we process your personal data based on your consent or fulfilling of a contract, you have the right to require the transfer of the data you have provided us to another services provider in a commonly used electronic format.
You can execute and use your rights by contacting us, for instance by using the contact details provided above. Remember also that we need to verify your identity. If you consider that the processing of your personal data is not lawful, you can always also make a notification to the supervising authority (tietosuojavaltuutettu).
Aurabear Oy / Ab
Business ID: 2952899-2
Kaarelantie 86 H 96
Email: [email protected]
Tel: +358 45 125 69 29
Privacy matters are handled by Lynn Cu.
Aurabear’s Data Protection Officer is Lynn Cu, Aurabear Growth Manager, [email protected], + 358 45 125 69 29.
Kaarelantie 86H, 00420 ,
Tips and trends for your growth marketing strategy
© All rights reserved
Listen to latest stories from startup founders in Nordic countries to learn about their best tips, and trends in the Nordic startups landscape.