Skip navigation
Get in touch
Privacy policy

Data Collection, Processing, and Storage

Privacy Policy

Your privacy is important to us

Everyone values privacy, and so do we. That is why we are committed to respecting your privacy and complying with all legislation applicable to the processing of personal data.

Our operations and services require the collection and processing of personal data. Our privacy principles describe, among other things, for what purposes and what personal data we collect and process, who processes your data, and what rights and means of influence you have regarding your data.

Cyberdo Oy processes your personal data as the data controller in accordance with these principles and applicable legislation. We therefore ask you to read these privacy principles carefully.

We update this privacy notice and our privacy principles as our operations develop or legislation changes, so we ask you to visit this page from time to time. We will also notify registered users separately if significant changes are made to the implementation of their rights.

Our key principles

Your privacy is important

We take the processing and careful management of personal data seriously. We value your privacy and are committed to complying with laws applicable to the processing of personal data.

Personal data is confidential

Your data is confidential and is processed only by authorized personal data processors, primarily Cyberdo’s own personnel.

The collection and use of personal data is planned and appropriate

We avoid unnecessary collection, processing, and storage of personal data. We only hold personal data that is essential for our business and for providing high-quality service.

Written agreements with subcontractors

In the processing of personal data, we only use subcontractors who enter into a written agreement with us and commit to safeguarding personal data.

We process your personal data only for your benefit

The processing of our customers’ personal data is always based on written agreements, and we do not process data for any purpose other than for the benefit of the relevant customer and in accordance with their instructions.

Key purposes for processing personal data

As a rule, we use personal data only to deliver our own services, market them, manage customer relationships, handle invoicing, and develop marketing services.

How do we use your personal data?

We collect, store, and process personal data only for predefined purposes. The main purposes of use are:

Matching experts and assignments

We process personal data in matters related to matching experts and assignments, such as contacting individuals and assessing their professional expertise.

Some of our services may also be available by logging in to our online service using personal credentials. We may also use personal data to provide notifications related to the use of the service.

High-quality service for customers

We process personal data in matters related to customer relationship management, such as producing and delivering services, invoicing and debt collection, handling complaints, customer support, and measuring customer satisfaction.

Some of our services may also be available by logging in to our online service using personal credentials. We may also use personal data to provide notifications related to the use of the service.

Marketing and communications of services

Within the limits permitted by law, we may also process personal data to carry out marketing activities and for direct marketing purposes. This may also include processing and analyzing personal data for the purpose of targeting marketing or services.

For example, we may display targeted messages or content in our channels based on your previous interests.

Product development of marketing services

We believe in continuous improvement. Therefore, we may also use personal data to develop our company’s marketing services, such as designing and launching new service concepts or improving processes.

Fulfilment of legal obligations

Your data may also be collected and processed to fulfil legal obligations, such as accounting and official authority-related purposes.

Human resources administration

We process data concerning employees and job applicants mainly only for human resources administration purposes, to fulfil employment contract obligations, to fulfil statutory obligations related to employment relationships, and to assess and select job applicants for open positions.

What personal data do we collect and from which sources?

We collect personal data concerning you mainly from you directly when you contact us or later when you use our services. We may also collect information concerning customers from public sources or registers, such as LinkedIn or other social media channels.

We collect website visitor data using Google Analytics and HubSpot so that we can analyze and develop our website further and target relevant marketing to our website visitors.

We mainly collect and process personal data concerning our customers, including potential customers; experts offered for contract work, including potential experts; individuals sought for our customers’ direct searches; our employees; and our job applicants.

Typically, we may receive the following information directly from our customers’ contact persons:

  • The name of the customer’s employer company, the contact person’s first and last name, work address, work email address, phone number, and title;
  • Information on the contact person’s marketing permissions and/or prohibitions;
  • Classification information provided by the individuals themselves, such as interests;
  • Information entered through contact forms and chat;
  • Customer feedback information.

Typically, we may receive the following information directly from experts:

  • The expert’s first and last name, work address, work email address, phone number, and title;
  • The expert’s CV, portfolio, or other proof of experience and expertise;
  • Information on marketing permissions and/or prohibitions;
  • Classification information provided by the individuals themselves, such as interests;
  • Information entered through contact forms and chat;
  • Customer feedback information.

Typically, we may receive the following information directly from individuals sought in our customers’ direct searches:

  • The person’s first and last name, home address, email address, and phone number;
  • The person’s CV, portfolio, or other proof of experience and expertise;
  • Classification information provided by the individuals themselves, such as interests;
  • Information entered through contact forms and chat.

In connection with the use of services, we may process, for example, the following personal data concerning a customer:

  • IP address or other identifier;
  • Order, invoicing, and delivery information;
  • Information collected through cookies;
  • Information collected from the use of our online service.

From other sources, we may receive in particular the following information concerning a customer, expert, person sought in a direct search, or job applicant:

  • Information related to the use of social media, such as LinkedIn, Facebook, and Instagram.

For employees and job applicants, we mainly process information received from the person themselves and other information generated during the employment relationship:

  • Basic information about the employee or applicant;
  • The job applicant’s CV, application, and reference information obtained with the applicant’s consent;
  • Information required for salary payment;
  • Information required to fulfil obligations and rights related to the employment relationship;
  • Certain information considered sensitive concerning an employee, such as trade union membership and health information, but solely to fulfil the employer’s statutory obligations.

With your consent, we may also collect and process other information.

On what basis do we process your data?

We ensure that we always have a legally required basis for processing your personal data. We may process data on several different grounds, but we always ensure that at least one processing condition defined by law exists.

We process data in the customer and expert register mainly to fulfil and prepare contracts and on the basis of our legitimate interest, particularly for producing and delivering our services, customer management, handling complaints and customer feedback, and offering maintenance and further development services.

We process data in the marketing register mainly for marketing our services and for product development of marketing expert services.

With your consent, we may also use your email address to send newsletters and marketing letters, or process other data based on your consent. If we process your data solely on the basis of consent, you may withdraw your consent at any time.

We may also process your data to fulfil statutory obligations.

Who processes your data and is it disclosed to third parties?

Your personal data is processed by members of our company’s personnel in the course of their work, who have been designated as personal data processors.

In some cases, your data may be confidentially disclosed to our subcontractors, who process personal data under a written assignment agreement. Our subcontractors process personal data in the agreed manner, in accordance with our written instructions, and only to further the purposes mentioned in this privacy notice.

With regard to personal data concerning customers and experts, we may use subcontractors especially in relation to data storage and customer management, such as cloud storage services, project management and communication tools, and CRM; technical support; and website design and implementation. Our subcontractors are mainly responsible for the secure storage of personal data and do not themselves participate in the processing.

In personnel matters, we use subcontractors especially in relation to financial administration and payroll, and the electronic storage of data, such as cloud storage services.

We may also disclose data otherwise to fulfil contractual obligations or when required by law or a competent authority.

We may also disclose your data if we were involved in a company or business transaction.

We may also disclose anonymized or statistical data that cannot be linked to an individual. If such data is no longer considered personal data, we may disclose it to third parties for purposes other than those mentioned here.

Is your data transferred outside the EU?

In certain situations, your data may be transferred outside the EU. Some of the cloud services we use may be located outside the EU. If data is transferred outside the EU, we ensure that the country is one deemed by the European Commission to provide an adequate level of data protection, that the recipient is Privacy Shield certified, in the case of recipients located in the United States, or that the transfer takes place using standard contractual clauses published by the European Commission. We therefore always ensure that any potential data transfer is carried out on the basis required by law and with adequate safeguards.

How long is your personal data stored?

We do not store your personal data for longer than is necessary for its purpose of use or than required by contract or law. However, personal data retention periods may vary depending on the purpose of use and the situation. Data retention periods may also be based on legislation, such as the Accounting Act. We update your data regularly so that it remains up to date and the appropriateness of processing is fulfilled. Unnecessary data is deleted.

We regularly carry out measures related to personal data lifecycle management to ensure that personal data whose purpose of use is ending is either anonymized or deleted.

How do we protect your data?

Your data is stored mainly in electronic form on our service providers’ servers, which are protected in accordance with general industry practices.

The personal data we collect and process is kept confidential and is not disclosed to anyone other than those who need it in their work or, confidentially and in a limited manner under contracts, to our partners such as subcontractors.

Access to your personal data is restricted and protected with user-specific usernames, passwords, and access rights. Our premises are locked and protected.

Is providing data mandatory?

If you do not provide personal data or allow its processing, we will probably not be able to serve you and fully fulfil the purpose of our operations. If you do not want us to process your data in accordance with these principles, we ask that you do not provide us with any information.

How do we use cookies?

We use HubSpot Analytics and Google Analytics software on our website so that we can provide the best possible user experience for website visitors.

We may use cookies to develop our services and website, analyze website use, and target and optimize marketing.

Website users can give their consent to or refuse the use of cookies in their browser settings. Most web browsers allow cookies automatically. Please note that blocking cookies may limit the functionality of our website.

What rights and means of influence do you have?

Withdrawal of consent

If we process your data on the basis of your consent, you may withdraw your consent at any time by notifying us, for example by sending an email to info@cyberdo.fi.

Access to data

You have the right to receive confirmation from us as to whether we process personal data concerning you and to know what personal data concerning you we process. In addition, you have the right to receive supplementary information about the grounds for processing your personal data.

Right to rectification

You have the right to request that we correct inaccurate, outdated, or otherwise incomplete personal data concerning you.

Right to object to direct marketing

You may prohibit the processing of your personal data for direct marketing purposes by sending an email to info@cyberdo.fi.

Right to object to processing

If we process your personal data on the basis of public interest or our legitimate interest, you have the right to object to the processing of personal data concerning you to the extent that there is no compelling reason for the processing that overrides your rights, or the processing is not necessary for handling a legal claim.

Please note that in this situation we will probably no longer be able to serve you.

Right to restriction of processing

In certain situations, you have the right to require that we restrict the processing of your personal data.

Right to data portability

If we have processed your data on the basis of your consent or to fulfil a contract, you have the right to receive the data you have provided to us electronically in a commonly used format so that the data can be transferred to another service provider.

Right to be forgotten

If we have processed your data on the basis of your consent or to fulfil a contract, and you do not want us to store and/or process personal data concerning you, you have the right to require us to delete all personal data concerning you that is not necessary for the implementation of a legitimate interest or an official authority claim.

How can I exercise my rights?

You can exercise the rights described above by contacting us, for example by sending an email to info@cyberdo.fi.

At the same time, we ask you to state your name, address, and phone number, and to suggest a suitable time for identification and identity verification to be carried out at our office.

If you believe that the processing of your personal data is unlawful, you may also lodge a complaint with the competent supervisory authority, the Data Protection Ombudsman.

Can this privacy notice be updated?

We update the privacy notice when our operations or privacy principles change. Updates may also become necessary due to changes in legislation. Changes enter into force once we have published the updated privacy notxice.

For this reason, we ask you to review the contents of this privacy notice at regular intervals.

If the content of the privacy notice changes significantly with regard to your rights, we will inform you separately by email, provided that you have given us an up-to-date email address.

Who can I contact regarding data protection matters?

Contact details

Cyberdo Oy
 Kaisaniemenkatu 1 C
 00100 Helsinki

Data Protection Contact Person: Joonatan Kauppi, joonatan.kauppi@cyberdo.fi

You have not enough Humanizer words left. Upgrade your Surfer plan.