DATA PROTECTION
DATA PROTECTION AND COOKIES
Data protection information and cookie policy, updated 22 May 2023.
1. Controller
Copla Oy (”Copla”)
Business ID code 2416227-4
Ruosilantie 14 A
00390 Helsinki
Finland
2. Contact person in register matters
Saku Lukkala, +358 40 551 5632, saku.lukkala@copla.fi
3. Basis and purpose of processing
Copla can process personal information on the following bases and for the following purpose:
- Agreement: Copla processes the user information of the DocStarter service to fulfil an agreement made between Copla and its client company on the service;
- Consent: By the user’s consent, Copla can process also other personal data regarding the customer relation. Copla can ask for the user’s consent, should changes be made to the purposes of processing;
- Legitimate interest: Copla can process the information of its clients and DocStarter service users to develop customer service, to prevent and investigate malpractice, acquire analytics regarding the use of DocStarter, to target contents, marketing and marketing messages, and
- Statutory obligation: If Copla is obliged to use personal information of the customer to comply with obligatory legislation such as the accounting legislation, the use of personal information is based on the fulfilment of a statutory obligation.
4. Processed information
Copla can process the following personal information in connection with the register:
- Basic information about corporate customer, such as the customer’s name, address, telephone number, website address, e-invoice address, business ID code, company logo and photographs.
- Basic information about a customer company’s representative (decision-maker and/or contact person), such as the name, position or profession, mailing address, delivery address, e-mail address and telephone number.
- Information concerning the customer relation, another appropriate interaction and contractual relation, such as the language, customer number, offers submitted to the customer, orders, agreements, contracts, deliveries, purchased products and services and reclamations
- Information related to invoicing, payments and collection
- Information on direct marketing consents and bans
- IP address, device ID and cookies of website visitors
- Other information by the data subject’s consent
5. Sources of information
The information is collected regularly from the data subjects themselves at the making of agreements, when the visitor registers themselves as a user of the DocStarter service offered by Copla, when they use the service or otherwise. Personal information can also be collected and updated from sources in public domain, such as company websites, the trade register, the credit register and other public and private registers. In addition, information can be collected using cookies or other similar technologies.
6. Transfer of information and data transfers outside the EU/EEA
Copla can transfer personal information within the limits of, and as obliged by, the valid legislation. Information can be transferred to Copla’s partners in order for Copla to deliver the products and services it offers.
Applicable to corporate data subjects Copla can use personal information for direct marketing purposes jointly with its partners, unless the data subject has expressly forbidden the use of their personal data for said purposes.
Copla can use the services of subcontractors to process personal information on the behalf, and by the assignment, of Copla. Personal information can be saved on servers controlled and protected by IT service providers.
Copla and its subcontractors do not regularly transfer any personal information outside the EU/EEA. However, users of the DocStarter service can log in the service basically from anywhere around the world.
7. Data protection and storage
Personal data are collected to databases which are protected by firewalls, passwords and other technical means. The databases and their backup copies are located in locked, guarded and appropriately protected spaces to which access is only permitted for persons determined in advance.
Right of access to the systems containing personal information is only granted to employees entitled to process the information based on their work duties. Each user has a personal username and password to the system. The obligations of secrecy are binding on all employees who process personal information.
Copla will save the information for as long as it needs to be processed. The personal information will be deleted from the register upon termination of the measures, obligations and liabilities and upon expiry of the time for presenting claims with regard to the customer or the service relation. The storage period of information is typically 6-10 years.
The demand for storing the information is assessed on a regular basis considering the applicable legislation. In addition, Copla makes sure, by reasonable measures, that the personal information stored in the registers about the data subjects contain no incompatible, invalid or faulty personal information. Such information is rectified or erased without delay.
8. Rights of data subjects
A data subject entered in the register has a right, under the data protection legislation, to verify the information saved in the register and a right to claim rectification or erasure of any erroneous, invalid, unnecessary or illegitimate information. A data subject has also a right to revoke their consent, if Copla has processed the information based on consent.
A data subject has a right to claim restriction with regard to the processing of their personal information. For specific reasons a data subject has also a right to object to the processing of their personal information which is processed based on a legitimate interest. When making a related request the data subject must specify the reason why they object to its processing.
All requests regarding the data subject’s rights are sent in writing to the above-mentioned contact person of Copla. Upon receipt of such requests Copla can ask the data subject to prove their identity or provide additional clarifications prior to fulfilling the request.
A data subject has a right to file a complaint to a competent supervisory authority, should they deem that Copla has processed personal information in a way that goes against the data protection legislation.
9. Changes to description and cookie policy
Copla can make changes to this data protection description and cookie policy from time to time. An updated version of the data protection description and cookie policy is published on Copla’s website. Should there be considerable changes, Copla can notify the data subjects about the changes also in some other way, for example, by e-mail or publishing a notification on its website. Copla recommends that the data subjects familiarize themselves with the latest versions of the data protection description of the DocStarter service and Copla’s cookie policy.
10. Cookie policy
Copla’s and DocStarter’s website and social media operations use cookies. Cookie is a small text file which the browser saves on the user’s terminal device.
Copla and its partners use cookies and other similar technologies to maintain and develop the website, to improve and provide analytics on the user experience, to compile statistics, tailor the contents and target advertising and marketing messages.
Cookies and other similar technologies are used for collecting information such as tracking data with regard to the website from which the user moves to another, which websites they have browsed and when, the browser they are using, their screen resolution, device operating system and IP address.
Copla’s and DocStarter’s websites can use the following cookies of different types:
- Strictly necessary cookies: these cookies are strictly necessary to guarantee flawless functioning of the website and a good user experience. These cookies do not collect any information that would enable identifying the user.
- Functional cookies: these cookies allow saving information that have an effect on the web page appearance and functions. These cookies account for the user preferences such as their language settings or the geographical area.
- Statistical and analytical cookies: the website owner uses these cookies to understand how the visitors interact with the website. The cookies allow to improve the website functionality.
- Marketing cookies: these cookies help the website owner to personalize the website in an optimal way. For example, the cookies allow showing targeted advertisements and contents based on the user’s earlier web behavior.
Copla’s and DocStarter’s websites can also use so-called third-party cookies. Third parties refer to parties outside Copla such as providers of analytics and tracking services (for example, Google Analytics). Such third parties can place cookies on the user’s terminal device when the user visits Copla’s services for purposes such as compilation of statistics on the number of visitors on the different websites.
Copla’s and DocStarter’s websites can use so-called third-party community plugins to show social media (such as Facebook) contents on the website. The website community plugins can place cookies from their own service applying their own principles. The user can familiarize themselves separately with the community services and the privacy principles applicable in each service.
Copla uses both session cookies which expire when the user closes the web browser and permanent cookies which will be retained on the user’s device for a certain period of time or until the user removes them. The period of validity of permanent cookies varies from a couple of months up to a few years. The user can also influence the storage period of the information.
Cookies can be turned off from the settings of the internet browser, but the websites do not necessarily work correctly when the cookies are turned off. Copla will ask for the user’s consent to use cookies other than those strictly necessary.