Prodect service privacy policy; Customers, users and marketing
Date of creation: 4.11.2025
1. Data Controller
A-Insinöörit Rakennuttaminen Oy
Kalevantie 2 , 33100 Tampere, Finland
0207 911 888
(hereinafter referred to as “we”)
Contact person for register matters: Lasse Virta, info@prodect.fi
2. What data do we process and what is the purpose and legal basis for processing personal data?
We collect the following personal data about the customers, users and potential customers of the Prodect service, e.g. when you visit our website. The provision of personal data marked with an asterisk (*) is a prerequisite for the establishment of our contractual and/or customer relationship. Without the necessary personal data, we cannot deliver the Prodect service.
| PERSONAL DATA | PURPOSE OF PROCESSING | LEGAL BASIS |
|---|---|---|
|
Basic information*, such as name, customer number, username and/or other unique identifier, password, service language Contact information*, such as email address, phone number, address information Information concerning the company and the company’s contact persons, such as business ID and the names, titles and contact details of the contact persons |
To deliver and develop our products and services | Our legitimate interest |
| Customer surveys | ||
| To fulfil our contractual and other promises and obligations | Implementation of the Agreement | |
| Invoicing | ||
| Marketing our services to companies | Our legitimate interest | |
| Accounting | Legal obligation | |
| Possible direct marketing prohibitions and consents | Comply with the customer’s wish not to receive direct marketing | Our legitimate interest in fulfilling our legal obligation to ensure that we comply with the direct marketing prohibition in accordance with the law |
| Information related to the events you participate in such as registration information, special diets, billing information | Organising events | Our legitimate interest in hosting events and, if necessary, invoicing |
| Consent for health data (e.g. allergies) | ||
| Customer relationship and contract information, such as information about past and valid agreements and orders, correspondence and other contacts with you, payment information, and information you voluntarily provide to our systems | To fulfil our contractual and other promises and obligations | Implementation of the Agreement |
| Invoicing | ||
| Managing the customer relationship | Our legitimate interest in managing and developing the customer relationship | |
| Accounting | Legal obligation | |
| Information about the data connection you use and the end device, such as IP address, device ID or other device-specific identifier, cookie information, and information about the use and maintenance of the service, such as technical information sent to the server by the application (e.g. performed operations). | Targeting advertising in our online services | Consent |
| Behavioural analysis and profiling | ||
| Device location information | Saving the geographical location of an individual piece of information recorded in the service, when the user has separately approved the storage of the location | Consent (you can give and withdraw consent in your device’s settings) |
In connection with the various functionalities of the Prodect service, we process personal data as follows:
- Audio recording: The Prodect mobile app can record speech and convert speech to text. Recording only takes place when the microphone button is pressed in the app.
- Data storage: Data is stored on Amazon Web services servers. The deleted data is removed from the other user’s device the next time they open the app and the data is synchronized.
- Sharing information: The application can be used to share links to the information content by email. The shared information can only be read with the help of a link.
- User identification: The service uses the email address as a user identifier, and the email address is also visible to other users in some functions. Access to the project is allocated based on the email address. The app verifies the email address by sending a verification code to it. The email address will not be used for any other communication than related to the program and will not be disclosed to any third party.
3. Where do we get the information?
We primarily receive information from the following sources: you or the company you represent, the population register, authorities, credit reference agencies, contact information service providers and other similar reliable parties.
In addition, personal data may also be collected and updated for the purposes described in this Privacy Statement, also based on publicly available sources and information obtained from authorities or other third parties, within the limits of applicable law. Such data updates are carried out manually or by automated means.
4. To whom do we disclose and transfer data, and do we transfer data outside the EU or EEA?
We do not disclose your personal data to third parties.
We only transfer personal data for processing to our subcontractors who act on our behalf. Even then, personal data is mainly in the EU/EEA. However, for certain limited parts, some of our service providers may offer us some of their services from countries outside the EU/EEA. In such cases, we have ensured an adequate level of data protection in accordance with the requirements of EU data protection law, including by transferring data only to countries that have an adequacy decision approved by the European Commission or, alternatively, by using, where appropriate, standard contractual clauses approved by the European Commission (together with appropriate technical and organisational safeguards).
5. How do we protect the data and how long do we store it?
The data of the service is stored in the Amazon Web services (AWS) cloud service. Encrypted connections are used for data transfer.
Only those of our employees who have the right to process customer data due to their work are entitled to use the system containing personal data. Each user has their own username and password for the system. The data is collected in databases that are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked facilities, and the data can only be accessed by certain pre-named persons.
We regularly assess the necessity of data retention, taking into account applicable legislation. In addition, we take reasonable measures to ensure that no incompatible, outdated or incorrect personal data of the data subjects is stored in the register. We will rectify or delete such information without delay.
6. What are your rights as a data subject?
You have the right to inspect the information stored about you in the personal data register and to demand the rectification or deletion of incorrect, outdated, unnecessary or unlawful data. If you have access to your data, you can edit your data yourself. To the extent that the processing is based on consent, you also have the right to withdraw or amend your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing that took place before the withdrawal of the consent.
You have the right to object to or request the restriction of the processing of your data and to lodge a complaint about the processing of your personal data with a supervisory authority.
For special personal reasons, you also have the right to object to processing operations concerning you when the processing is based on legitimate interest. In connection with your claim, you must specify the specific situation on the basis of which you object to the processing. We may refuse to comply with a request for objection only on the grounds provided for by law.
You always have the right to prohibit us from using your personal data for direct marketing purposes by using the opt-out option offered in connection with direct marketing messages or by notifying us.
7. Who can you contact?
All contacts and requests regarding this policy must be made in writing or in person to the contact person named in section 1.