# Data controller contact details
Company name: Badrap Oy
Address: Teknologiatie 18 B
Business ID: 2846254-9
# Types of data collected
When discovering leads, we may collect your name, company, email address, and phone number. Our hosting, content delivery and analytics services collect visitor information in the form of IP-addresses and cookies automatically submitted by your web browser.
# Purpose and legal basis for processing
We process your personal information for purposes of focusing and localizing marketing content, generating leads for our sales, distributing factual information and news related to our company and products and measuring and improving the website user experience.
Legal basis for processing personal information is our legitimate business interests. Initially, we use it to contact you to discover if you are interested in purchasing our services. When we contact you, you can opt-out from future contact attempts. Any follow-ups after a successful contact is made are based on your consent.
# Data sources
# Hosting and content delivery
We use Github, Github pages, and Netlify to deliver our website and relevant content to you. We also use HubSpot for sending email to you in few cases: 1) we have identified you might be interested in our products, 2) you have opted into our newsletter, or 3) your employer has subscribed to our services which require email communication beyond the communication badrap.io service itself sends. In order to work as efficient content delivery platforms, they may collect and use information that web browsers expose automatically, such as the browser version, IP address, site-specific cookies, device identifiers, language preference, referring site, the time of access and user’s operating system. These services should collect only minimal information required to deliver the content and we don’t use these services to collect any information for processing. Some of these services may provide you an option to register directly as their user to improve the user experience. If you have directly registered to any of these services we advise you to study their respective privacy policies.
# Marketing and customer relationship management (CRM)
We search for publicly available data to discover leads. We use Linkedin, RocketReach and Alma Talent’s company search to identify people in roles implying they may be interested in our products. We use HubSpot to record their contact information. We record company name, and optionally email, your name, and phone number, depending on what information is available. We use this information to be able to contact you to check if you would be interested in purchasing our services. Further contacts are based on your consent.
# Employee Cyber Hygiene Online Training
We use ActiveCampaign for running Employee Cyber Hygiene online training and trials. To provide the service, participants provide their email address and the name of their employer. Participants also give answers to quiz questions, which we collect. Finally, we track the progress of the users to provide statistics to the customer.
# Your rights as a data subject
You have the following rights according to GDPR regarding the processing of your personal data. You can exercise your rights by contacting us by email.
Right of access: You have the right to check at any time, what personal information we have stored about you.
Right to object: You have the right to object to our processing of your personal data, if you think that our processing does not happen according to the GDPR or if you think we have no lawful basis for processing your data.
Right to erasure: You have the right to remove your personal data at any time.
Right to data portability: You have the right to request a machine-readable summary of your personal data from us, so that you can transfer them to another service provider.
Right to lodge a complaint: You have the right to complain to the supervisory authority if you think we are in violation of your rights, in violation of GDPR, or the Finnish law regarding personal data protection. The supervisory authority in this case is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland.
Right to object to direct marketing: You have the right to object to using your personal data for direct marketing purposes.
# Duration of processing
Analytic services we use for the visitor information retain data for up to 26 months. Email addresses submitted by the users are retained until the user unsubscribes. If a subscriber requests a permanent opt-out from any future marketing then opt-out address is retained until the person in question requests to be removed from the opt-out list.
# Data recipients
Visitor information is processed only by named employees of Badrap Oy, who are responsible for developing and maintaining the website. Email addresses and subscriptions are processed by our sales and marketing personnel. Currently we employ no subcontractors or other third parties to process any personal information.
# Data transfers outside of EU
Content delivery services utilize geographically distributed servers in order to deliver the content efficiently, making it difficult to determine the actual location where short-lived visitor data automatically submitted by the web browsers is stored.
External services used by us for content delivery, analytics and marketing do collect and process data outside of EU. Where possible we have configured these services to anonymize collected IP-addresses. We use only service providers that comply with an adequate level of data privacy as required by the GDPR and that are committed to following relevant EU regulation
# Automated individual decision-making
Your personal data is not used for automated individual decision-making or profiling.
# Data protection principles and measures