Privacy policy.

Information related to privacy and personal registers as part of Embassy of Design Oy’s research activities.

This is the Registry and Privacy Statement of Embassy of Design Oy in accordance with the EU General Data Protection Regulation (GDPR). Last edit 31.05.2021.

1. Register controller:

Embassy of Design Oy
Pursimiehenkatu 26 C, 00150 Helsinki

2. Registrar:

Antti Mäkelä, partner, co-founder
mail. antti.makela@embassyofdesign.fi
tel. +358 50 3091455

3. Purpose of the register:

The legal basis for the processing of personal data under the EU General Data Protection Regulation is the study participant’s written consent. Embassy of Design will always collect the written consent of the participant for processing personal information as part of a research project.

The purpose of the processing of personal data is customer research. Participant information will not be used for automated decision making or profiling. Embassy of Design uses a separate consent form for each conducted research project, where the participant shall always find detailed information about what information will be collected and how that information will be handled.

4. Basis for data collection and data processing:

Embassy of Design Oy aims to collect personal data only to the extent necessary or relevant for the research. All the personally identifiable information collected will be presented in a consent form sent to the participant prior to the commencement of the study. No research information may be derived from an individual unless specifically stated or agreed in writing with the participants.

5. Content of the register:

The register will store the identifiable information necessary for studies conducted by EOD for itself and its clients. Such information can be but is not limited to participant’s name, e-mail address and telephone number.

6. Data handling and data retention

The data will be anonymised after collection.

The retention period of the data is determined by the study that determines the need to collect it. The exact date of deletion and destruction of the data will be communicated to the study participants in the consent form.

7. Sources of information:

The information stored in the register is obtained from the customer e.g. messages sent via web forms, e-mail, telephone, via social media services, contracts, customer meetings and other events in which the customer discloses their information.

Contact information for companies and other organisations can also be collected from public sources such as websites, directory services, and other companies.

In some research projects, the client who commissioned the assignment provides Embassy of Design Oy with a customer register, on the basis of which the selection of participants is performed.

8. Regular disclosures and transfers outside the EU or the European Economic Area:

Personal data will not be passed on to third parties without the personal written consent of the participant. The results of the investigation are always delivered to the subscriber in such a way that the identity of the defendant cannot be identified from them. Embassy of Design Oy does not disclose information outside the EU or the European Economic Area.

9. Use of cookies:

Embassy of Design Oy does not collect cookies for research purposes. Embassy of Design may collect cookies from its website visitors. Visiting Embassy of Design’s website is not mandatory for study participants.

10. Registry security:

All Personal Registers related to research projects are temporary. The anonymisation plan and consent form will indicate individually for each study when this information will be destroyed.

11. Automatic decision making:

Embassy of Design Oy does not make automatic decisions for research purposes.

12. Data subject’s rights:

Persons whose information Embassy of Design Oy has registered have the following rights:

  • the right to verify their personal data and, if necessary, to request their rectification, erasure or transfer from one system to another

  • the right to restrict or object to the processing of their data

  • the right to withdraw previously given consent to the processing of data

  • the right to lodge a complaint with the supervisory authority

  • the right to prohibit the use of their data for marketing purposes