Experimentis Oy is committed to respecting and protecting your privacy. This Privacy Statement describes what type of personal data Experimentis OY may collect about its: customers, potential customers, vendors and other business partners and their representatives with whom we have a business relationship or aim to develop one; how it may be used and processed and how it is protected.

1. Data controller

Experimentis Oy
Business identity code: 1792309-8
Address: Tikkalantie 2, 26100 Rauma, Finland

2. Legal basis and purpose of personal data processing

Processing your personal data by us is based on Experimentis Oy’s legitimate interest in the implementation of the customer relationship, conduct and maintain business operations effectively.

The purpose of processing personal data is:

Fulfilling our contractual and other promises and obligations
Maintenance and development of customer relationships
Supporting sales and sourcing activities
Invoicing, taxation, and related financial transactions
Business development
Contract management
Marketing our services
Conducting customer and vendor surveys
Organizing events and exhibitions
Contacting you to provide you with information about our new services

3. Personal data to be processed

Experimentis Oy needs to collect and use certain types of personal data, of its customers, potential customers, employees, potential employees, investors, vendors, and other business partners and their representatives with whom we have a business relationship or aim to develop one. This includes all other individuals with whom Experimentis Oy deals with, in order to carry out its business operations.

Contact details such as name of person, email address, telephone number, address information, job title/position at the company.
Details concerning the technical arrangements of events/visits, such as – food allergies.
Information about the company such as business ID, contact information, information on past and current contracts and orders, billing information.

When processing your personal data, Experimentis Oy will comply with applicable data protection laws. Experimentis Oy reserves the right to change the contents of the data register without notice to the individual.

4. Where do we gather information?

Experimentis Oy primarily receives the information directly from the individuals. Personal data may also be gathered via other representatives of the client organization. Information regarding potential clients may also be collected from public sources, such as the company’s website. In addition, personal data may also be collected and updated for the uses described in this data privacy declaration, also from publicly available sources and information obtained from public authorities or other third parties, within the limits of applicable law.

5. Use of cookies

Experimentis Oy may employ cookies. A cookie is a small text file that the browser saves on the user´s device. Cookies are used to implement services, facilitate login, and enable the compilation of statistics on services. Users may prevent the use of cookies in their browser programs, but this may prevent the system from operating appropriately.

6. To Whom do we grant and transfer information, and do we transfer data outside the EU or the EEA

Experimentis Oy exclusively uses the collected data for management and internal purposes.
Experimentis Oy has outsourced IT management to an external service provider, which has access to the company’s database for safekeeping and technical troubleshooting purposes.
Regarding subcontractors, Experimentis Oy has taken care of data privacy by implementing agreements that protect the processing of personal data.
Experimentis Oy will not disclose gathered data in any other circumstances than the above mentioned unless we have your consent or if disclosure is required by law.
Experimentis Oy will not transfer personal data to countries located outside the European Economic Area (EEA).

7. Protection and storage of personal data

Experimentis Oy has taken appropriate technical and organizational measures to restrict access to the personal data it holds and to protect it against loss, accidental destruction, misuse, and unlawful alteration.

The collected data is stored in Experimentis Oy’s information system. The access to the information database, in its whole or parts of it, has been restricted to a limited group of users, which include employees who exceptionally have the right to process stored personal data to fulfill their work.

The database’s environment has been protected with appropriate firewalls and other technical safeguards. The purpose of the above-mentioned measures is to secure the confidentiality, availability and integrity of the personal data to be stored in the register, as well as the implementation of data subjects’ rights. Databases and their backups are physically located in locked spaces with restricted access.

Experimentis Oy stores personal data as long as required for the limited purposes previously mentioned or as required to meet legal and/or regulatory requirements. Experimentis Oy evaluates the need for data retention on a regular basis, considering the applicable legislation. In addition, reasonable measures are implemented to ensure that the data does not contain any incompatible, outdated, or inaccurate personal data in the register for purposes of processing. Experimentis Oy will correct or destroy inaccurate information promptly or upon request by the subject.

8. Automated decision making
No automated decision-making takes place in the data processing.

9. Access to your personal data and your other rights

Data subjects have the right to withdraw their registration. Data subjects have the right to lodge a complaint with the Data Protection Authority if the subjects consider that the data processing regarding them is in breach of data processing legislation in force.

Data subjects have the following rights under the EU´s General Data Protection Regulation:

a) Right to Access: The data subject has the right to obtain information about the processing of their personal data and to access that data. (article 15)
b) Right to Rectification: The data subject has the right to request correction of inaccurate or incomplete data. (article 16)
c) Right to Erasure: The data subject has the right to request the deletion of their data unless there is a legal basis for processing. (article 17)
d) Right to Restriction of Processing: The data subject has the right to request restriction of data processing. (article 18)
e) Right to Data Portability: The data subject has the right to receive their data in a portable format for transfer to another system. (article 20)
f) Right to Object: The data subject has the right to object to the processing of their personal data, especially in direct marketing. (article 21)

10. Who can I contact

If you have any questions about Experimentis Oy’s privacy policy or if you would like to exercise one of your data protection rights, please do not hesitate to contact us. All contacts and requests for this report must be made in writing to Eric Enqvist – eric.enqvist@scitech.fi.

11. Changes in our privacy policy

Experimentis Oy reviews its privacy policy on yearly basis, with the last revision to this declaration taken place on the 13th of March 2024.