Realmax - GDPR
Realmax is committed to respecting your privacy and complying with the laws applicable to processing personal data. Our operations and services require the collection and processing of personal data.
Our data protection principles describe the purposes for which we collect and process personal data, in addition to indicating who processes your personal data and what rights you have concerning your data, among other aspects.
Serving as the controller, Realmax processes your personal data in accordance with these principles and the applicable laws, so please read these data protection principles carefully. We may also update these principles as our operations develop or amendments are made to laws, so you should revisit this page from time to time.
TABLE OF CONTENTS:
1. Our key principles
2. How do we use your personal data?
3. What data do we collect and from which sources?
4. On what grounds do we process your data?
5. Who processes your data? Is it disclosed to third parties?
6. Is your data transferred to non-EU countries?
7. How long do we store your personal data for?
8. How do we protect your data?
9. Are you obligated to provide personal data?
11. What rights do you have?
12. How can you exercise your rights?
14. Who should I contact in matters related to data protection?
1 OUR KEY PRINCIPLES FOR PROCESSING DATA
Realmax respects your privacy and is committed to complying with the laws applicable to processing personal data, meaning the EU General Data Protection Regulation (GDPR) and section 10 of the Finnish Personal Data Act (523/1999).
1.1 The following key principles guide the processing of your personal data:
1.1.1 Personal data is confidential information
Your personal data is confidential. As a rule, your personal data is only processed by our employees. Under certain circumstances, however, our contractual subcontractors may process a limited amount of identifiable data.
1.1.2 Personal data is collected and used according to a plan
We avoid unnecessary collection, processing, and storage of personal data.
1.1.3 We have written contracts with our subcontractors
With regard to processing personal data, we only use subcontractors that enter into written agreements with us and commit to protecting personal data.
1.1.4 We only process personal data for your best interests
Our processing of personal data is always based on written agreements or a customer’s decision to provide us with their personal data in conjunction with using our website or signing up for our services. We never process personal data for purposes other than the customer’s interests, and the data is processed in accordance with the instructions provided by the customer.
1.1.5 Key purposes of processing personal data
We primarily use personal data to provide services, manage customer relationships, issue invoices, and market and sell services. In addition, we use personal data to further develop these operations.
Customer information is only processed within the scope permitted by the GDPR and the Finnish Personal Data Act in Realmax Oy’s own personal data files.
2 HOW DO WE USE YOUR PERSONAL DATA?
We only collect, store and process personal data for predetermined purposes.
2.1 The main purposes of use include the following:
2.1.1 Provision and delivery of services and customer relationship management
We process personal data in conjunction with matters related to customer relationship management, such as providing and delivering services, invoicing, collecting debt, processing complaints, providing customer support and measuring customer satisfaction.
2.1.2 Communication and marketing of services
To the extent permitted by law, we may also process personal data for marketing and direct marketing purposes. This may include processing and analyzing personal data with regard to targeted marketing or services.
For example, we may display targeted messages or content on our channels based on your earlier interests, or contact you by means of direct marketing.
2.1.3 Product development of marketing services
We are continuously developing our operations. For this reason, we may also use personal data to further develop our marketing services, such as creating and introducing new service concepts and improving our processes.
2.1.4 Fulfillment of statutory obligations
We may also collect and process personal data to meet our statutory obligations with regard to accounting or the authorities, for example.
2.1.5 Human Resources
As a rule, we only process personal data concerning employees and job applicants for HR administration purposes and to meet our obligations with regard to employment contracts as well as our statutory obligations related to employment relationships, and to assess job applicants and fill open positions.
3 WHAT DATA DO WE COLLECT AND FROM WHICH SOURCES?
We mainly collect personal data from you directly when you contact us or use our services. We may also collect personal data about customers from public sources and registers, such as LinkedIn and other social media channels.
We use services provided by Google Analytics to collect data about our website visitors in order to analyze and further improve our website and target relevant marketing.
As a rule, we only process personal data related to our customers (including potential customers), employees and job applicants.
3.1 Typically, we may obtain the following data directly from our customer’s contact person:
• The name of the customer’s employer company, the first and last names of the contact person, business address, business e-mail address, telephone number and job title
• Information about the contact person’s marketing permissions and/or prohibitions
• Categorization information (e.g., interests) provided by the individuals themselves
• Information submitted via contact forms and chat
• Customer feedback information
3.2 We may also process the following personal data when a customer uses our website or services:
• IP address or another identifier
• Order, invoicing and delivery information
• Data collected through cookies
• From other sources, we may obtain in particular the following information about the customer: data related to the use of social media, such as LinkedIn, Facebook and Twitter.
3.3 With regard to our employees and job applicants, we mainly process data provided by the individuals themselves and data generated during employment relationships:
• Basic information about the employee or job applicant
• The job applicant’s CV and application, as well as reference information received with the consent of the applicant
• Information necessary for salary payments
• Information necessary for fulfilling rights and obligations related to the employment relationship
• Certain sensitive information about the employee (trade union membership and health information), but only to meet our statutory obligations as an employer
With your consent, we may also collect and process other information; for example, when making reservations, events, we may ask you about your food allergies.
4 ON WHAT GROUNDS DO WE PROCESS YOUR DATA?
We are responsible for ensuring that we always have legal grounds for processing your personal data. We may process personal data on several grounds, but we always ensure that at least one legal reason exists.
With regard to the information stored in our customer and marketing data files, we mainly process data to prepare and execute agreements and based on our legitimate interests, which include in particular the provision, delivery, and development of our services; customer relationship management; direct marketing and the implementation, targeting and development of marketing; the processing of complaints and customer feedback; and the provision of maintenance and further development services.
With your consent, we may also use your e-mail address for sending newsletters and marketing messages or to process other data related to you. If we are only processing your personal data based on your consent, you are entitled to withdraw your consent at any time.
We may also process your personal data to meet our statutory obligations.
5 WHO PROCESSES YOUR DATA? IS IT DISCLOSED TO THIRD PARTIES?
As a rule, your personal data is only processed by Realmax Oy’s employees as part of their work.
Concerning personal data about our customers, we may use subcontractors, particularly with regard to data storage, customer relationship management (cloud storage services, project management and communication, CRM) and technical support.
We may also otherwise disclose data to meet contractual obligations or if required to do so by law or a competent authority.
In addition, we may disclose your data in conjunction with a business acquisition.
We may also disclose anonymized or statistical information that cannot be connected to an individual. If such information is no longer regarded as personal data, we may disclose it to third parties for purposes other than those specified here.
6 IS YOUR DATA TRANSFERRED TO NON-EU COUNTRIES?
Under certain circumstances, your personal data may be transferred outside the EU. Some of the cloud services we use, such as our cloud storage is located outside the EU.
If data is transferred outside the EU, we ensure that the destination has an adequate level of data protection as determined by the European Commission, that transferees located in the United States have Privacy Shield certification, or that the transfer takes place under the Model Contract Clauses issued by the European Commission. In other words, we always ensure that any transfers of data are carried out on legal grounds and are subject to sufficient protection mechanisms.
7 HOW LONG DO WE STORE YOUR PERSONAL DATA FOR?
We do not store your personal data for longer than is necessary for its purpose of use or is required by a contract or agreement or by law.
However, the storage periods for personal data may vary depending on the situation and purpose of use.
We also seek to update your data, if necessary. Any unnecessary data is deleted.
If we are required to store customer information or other personal data by law, such as the Accounting Act, we store the personal data until the statutory obligation expires.
8 HOW DO WE PROTECT YOUR DATA?
Your personal data is mainly stored in electronic format on our service provider’s servers, which are protected in accordance with general practices in the field.
The personal data that we collect and a process is kept confidential and is only disclosed to people who need it as part of their work or to our contracting partners, such as our subcontractors, confidentially and to a limited extent.
Access to your personal data is limited and protected by means of user-specific identifiers, passwords, and access rights. Our facilities are locked and protected.
9 ARE YOU OBLIGATED TO PROVIDE PERSONAL DATA?
If you refuse to provide your personal data or prohibit us from processing your personal data, we will probably not be able to serve you and fully meet the purpose of our operations.
On our website, we use services provided by Google Analytics to provide visitors with the best possible user experience. Cookies are small text files stored by the network server on the user’s terminal. Cookies provide us with information about how visitors are using our website.
Website visitors can allow or block cookies from their browser settings. Most browsers automatically allow cookies. Please note that blocking cookies may limit the functionality of our website.
11 WHAT RIGHTS DO YOU HAVE?
11.1 Withdrawing Consent
If we are processing your personal data based on your consent, you may withdraw your consent at any time by notifying us by, for example, sending an e-mail to
11.2 Access to data
You have the right to receive confirmation from us on whether we process personal data concerning you and to know what personal data we are processing. You also have the right to receive supplementary information about the grounds for processing your personal data.
11.3 Right to have errors corrected
You have the right to request that we correct any inaccurate, outdated or otherwise incomplete personal data concerning you.
11.4 Right to prohibit direct marketing
You have the right to prohibit us from processing your personal data for direct marketing purposes by sending an e-mail to
11.5 Right to object to processing
If we are processing your personal data based on a general interest or our legitimate interest, you have the right to object to the processing of your personal data to the extent that the processing is not based on compelling legitimate grounds that override your rights or to the extent that the processing is not necessary to meet a statutory obligation.
Please note that this may limit our ability to serve you, or even prevent us from serving you.
11.6 Right to restrict processing
Under certain circumstances, you have the right to demand that we restrict the processing of your personal data.
11.7 Right to have data transferred
If we have processed your data based on your consent or to execute an agreement, you have the right to receive in a commonly used format the data that you have submitted to us in electronic format, so that the data can be transferred to another service provider.
12 HOW CAN YOU EXERCISE YOUR RIGHTS?
You can exercise the rights described above by contacting us by, for example, sending an e-mail to
Please include your name, address and telephone number in your message, as well as a copy of your passport, driving license or another form of identification, so that we can confirm your identity.
14 WHOM SHOULD I CONTACT IN MATTERS RELATED TO DATA PROTECTION?
Ensi linja 1
Business ID: 2842291-8
Contact person: Hang Si, firstname.lastname@example.org