Your privacy is very important to Open Ocean Partners Oy. We are committed to protecting your privacy – no matter whether you are our current or prospective client or any other kind of business contact.
How we collect your personal information
If you contact us by email, phone, through the submission of forms on our website, social media channels, or in person, we may retain the communication for records including any information included within it. We also make use of systems that collate publicly available information, such as public profiles including, but not limited to Linkedin and Twitter.
The type of information we collect
We may collect the following information from you:
– Full name, job title and company name;
– Contact information including email address and phone number;
– Employment and education details specified in any presentations or CVs you send us;
– Information required for OpenOcean to meet legal and regulatory requirements, particularly in respect of anti-money laundering legislation;
– Events and meetings attended hosted by us
– Any other information you send to us.
How we use your personal information
You can be assured that information you provide voluntarily will only be used in connection with your business relationship with OpenOcean. We will hold, use and disclose your personally identifiable information for our legitimate business purposes including:
– to provide information and updates about the market in which you or we operate and about developments in our business which may be relevant to yours or benefit you;
– to provide our services to you;
– to maintain our business relationship, where you are a user of our website or a client or it may otherwise be of benefit to either you or us;
– to deal with your enquiries and complaints;
– to administer our websites;
– to keep our websites and systems secure and prevent fraud;
– where relevant, to meet legal, regulatory or compliance needs;
– to better understand your needs; and
– to provide a better service.
From time to time, we may also use your information to contact you for market research or, with your consent, to provide you with marketing information including as set out above we think would be of particular interest. At a minimum, we will always give you the choice to opt-out of receiving such direct marketing or market research contact.
We will not use or share the personally identifiable information provided to us in ways unrelated to the uses described in this statement.
The Legal Basis for Processing your Personal Information
Under GDPR, the main grounds that we rely upon in order to process personal information of users of our websites, business contacts and clients are the following:
(a) Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your personal data for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include: responding to requests and enquiries from you or a third party; optimising our website; enhancing the information we provide to you; creating and developing the services we provide to our clients; informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
(b) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;
(c) Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
(d) Consent– in some circumstances, we may ask for your consent to process your personal data in a particular way.
Where is the information stored?
We are committed to ensuring that your information is secure. In the course of our business, OpenOcean utilises a number of service providers to store and process data. In order to prevent unauthorised access or disclosure, all information is securely stored with GDPR-compliant services.
Who is the information is shared with?
i. Events and activities
Sometimes we host events or activities in partnership with other organisations. In those cases, we may share your name and company name with them for the operations of the event or activity.
ii. Other Companies within our Group
When you disclose your personal information to us we may share it with other companies in our Group of companies.
We will share your personal information as above for any or all of the following purposes:
– To work with other affiliates and subsidiaries within our Group of companies
– Customer support
– Technical operations
– Account management purposes
As we grow all of the subsidiaries and affiliates in our Group of companies will enter into the standard contractual clauses approved by the European Commission, to safeguard the personal information which is transferred across our Group of companies to and from the European Economic Area.
iii. Third party service providers
We will not share any contact information with other organisations unless we have your explicit consent.
How long we will hold your information
What are your rights regarding your personal data?
The GDPR ensures that the data subject has a number of rights and that the data subject can exercise these rights in many cases to govern the processing of their personal data. The extent of the data subject’s rights is subject to the legal basis provided for processing the relevant personal data, and the data subject must provide identification in order to exercise the said rights. Where we have reasonable doubts concerning the identity of the natural person making the request referred to below, we may request you to provide additional information that we require to confirm your identity.
You can use your rights by contracting our GDPR team at firstname.lastname@example.org
- Right of access: You have the right to request access to the personal data relating to you. This includes e.g. the right to be informed of whether or not personal data about you is being processed, what personal data is being processed, and the purpose of the processing.
- Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. You may also request the completion of any incomplete personal data relating to you.
- Right to object: You are entitled to object to certain processing of your personal data, and we may be obliged to comply with your request unless we can demonstrate compelling legitimate grounds for further processing of such personal data.
- Right to opt out of marketing communications: Each of our marketing emails includes instructions on how you can opt out (unsubscribe) of future marketing, but you can also opt out at any time by contacting us as specified above.
- Right to erasure: You may request the erasure of your personal data, and we are obliged to comply with your request e.g. in the event that the relevant personal data is no longer required for the purposes for which it was collected, or where we have unlawfully processed the relevant personal data.
- Right to restrict processing: Under certain statutory situations, we may be obliged to restrict the processing of your personal data.
- Right to withdraw your consent: In cases where we have been processing your personal data based on your consent, you have the right to withdraw your consent to such processing at any time.
- Right to data portability: In certain cases, you have the right to receive any personal data we process in a structured, commonly used and machine-readable format, where this is technically feasible.
We do not engage in any kind of automated individual decision-making.
We do not process any personal data that is included in the special categories of personal data (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health data, etc.).
In the event that you consider the way in which we process your personal data to be in breach of the applicable legislation, you may lodge a complaint with the national supervisory authority regarding our processing of your personal data. If you are located in Finland, your local data protection authority is the Data Protection Ombudsman (Tietosuojavaltuutettu) (www.tietosuoja.fi).
If you have any questions regarding the processing of your personal data, please feel free to contact our team at email@example.com.
This Privacy Notice was updated in May 2018. We reserve the right to update and amend this Privacy Notice. Unless otherwise provided in mandatory applicable legislation, we may not personally notify the data subjects of any changes we make to this Privacy Notice. We kindly ask that you review this Privacy Notice from time to time for possible changes.