Privacy policy

This policy describes the principles based on which we collect and process personal data related to the provision of digital marketing services.

Although our customer base exclusively comprises businesses, organisations and entrepreneurs, we would not be able to run our business without a certain degree of personal data processing. Personal data includes names, email addresses, photographs and other information related to an identified or identifiable person.

We collect and process personal data in accordance with this privacy policy and the applicable legislation. We kindly request that you carefully familiarise yourself with this privacy policy. In our customer relationships, we often act as the personal data processor on behalf of controllers, who are our clients. In this regard, we only process personal data based on agreements in the interests and on behalf of each individual client. In these cases, the principles of personal data processing are described in our clients’ privacy policies.


In relation to the personal data processing described in this privacy policy, the controller is (hereinafter, also ‘Studio’, ‘we’ or ‘us’):

Studio Pekka Piippo Oy
Business ID: FI29276617
Immersbyntie 149
01120 Västerskog, Finland
Tel: +358 40 512 3836

Should you have any questions or requests relating to data protection, please contact us using the contact details mentioned above.

For which purposes and on what grounds does Studio collect personal data?

We collect, store and process the personal data of our clients and personnel (incl. potential clients and applicants) for pre-determined purposes. We also ensure that we always have at least one set of lawful grounds for processing. The primary purposes of use and grounds for processing include:

Offering and provision of marketing services for corporate and organisational clients

We collect and process personal data for the purpose of offering and delivering our services and to fulfil our contractual obligations. This includes standard customer management and contacts, project implementation, invoicing, debt collection and processing of feedback. We may also process clients we consider potential prospects.

In this regard, the lawful grounds for personal data processing are specifically the agreement between us and our client, the preparation measures for the agreement, and our legitimate interests.


Marketing and customer communications

We may process personal data in customer communications and in order to deliver messages to our clients about our services.

We may also conduct customer satisfaction surveys, market research or other similar surveys.

We process personal data for direct marketing purposes (incl. search engine advertising), to personalise advertising and content (incl. advertising in social media channels) and to form customer or user segments.

On the basis of our legitimate interests, we may send you marketing messages by email. In restricted situations, we may also conduct electronic direct marketing based on your advance consent; we shall do so in any case, should the applicable law so require. However, you may withdraw your consent at any time. Even if marketing does not require consent, you have the right, at any time, to prohibit direct marketing targeted at you.

We may use the services of third parties for marketing purposes, or disclose data in a restricted manner to our partners for the purposes or their marketing.

We may publish client testimonials or cases based on your consent.

In this regard, the lawful grounds for personal data processing are specifically our legitimate interests and partially the consent given by the individual in question.


Analysis of services and development of our business

We aim to develop our services on a continuous basis. This requires analysis and tracking of the use of our services. We also process data for the purposes of improving service quality and ensuring data protection. We may use the services of third parties in analysing and tracking service usage.
In this regard, the lawful grounds for personal data processing are specifically our legitimate interests.


Fulfilment of legal obligations and other legal grounds

We may process personal data for the purpose of fulfilling our legal obligations (incl. bookkeeping, taxation, employment contracts legislation), for the establishment, exercise or defence of legal claims, for preventing and investigating fraud or whenever a court of law or competent authority so requires.
In this regard, the lawful grounds for personal data processing are specifically fulfilment of legal obligations and our legitimate interests.


Recruitment and human resource management

We process personal data in connection with job applications or recruitment and in handling standard human resource management duties. These include the fulfilment of obligations relating to employment contracts, payment of wages, taxation issues and the fulfilment of legal obligations relating to employment relationships.

In this regard, the lawful grounds for personal data processing are fulfilment of contractual obligations (employment contract) and fulfilment of legal obligations relating to employment relationships, in some cases also consent given by an employee or applicant.


Which personal data do we collect and process?

We mainly process personal data concerning clients and employees (incl. potential clients and applicants) for the purposes described in this privacy policy.

Information concerning clients and potential clients, including: the name of the employing company, individual’s name, work role, telephone number, email address, time of joining the email list, location (based on the IP address), time zone, language, method of joining, data on opening of email, data on clicking of links in email, identifier identifying the user; information provided in connection with support and contact requests; information required for invoicing purposes; and marketing consents and bans.


Information concerning applicants and employees, including:

Employees: name, contact information, personal ID, tax ID, employment contract, pay and information required for payment of wages, information on absences due to illness

Applicants: name, contact informatio, education, experience, qualifications and work history, application and CV, references and referees (subject to consent), LinkedIn profile data (for applicants, subject to consent), results of aptitude tests (participation in test subject to consent), physical examination of applicant during probation period and statement on work capacity.


Sources of personal data

Clients and potential clients
We collect personal data relating to our clients and potential clients, particularly from the individual concerned. We also collect data relating to the use of our website through Google Analytics and other similar analytics services, such as Matomo and Hotjar. We use tracking codes and advertising systems for the targeting of content and advertising (incl. remarketing) and to measure their efficiency (e.g. Google Adwords, Adform, Twitter, Facebook, LinkedIn and Readpeak).

Information is generated and collected during customer relationships, but this mainly concerns businesses, not individuals. In prospecting for clients, information on potential clients is collected from events, seminars and by prospecting clients from sources such as company websites, through LinkedIn or by using sales lead services (e.g. Leadfeeder). In addition, we may gain some information from public or other outside sources or registers.

If you wish to prevent Google Analytics from collecting information about the pages you read, you can use the Google Analytics Opt-Out plugin. For blocking other tracking codes, you can use the Ghostery plugin, for example.


Employees and applicants
With regard to applicants and candidates, we mainly collect the personal data of applicants from the individual in person and, subject to consent, from other sources (including LinkedIn, references and possible personality and aptitude tests) and – for candidates – from public sources (such as LinkedIn), when seeking suitable potential employees for our organisation on our own initiative.

Concerning personnel, we mainly collect personal data from the individual in person and from other sources, subject to consent. Regarding personnel, we may process information generated otherwise during the employment relationship.


Who processes personal data and is data disclosed to third parties?

Personal data is processed by personnel employed by us, for purposes in accordance with this privacy policy, in performing their duties at work. We may also disclose personal data to our suppliers and service providers, to whom we have partly outsourced personal data storage or processing (e.g. cloud storage services, cloud services for customer data and communications, financial management, invoicing and payment services). These service providers have a contractual relationship with us, and they usually have no right to use the information for purposes other than in our interests.

Otherwise, we may disclose information should the law, a court of law or competent authority so require, for the defence of legal claims or for the preparation of such, or if the individual has given their consent to the disclosure of information. We may also disclose information if we are party to an acquisition or asset deal, or another business or corporate arrangement.


Is personal data transferred outside the EU?

Personal data may be transferred outside the EU, particularly because data is saved and processed almost entirely in electronic form and some of the service providers we use for saving and processing data may be located in a non-EU country (the United States in particular). However, we always ensure that any transfer of personal data outside the EU is in compliance with adequate protection, as required by data protection legislation. Primary options include (1) transfer to a country with adequate data protection safeguards approved by the EU Commission, (2) transfer of data to companies certified under the EU-US Privacy Shield (transferees based in the United States), or (3) use of the European Commission’s Standard Contractual Clauses.


How long will personal data be stored?

We will not store personal data any longer than necessary in view of the purpose in question, or as required by law or an agreement. Personal data can be erased whenever the individual in question withdraws their consent or requests erasure of the personal data (and we have no other legal basis for processing). Due to technical reasons, data may, however, be saved in our backup copies to a certain extent and for a limited period. Data storage periods may be governed by legislation (e.g. bookkeeping, Employment Contracts Act) and periods related to presenting legal claims (e.g. limitation periods). If necessary, we may update or erase outdated or incorrect data.

The storage period of applicant data is 24 months.


How is personal data stored and protected?

Personal data is stored almost entirely electronically, and the data is protected in line with the general standards applicable in the field. Access to personal data is restricted through access rights. We process the data confidentially and will not use or disclose data in any way other than that described in this privacy policy. Our premises are well protected and locked.


Mandatory disclosure of data and consequences of non-disclosure

Disclosure of personal data is voluntary, particularly regarding potential clients and applicants. Insufficient data may, however, impact on the processing of a job application by us, or the contacting of a potential client.

In some respects, disclosure and processing of personal data is mandatory in a customer relationship in order to fulfil agreements, to enable us to ensure that individuals signing contracts on behalf of our corporate clients are competent and eligible to do so, and in order for us to fulfil our contractual obligations and, on the other hand, exercise our legal rights.

In an employment relationship, we need personal data to fulfil our obligations under employment contracts and the law.


Your rights and influence

Right to withdraw consent. If we process your personal data based on your consent, you have the right to withdraw your consent at any time by informing us that you wish to do so, for instance by contacting us using the contact information mentioned above.

Right of access to personal data and requests for verification. You have the right to receive confirmation from us on whether we process personal data concerning you, and the right to know which items of your personal data we process. In addition, you have the right to receive complementary information concerning the basis for processing your personal data.

Right to have inaccurate personal data rectified. You have the right to request that we rectify any incorrect, outdated or otherwise inaccurate personal data concerning you.

Right to ban direct marketing. Even if we do not process your personal data for direct marketing purposes based on consent, at any time you can prohibit the processing of your personal data for direct marketing purposes, for instance by contacting us using the contact information mentioned above.

Right to object to processing. If we process your personal data on the basis of a public interest or our legitimate interests, you have the right to object to the processing of your personal data in so far as no compelling legitimate grounds for processing exist which override your rights, or the processing is not necessary for the establishment, exercise or defence of legal claims. Please note that in such cases, we will probably not be able to serve you any further.

Right to restrict processing. In certain situations, you have the right to demand that we restrict the processing of your personal data.

Right to data portability. If we have processed your personal data on the basis of your consent, or in order to fulfil an agreement, you have the right to receive any personal data, electronically in a commonly used format, which you have submitted to us, in order to transmit the data to another service provider.


How can you exercise your rights?

You can exercise the rights mentioned above by contacting us, using the contact information mentioned above. We must use reasonable means to verify your identity. If you consider the processing of your personal data unlawful, you may file a complaint with the competent supervisory authority (Data Protection Ombudsman).


Can this privacy policy be updated?

We may update this privacy policy if our operations or data protection principles change. Updates may also become necessary in response to changes in legislation. The changes will enter into force when we have published an updated privacy policy. We therefore advise you to familiarise yourself with the content of this privacy policy from time to time.


Cookies on the website

We use cookies on our website for purposes such as delivering our services, analysing the use of our website, the production and targeting of content, and advertising as well as developing our services and the website.

Cookies are short text files that the web server saves in the user’s mobile device or computer when visiting the website. When you visit our website again, cookies are recognised by sending them back to our website or another service provider we use. Cookies enable us, for instance, to identify the user’s device when returning to the website in order to modify the content or advertising, analyse website usage, remember your subjects of interest and the choices you make, and improve the user experience on our website in other ways.

Cookies usually include data that does not facilitate the identification of a certain individual or website user. If, however, you are a registered user of the website and the automated marketing software recognises you as a user, or we have personal data concerning you otherwise, it may be possible to link the data collected through cookies with such data.


How to control cookies

Cookies are managed through the settings of web browsers and most browsers allow cookies. You can prohibit cookies in your browser settings, or empty or remove cookies from your browser from time to time. By emptying cookies from time to time, you will affect the identifier according to which a profile is formed on the use of your device. Cookie settings can usually be modified in the browser’s Settings menu or by modifying the browser settings by switching them to ‘private’ mode, which prevents the browser from saving any cookies when visiting websites. Please note, however, that if you modify the cookie settings, you may affect or restrict the functionality of the website. This applies not only to our website, but others as well.

We may disclose information collected by cookies to third parties, for purposes described in this cookie policy and the privacy policy.


Third parties’ cookies on our website

We use third party cookies on our website, in particular to analyse, track and develop the use of our website, and to target and display advertising, marketing and content in our service or that of third parties.

Our website also includes embeddings of other social network services, including YouTube, Facebook and LinkedIn, from which the service provider in question may collect and use cookies for other purposes of their own. Our website may include the share or similar functions of social media services.

Key third parties relating to the use of our website, which may place cookies on your terminal device, include Google Analytics, Google Tag Manager, Facebook, Instagram, Twitter, Adform, Readpeak, HubSpot and Google Adwords, as well as other similar service providers or advertising networks. Here, you can manage the way Google Adwords targets marketing. Some of the service providers in question may save data or be located outside the European Union. Further information on these service providers’ cookie and data protection policies is available in the privacy policies of the services in question. We are not responsible for the processing of cookies and other data via these services.