HeadQ (MVP Digital Oy)

PRIVACY POLICY

Updated 21.3.2024

General

Every person values his or her privacy. That is why we are also committed to protect the privacy of our customers, users of our services, employees and partners. However, as we offer digital services platforms, we could not do business without processing some amount of personal data. Personal data is any data relating to an identified or identifiable person. Name, email address and a portrait photo are a few examples. 

This privacy policy describes how we collect and process personal data relating especially to our customers (including potential customers) and users. We may make changes to it due to changes in our business or in applicable laws.

By offering our digital services platform, we may also be considered to be in the role of a data processor to our customers. For instance, our customers are usually data controllers regarding such personal data they enter into and manage in our service (if any). The data processing principles regarding this are described in our customers’ privacy policies and in the contracts we conclude with our customers.

Controller

The data controller relating to processing of personal data pursuant to this privacy statement is (hereinafter also “HeadQ”, “us” or “we”):

MVP Digital Oy
Business ID: 3267191-7
Malmin raitti 17 C
00700 HELSINKI
FINLAND
www.headq.io

You can use the above details also for contacting us in privacy matters or contact Mikko Seppä, email: mikko@headq.io

HeadQ as a data processor

By offering the HeadQ platform, we may also operate in the role of a data processor to a company or business who uses our service for business-to-business ecommerce purposes. We advise you to contact the applicable entity, if you have privacy-related questions regarding how they use and handle personal data with our platform. How we process personal data for our business customers is covered in our Terms of Service and its data processing annex.

For what purposes we collect personal data? What is the legal basis for processing personal data?

We collect, store and process personal data for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. The main purposes and the applicable legal basis for processing personal data are:

Providing our services. We collect and process personal data for fulfilling contractual obligations relating to provision of our services. During the customer relationship, we also use personal data for invoicing, debt collection, handling of complaints as well as for customer support purposes. The legal basis for this processing is a contract between HeadQ and the customer, or preparations made for concluding a contract, as well as our legitimate interest. 

Sales and marketing. We contact potential customers and may execute direct and digital marketing campaigns, such as social media advertising and search engine marketing. We may also perform marketing based on customer profiles. The legal basis for this processing is primarily our legitimate interest as well as consent (if required by law). A person has however always the possibility to object direct marketing. For marketing purposes we may also perform automated decision making (incl. profiling), for instance when executing remarketing campaigns.

Customer communications. We use personal data for customer communication purposes. The legal basis for this processing is our legitimate interest, possibly also a contract between HeadQ and the customer.

Business development and business intelligence. We may also use personal data for developing our business relating to offering digital services platforms. The legal basis for this processing is our legitimate interest. 

Fulfilling legal obligations. We may also use personal data for fulfilling legal obligations (e.g. bookkeeping, employment contracts act, tax laws, companies act).

HR and recruiting. Personal data relating to employees are mainly collected and used for human resources management purposes, such as payment of salaries, fulfilling other rights and obligations relating to employment contracts and meeting legal requirements relating to employment. The legal basis for this processing may be fulfilling a contract between HeadQ and the employee, consent as well as fulfilling legal obligations relating to employment. In recruitment situations we use personal data primarily for preparing an employment contract and on the basis of consent of the job candidate. Based on consent we may also process personal data from other sources than the job candidate or employee.

Whose personal data we collect? What personal data? 

We collect, store and use personal data mainly relating to:

Relating to customers, potential customers, partners and users we collect and use typically the following personal data:

Relating to employees we collect and use typically the following personal data:

Relating to job candidates we collect and use typically the following personal data:

Relating to shareholders we collect and use typically the following personal data:

From which sources we collect personal data?

Customers (incl. potential), users and partners

Data is collected mainly from the person itself, for instance when making an agreement with us. Data is also collected and created during the business relationship, but mainly concerning the company, not persons. We may also get data from other external or public sources and registers.

New customers and partners are also prospected with inbound and outbound marketing activities.

We may also use Google Analytics or other similar analytics services to monitor and analyze our website use (see below for a list of technologies and services used by us). 

Employees, job candidates, shareholders and investors

Data is collected mainly from the person itself or with consent from other sources. Some data is also generated or created during the employment. Relating to employees, we may also receive data from tax authorities as well as pension and insurance companies.

Who processes personal data? Is it transferred to anyone?

People within our organization have access to the personal data for the purposes of performing their work tasks.

We store most of data in electronic form only and we use a substantial amount of various services providers and tools for performing our work. Such services provider may be considered as a data processor to HeadQ. We use third party services especially in the following matters:

In these situations, we make sure contractually and otherwise that the confidentiality of personal data is secured and data is processed and transferred lawfully and for our benefit only.

We may also provide personal data to a third party due to a legal obligation or requirement by an authority or a court, for responding to or preparing legal actions, or based on a person’s consent. We may also provide personal data to a third party if we are involved in a business sale, transaction or restructuring. 

Is personal data transferred outside the EU?

Personal data may be transferred outside the EU, as we store data and may use services of such services providers, which may locate outside the EU. If personal data is transferred outside the EU, we make sure that the transfer takes place using adequate safeguards required by data protection law, such as by transferring data to a country approved by the EU Commission or concluding a model agreement on the transfer of personal data published by the EU Commission. 

Automated decision-making and profiling

Profiling refers to any automatic processing of personal data in which, for example, a person’s interests are assessed using personal data. HeadQ may use profiling primarily to target digital advertising. Profiling aims to make content and marketing more relevant and personal. However, a person has the right to object to the processing of personal data on the basis of a legitimate interest (including profiling for marketing purposes). Profiling in the context of HeadQ marketing does not include automatic decision-making that would have legal or other similar effects on the individual.

How long is data stored?

We will not store personal data for a longer period than is necessary for its purpose or required by contract or law. The retention periods for personal data may vary based on its purpose and the situation as well as on the legal basis for processing personal data. The data may be deleted (1) when a person withdraws his/her consent or requests deletion of his/her data and we have no other grounds for processing personal data, (2) when a contractual relationship ends, (3) or when data becomes obsolete or is inaccurate. The retention period may also be based on laws (e.g. accounting, tax laws, employment contracts act, companies act). We may also update data from time to time. 

How is data stored and kept secure?

Personal data is stored primarily in electronic form and it is secured in accordance with general industry standards and practices. We consider and keep personal data confidential. Access to personal data is also protected with user-specific logins, passwords and user rights. Our premises are also safe and secure.

Is it mandatory to provide personal data? What happens if you don’t provide it?

We need some amount of personal data especially in customer relationships to conclude and fulfill contracts. We may require some personal data to register a user account and for verification purposes. Relating to employment we also need to process at least the minimum personal data required to fulfill employment contracts and legal obligations relating to employment. Collecting certain minimum personal data relating to shareholders is also a legal requirement. Potential partners and customers usually can decide how much and whether to share personal data with us.

What rights do you have?

Withdraw your consent
If we process personal data based on your consent, you can at anytime withdraw your consent by notifying us, for instance by contacting us using the contact details provided above. 

Access to data
You have the right to have confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.

Right to have errors corrected
You have the right to request that we correct any inaccurate or outdated personal data we have about you.

Right to prohibit direct marketing
You have the right to request that your personal data is not processed for direct marketing purposes by contacting us using the contact details provided above.

Right to object processing
If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore. 

Right to restrict processing
In certain situations you have the right to require that we restrict processing of your personal data.

Right to data portability 
If we process your personal data based on your consent or fulfilling of a contract, you have the right to require transfer of the data you have provided to us to another services provider in a commonly used electronic format.

How can you use your rights?
You can execute and use your rights by contacting us, for instance by using the contact details provided above. Remember also that we need to use reasonable measures to verify your identity before executing your rights. If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervising authority (Finland: tietosuojavaltuutettu; www.tietosuoja.fi). 

Can this privacy policy be updated?
We may make updates to this privacy policy when our operations change or develop. Also changes in law may make it necessary to update this privacy policy. The changes become valid once we have published them in the form of an updated privacy policy. Therefore, please visit this page and read this privacy policy from time to time. 

Third party technologies used by us and cookies on our website

We use cookies on our website and third party technologies to provide our services, analyze the use of our website, run our online platforms as well as for targeting content and marketing on our website or on third party channels, such as search engines and social media. List of the most essential third party technologies is provided at the end of this document.

What are cookies? 

Cookies are small text files that are placed on a web user’s computer and are designed to hold a modest amount of data particular to a user and a website. Cookies give us information how users use our website. We may use cookies to develop our website and services, analyze website use as well as target and optimize marketing efforts. If you do not wish to receive cookies, you may set your web browser to disable them. This is done usually in the “settings” page of your website browser and selecting the “private browsing” mode or “incognito” option. You may also from time to time delete the cookies stored on your device. Please note that most browsers accept cookies automatically. If you disable cookies, you should understand that certain services at our website may not function correctly.

Usually it is not possible to recognize a person or the user of the website from the data contained in cookies, but if you have previously registered as a user on our website or we otherwise have already personal data about you, the data from the cookies may be incorporated with such data. Therefore, sometimes data in the cookies may be considered as personal data.

Third party cookies and applications on our website

When using our website, we may run third party applications and certain third party services providers may store cookies on your device for the purposes of website and marketing analytics and development as well as targeting of content and advertising. These may include services providers such as Youtube, Google Analytics, Facebook and other similar services providers and marketing networks. Some of these may be located outside the EU. More information about the cookie and privacy policies of these services providers can be found from their website. We are not responsible on their data processing practices. Third party advertising targeting can also be managed on Your Online Choices website.

Most essential third party technologies:

Google Workplace
Notion
Slack
Pandadoc
Github
AWS
Font awesome
Hubspot
WordPress
Google analytics
Google ads
Twitter
Facebook
LinkedIn
Instagram
Youtube
Tawk.to
Clearbit
Mixpanel

We may update our practices relating to cookies due to changes in our business practices or in applicable laws.