Customer and marketing register
Rainmaker Group Oy (“Rainmaker”)
Contact person responsible for register matters
Rainmaker Group Oy
Rainmaker / Kaisa Niemeläinen
Legal basis and purpose of the processing of personal data
The processing of personal data is based on our legitimate interests (e.g. in relation to maintaining a business relationship with the customer), the customer’s consent, and the performance and/or legal obligation under the agreement.
The purpose of the processing of personal data is to provide and develop Rainmaker services to better meet customer needs, fulfil contractual obligations and customer promises, manage customer relationships and electronic marketing.
The personal data stored in the customer register is also used for analysing the behaviour and profiling of customers or other data subjects. Profiling is performed by creating a unique customer identifier or file (for example, a cookie) for the data subject, which is stored on the data subject’s device. This allows Rainmaker or its subcontractor to combine the information about the data subject generated when using the online service to create a profile of the data subject’s behaviour. The purpose of the profiling is to specify the customer behaviour for targeted marketing and developing services to better meet customer needs.
We process the information ourselves and use the tools of our system vendors (http://www.rainmaker.fi/privacy/kumppaniverkosto).
We process personal data of a customer or other data subject, such as:
- Basic information of the data subject (e.g. name, telephone number, email address, city)
- Information regarding the registered company and the contact persons of the company (e.g. company name, business ID, contact person names, telephone numbers and email addresses)
- Customer and agreement information (e.g. past and current agreements and orders, customer communications, customer payment information)
- Customer service call records are retained to verify the content of the communications and to ensure our rights and obligations, as necessary. Call records can also be used for training staff internally to improve the service quality and develop our services. The records will not be used for any other purpose and will not be released outside of Rainmaker.
- Information regarding the data connection and the terminal device of the data subject (e.g. IP address, device ID or other device identifier and cookies)
- Information regarding the events in which the data subject is participating (e.g. information on event registration and invoicing)
- Information regarding a direct marketing ban by the data subject
- Any other information collected with the consent of the data subject.
Regular sources of registry information
As a rule, personal data is collected from the data subject himself. In addition, we receive information from authorities, contact service providers and other trusted parties. We may also collect and update personal and business information for the purposes described above from publicly available sources and information gained from other third parties, within the limits stipulated in the applicable law.
Rainmaker will not disclose registry information to third parties. We may disclose registry information to our affiliated companies. We have outsourced our IT management to an external IT service provider whose managed and secured server stores the personal information.
Data transfer outside the EU / EEA
Rainmaker may transfer personal data outside the EU / EEA as part of our activities. If we do so, we will ensure that such information is properly protected in accordance with the applicable data protection laws.
Principles of the registry protection and data retention
Only Rainmaker employees who are authorised to process customer data for their work are entitled to use the personal data system. Each user has their own username and password for the system. The information is collected in databases protected by firewalls, passwords and other technical means. Databases and their backups are located in locked areas and only certain pre-designated persons have access to the data.
Rainmaker will retain personal information for as long as it is necessary for the purpose for which it is used. The personal data in the customer and marketing register is deleted when the data is identified as outdated or unavailable.
The need for data retention will be evaluated on a regular basis, taking any applicable legislation into account. In addition, we will take reasonable steps to ensure that unauthorised, outdated, or inaccurate personal data of data subjects are not retained, and will correct or delete such data without delay.
Customer service call records are retained for 180 days.
Rights of the data subject
The data subject has the right to inspect the personal data stored in the personal data file and to request correction or deletion of incorrect data. The data subject also has the right to withdraw his or her consent. According to the Data Protection Regulation (as of May 25, 2018), the data subject has the right to object or request a restriction on the processing of his data and to complain to the supervisory authority about the processing of personal data. For specific personal reasons, the data subject also has the right to object to processing of his or her data when the data processing is based on a relationship between Rainmaker and the data subject. In the case of a claim, the data subject must identify the specific situation on the basis of which he or she objects to the processing. Rainmaker may refuse a request for objection only on the grounds provided by law. The data subject shall also have the right to object to processing free of charge in so far as it relates to direct marketing.
Updated Sep 29, 2021.