1. General

Dear Lucy Oy (later “we”) is committed to ensuring the confidentiality and data protection of personal data at its possession. This privacy policy is applied to personal data that we collect about the visitors of our website (later “you”). This privacy policy describes what kind of personal data we receive and collect through your use of our website and how we process such personal data.

By using our website, you consent to the data practices described in this privacy policy. We may update this privacy policy from time to time, for example due to changes in applicable legislation, which is why we recommend that you occasionally review this privacy policy for any changes. We will use reasonable efforts to notify you of any changes in advance. This privacy policy was last updated on 24th of May 2018.

2. Data Controller

Name: Dear Lucy Oy
Address: Kanavaranta 7 D 19, 00160 Helsinki, Finland
Email: privacy@dearlucy.co
Business ID: 2636051-4

3. What Personal Data do we collect and how?

We collect certain personal data about you that we receive automatically when you use our website. This includes information concerning the exploitation of our website and content (e.g. subscription to a newsletter), technical information sent to our server by your browser (e.g. IP-address, browser, browser version, the webpage from which you came to our webpage) as well as the cookies sent to your browser and information related to them (additional information on cookies and similar technologies below in Section 10).

In addition, the following categories of personal data are collected by voluntarily submit on our website:

your name;
your contact details: email address and telephone number; and
the company you are representing and your position in the company.

4. Basis for and Purposes of Processing Your Personal Data

The basis for processing your personal data is our legitimate interest based on our purposes of use determined below. We may also send you electronic direct marketing messages based on your consent.

We process your personal data to:

process and reply to your requests;
present the content of our website in a manner ideal for your device;
monitor the use of our website and to improve the site functionality and the user experience;
monitor the efficiency of our sales promotion and marketing campaigns;
advertise and offer our services to you as allowed by law;
improve customer communications and to recognize potential customers.
We do not further process your personal data for other purposes than those described in this privacy policy.

5. Regular Disclosures and Transfers of Your Personal Data to Third Parties

Your personal data may be transferred to our sales and marketing business partners.

Our business partners may process your personal data only for the purposes defined in this privacy policy. We always ensure that our partners do not process the personal data transferred to them for any other purposes.

6. Transfers of Your Personal Data outside the EU or European Economic Area

In some cases, we transfer your personal data outside the European Union or the European economic area in accordance with data protection legislation to the following operators: Pipedrive Inc. and Google Inc.

In all situations, we transfer your personal data outside the EU or the European Economic Area only based on one of the lawful grounds mentioned below:

the EU Commission has decided that the recipient country in question ensures an adequate level of protection;
we have established appropriate safeguards for the transfer of personal data by using the standard data protection clauses approved by the Commission. You shall then have the right to obtain a copy of such standard clauses by contacting us in the manner described in the section ‘Contacts’; or
you have given your explicit consent for the transfer of your personal data or another lawful basis for the transfer of your personal data outside the EU or EEA exists.

7. Principles for the Retention of Your Personal Data

We will retain your personal data for the period of time required for the processing purposes set out in this privacy policy. We will in any case remove your personal data at the latest after two years from the collection of the personal data.

Your personal data may be retained for longer if applicable legislation or our contractual obligations towards third parties require a longer retention period.

8. Rights of a Data Subject in Relation to the Processing of Personal Data

As a data subject you have the right, at any time, to object to the processing of your personal data for direct marketing purposes. You may give us channel-specific consents and prohibitions concerning direct marketing (e.g. prohibit marketing messages sent by e-mail but allow marketing messages sent by mail).

In addition, you have the right to, according to applicable data protection legislation, at any time:

be informed about the processing of your personal data;
obtain access to data relating to you and review your personal data we process;
require rectification and completion or erasure of inaccurate and incorrect personal data;
withdraw your consent and object to the processing of your personal data in so far as the processing of your personal data is based on your consent;
object to the processing of your personal data on grounds relating to your particular situation in so far as the processing of your personal data is based on our legitimate interest;
receive your personal data in a machine-readable format and transmit those data to another controller (provided that you have delivered us such data yourself, we process such personal data based on your consent and the processing of personal data is carried out by automated means); and
obtain a restriction of processing of your personal data.
You should present your request for exercising any of the forementioned rights in the manner described in the ‘Contacts’ Section of this privacy policy. We may ask you to specify your request in writing and to verify your identity before processing the request. We may refuse to fulfil your request on grounds set out in applicable data protection legislation.

If you withdraw your consent, it will not affect the lawfulness of the processing based on consent before its withdrawal. You may withdraw your consent in accordance with section “Contacts” below. The only impact caused by withdrawal of your consent is that we will not be able to send direct marketing to you.

You also have the right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the EU member state of your habitual residence or place of work, if you consider that we have not processed your personal data in accordance with applicable data protection legislation.

9. Principles of Data Security

We respect the confidentiality of your personal data. Tangible material containing personal data shall be kept under lock and key in a space to which only separately appointed persons have access. Personal data processed digitally are protected and stored in our information system accessible to persons on a need-to-know basis only. Such persons have personal user credentials and passwords.

10. Information on Cookies and Similar Technologies

A “Cookie” is a commonly used small text file that the internet browser installs on your computer or other terminal when you visit a website. The browser sends information on your visit back to the website when you revisit it. All contemporary websites use cookies in order to offer you a more personal browsing experience.

Each cookie is separately installed on each terminal you use and cookies can be read only by the server that installed the cookie. Because the cookie is bound to the browser, and is not distributable between separate browsers or terminals in general (unless a browser, plugin or other application separately enable this), your choices relating to the management of cookies are applicable only to each separate browser. A cookie cannot control software, and it cannot be used as a medium for viruses or other malware, nor to harm your terminal of files. A single user cannot be identified solely through the use of cookies or similar technologies.

We use Google Analytics on our website in order to analyse, how users use use the website. Google Analytics is a web analytics service offered by Google Inc. (“Google”) that functions by using cookies. Please note that Google’s terms and conditions are applied to cookies installed by Google. More information on Google’s terms and conditions can be found from https://www.google.com/policies/privacy/partners. You can prevent the use of Google Analytics on your terminal(s) by contacting us in accordance with Section 11 below. Please note that if you decide to prevent the use of Google Analytics, it may affect your use of the website and hinder the functioning of its properties and functions.

11. Contacts

All requests concerning the use of the rights mentioned above, questions about this privacy policy and other contacts should be made by e-mail to privacy@dearlucy.co. You may also contact us through the contact function on our website, in person in our offices or in writing:

Dear Lucy Oy
Rasmus Back
Kanavaranta 7 D 19
00160 Helsinki, Finland

If you wish to withdraw your consent for direct marketing, it can be done by clicking on a link found in each direct marketing message.