With this privacy notice we deliver information on how and why Cadmatic Oy and our subsidiaries (hereinafter “Cadmatic” or “we”) processes personal data when providing services.
1. WHAT DEFINITIONS ARE USED IN THIS PRIVACY NOTICE?
Controller means a party that is in charge of the personal data processing activities.
Data subject is a term for a human being in accordance with data protection laws.
Legal basis for processing means the legal basis with which the controller processes personal data of a data subject. Article 6 of the GDPR contains provisions on legal basis for processing.
Personal data means any data concerning a data subject or data with which a data subject can be identified with.
Privacy Notice means a data protection document that has been drafted according to Articles 13 and 14 of the GDPR, and with which the controller may inform its data subjects of the ways their personal data is processed.
Processor means a party that processes personal data for and on behalf of the controller.
Profiling means any form of automated processing of personal data to evaluate certain personal aspects of the data subject.
Purpose for processing means the reason why the controller processes personal data of a data subject.
2. CONTROLLER‘S CONTACT INFORMATION
Cadmatic Oy acts as the controller of your personal data.
If you have any questions in regard to this Privacy Notice you can be in contact with us:
- Ari Eronen
- Phone number: +358 400 352 581
- Email address: privacy.policy@cadmatic.com
Please send an email to privacy.policy@cadmatic.com for enquiries related to personal data corrections and changes as well as data requests.
3. WHY DO WE PROCESS YOUR PERSONAL DATA?
We process our customers’ personal data when providing and developing our services, in our communications, and for us to be able to comply with provisions of legislation applicable on us.
Our legal basis for processing personal data depends on the purpose for which we process personal data. We use the following legal bases for processing personal data: (i) our contractual obligations towards our customers, (ii) legal obligations that stem from applicable legislation, (iii) consent from data subjects related to provision of our services and (iv) our legitimate interest for the development of our services and for communications.
In our operations we process the following personal data: name, basic and contact information, date of birth, information relating to the use of our services, activities on our websites, IP address, areas of interest and purchasing history and possible other information and personal data.
In addition, we may monitor and collect data about how you use our services during a free trial period. This processing activity includes monitoring technical and behavioral information such as the frequency of use of our services. This data is processed for the purpose of improving our services and for supporting user onboarding. We are always asking for your consent regarding this processing activity, see our cookie notice for further details [hyperlink to cookie notice].
4. FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data from you personally (incl. the from the terminal device and browser you use) when you use our services, and from our partners (e.g. compliance tools), authorities and other publicly available sources (such as the trade register).
5. DO WE DISCLOSE OR TRANSFER YOUR PERSONAL DATA?
By principle we do not disclose your personal data to third parties. However, if we are required by mandatory law or governmental authorities to disclose your personal data, we will assess the legality of such disclosure on a case-by-case basis.
We do share, i.e. transfer your personal data to others as part of our normal business activities when using various digital services. For example, we use the following digital services provided by data processors, which involve the processing of personal data: data storage services (e.g. cloud services), communication services (e.g. e-mails) and compliance tools. When transferring personal data, we ensure that transfers are made in a data secure manner and in accordance with adequate data protection agreements.
6. DO WE PROCESS YOUR PERSONAL DATA OUTSIDE OF THE EU OR THE EEA?
Your personal data may be processed in third countries outside the EU or the EEA. In these situations, we ensure an appropriate level of data protection by, for example, using standard clauses provided by the commission, or other similar arrangements. In these situations, our subsidiaries may have access to your data.
7. WHY AND HOW DO WE USE PROFILING IN THE PROCESSING OF PERSONAL DATA?
We may use profiling in provision of our services. We use profiling in our aim to know our customer by use of different digital services that allow for an automated know your customer process. As we have a large customer base, we cannot complete a know your customer process appropriately solely manually in this regard.
By profiling we aim before all else to ensure to recognize our customer’s way of using the services so that we can develop our services.
The profiling is done automatically by combining the customer’s different personal data with data related to the usage of our services.
8. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
Personal data is retained for as long as is deemed necessary to achieve the purposes of the processing of personal data.
We regularly assess the necessity of the personal data in our registers and keep log of all verification controls.
9. WHAT ARE YOUR RIGHTS CONCERNING DATA PROTECTION?
You may have the right to use the below listed data protection rights under the EU’s General Data Protection Regulation (679/2016):
- Right of access (art. 15)
- Right of rectification (art. 16)
- Right to erasure (art. 17)
- Right to restriction of processing (art. 18)
- Right of data portability (art. 20)
- Right to object (art. 21)
- Right to oppose automated individual decision-making, including profiling (art. 22)
Contacts that refer to the data subjects’ rights shall be done in writing to the controller. Your rights may be implemented only when we have verified your identity in an appropriate way.
You may also have a right to lodge a complaint with the data protection authorities, if you think that the processing of your personal data infringes data protection laws.
10. CAN THE PRIVACY NOTICE BE MODIFIED?
We can unilaterally modify this Privacy Notice. We will update the Privacy Notice when necessary, for example when changes occur in the legislation. Changes that are made to the privacy notice enter into force immediately when we publish an updated version of the privacy notice on our website.
If we make remarkable changes to the Privacy Notice or if of the use of Privacy Notice changes remarkably, we will inform the data subjects of the changes.
(Last updated 19.5.2025)