# Data controller contact details
Company name: Badrap Oy
Address: Teknologiantie 11
Business ID: 2846254-9
# Types of data collected
When discovering leads, we may collect your name, company, email address, and phone number. Our hosting, content delivery and analytics services collect visitor information in the form of IP addresses and cookies automatically submitted by your web browser.
# Purpose and legal basis for processing
We process your personal information for purposes of focusing and localizing marketing content, generating leads for our sales, distributing factual information and news related to our company and products and measuring and improving the website user experience.
Legal basis for processing personal information is our legitimate business interests. Initially, we use it to contact you to discover if you are interested in purchasing our services. When we contact you, you can opt-out from future contact attempts. Any follow-ups after a successful contact is made are based on your consent.
# Data sources
# Hosting and content delivery
We use Github, Github pages, and Netlify to deliver our website and relevant content to you. We also use HubSpot for sending email to you in few cases: 1) we have identified you might be interested in our products, 2) you have opted into our newsletter, or 3) your employer has subscribed to our services which require email communication beyond the communication badrap.io service itself sends. In order to work as efficient content delivery platforms, they may collect and use information that web browsers expose automatically, such as the browser version, IP address, site-specific cookies, device identifiers, language preference, referring site, the time of access and user’s operating system. These services should collect only minimal information required to deliver the content and we don’t use these services to collect any information for processing. Some of these services may provide you an option to register directly as their user to improve the user experience. If you have directly registered to any of these services, we advise you to study their respective privacy policies.
# Marketing and customer relationship management (CRM)
We search for publicly available data to discover leads. We use Linkedin, RocketReach and Alma Talent company search to identify people in roles implying they may be interested in our products. We also use online forms to collect product inquiries and subscriptions from leads and customers. We use HubSpot, Stripe and DepositFix to record their contact information. We record the company name and optionally email, your name, VAT number, payment details and phone number, depending on what information is available or provided. We use this information to contact you if you are interested in purchasing our services or to provide you the services you have subscribed to. Further contacts are based on your consent.
# Customer Success and Support Emails
We use Google Workspace, Microsoft Office 365 and Hubspot for email communications with customers. This includes support requests, customer success discussions, general inquiries and sales discussions. When you contact us, you consent and acknowledge that we will be processing any personal data you may include in your email with the aforementioned third-party services.
# Customer Meetings
# Embedded Content
We use ActiveCampaign for automating playbooks, such as Employee Cyber Hygiene online training and trials. Customers provide their email address or email addresses for us. Participants may submit further information via forms. Playbook automation requires us to track the progress of the users. Sometimes we also provide progress statistics to the playbook customers.
# Your rights as a data subject
You have the following rights according to GDPR regarding the processing of your personal data. You can exercise your rights by contacting us by email.
Right of access: You have the right to check at any time, what personal information we have stored about you.
Right to object: You have the right to object to our processing of your personal data, if you think that our processing does not happen according to the GDPR or if you think we have no lawful basis for processing your data.
Right to erasure: You have the right to remove your personal data at any time.
Right to data portability: You have the right to request a machine-readable summary of your personal data from us, so that you can transfer them to another service provider.
Right to lodge a complaint: You have the right to complain to the supervisory authority if you think we are in violation of your rights, in violation of GDPR, or the Finnish law regarding personal data protection. The supervisory authority in this case is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland.
Right to object to direct marketing: You have the right to object to using your personal data for direct marketing purposes.
# Duration of processing
Email addresses submitted by the users are retained until the user unsubscribes. If a subscriber requests a permanent opt-out from any future marketing, then that opt-out address is retained until the person in question requests to be removed from the opt-out list.
# Data recipients
Visitor information is processed only by named employees of Badrap Oy, who are responsible for developing and maintaining the website. Email addresses and subscriptions are processed by our sales and marketing personnel. Currently we employ no subcontractors or other third parties to process any personal information.
# Data transfers outside of EU
Content delivery services utilize geographically distributed servers in order to deliver the content efficiently, making it difficult to determine the actual location where short-lived visitor data automatically submitted by the web browsers is stored.
External services used by us for content delivery and marketing collect and process data outside of the EU. Where possible we have configured these services to anonymize collected IP addresses. We use only service providers that comply with an adequate level of data privacy as required by the GDPR and that are committed to following relevant EU regulations.
# Automated individual decision-making
Your personal data is not used for automated individual decision-making or profiling.
# Data protection principles and measures