JOINT CONTROLLERSHIP PRIVACY STATEMENT: FACEBOOK PAGES
This privacy statement applies only to the situations where Compensate Operations Oy (hereinafter referred to as “Compensate” or “we”) and Facebook Ireland Ltd (hereinafter referred to as "Facebook") act as joint controllers when you visit our
Below you will find a description of how Compensate and Facebook handle your personal data when you visit the Facebook page. We would like to point out that you use this Facebook page and its functions within your own responsibility. This applies in particular to the use of interactive functionalities (e.g., commenting, sharing, rating).
1. Joint controllers
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
You can contact the data protection officer of the primary controller Facebook
Compensate Operations Oy
Lönnrotinkatu 7 B,
I Processing of personal data by Facebook
Facebook processes the data according to its privacy principles and statement. You can find it
Where your interaction with the Facebook page and the content associated with it triggers the creation of an event for so called “Page Insights”. Page Insights gives us information about the performance of the Facebook page, like demographic data of our audience and how people are responding to our posts. More information about Page Insights
Facebook assumes primary responsibility under the General Data Protection Regulation (hereinafter referred to as the “GDPR”) or other applicable privacy legislation for the processing of Page Insights data and fulfils all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). In addition, Facebook makes the essentials of this Page Insights supplement available to the data subjects. The corresponding "Page Insights Controller Addendum" can be found )
II Processing of personal data by Compensate
2. How we collect data
We are active in social networks in order to communicate with interested parties and active Visitors and to inform them about our products, events and news. We mainly process the following types of data: Visitor Data and Analytics Data.
2.1 Visitor Data
We have access to your name, your public profile picture and all other public information on your Facebook profile. In practice, this is the information that is visible to others, too. You may also give additional personal data to us by commenting or by Facebook messenger.
Your Visitor Data is being used, for instance:
- To provide you services
- For customer communication and marketing
- Social media campaigns and competitions
- For quality improvement and trend analysis
- To buy advertisements from Facebook and measure their efficiency.
We will not transfer the personal data to other services than those of Facebook without a separate consent.
2.2 Analytics Data
When you access our Facebook page, your browser transmits certain technical data to the web server for which Facebook is responsible. Facebook also uses so-called "cookies". Cookies are small text files that are stored in the memory of your device via your browser. Cookies set by Facebook are intended, among other things, to enable Compensate, as the operator of the Facebook page, to obtain statistics for the purpose of controlling the marketing of our activities, which Facebook compiles on the basis of visits to this page.
2.2.1 Facebook Page Insights
Compensate may use the Facebook Page Insights function, which Facebook makes available to us free of charge as an indispensable part of the user relationship, to obtain anonymous statistical data regarding visitors to our Facebook page. This data is collected using cookies set by Facebook, which each contain a unique user code and that are stored by Facebook on the visitor's device. The user code that can be linked to the login information of those Visitors that are registered on Facebook is collected and processed when they visit the Facebook Page.
3. How we use Analytics Data
We use the analytics data we collect for quality improvement and trend analysis and for customer communication and marketing.
In particular, Compensate may receive demographic information provided by Facebook about its target audience - and thus the processing of that information - including trends in age, gender, relationship status and professional situation, information about the lifestyle and interests of its target audience, and information about the purchases and online purchasing behaviour of visitors to its site, the categories of goods or services that interest them most, and geographic information that informs it of where to conduct special promotions or organize events and generally enables it to target its information offering as effectively as possible.
Although the Visitor statistics compiled by Facebook are transmitted exclusively in anonymous form to Compensate as the operator of the Facebook page, the compilation of these statistics is based on the previous survey - using cookies set by Facebook on the Visitor's device - and the processing of the personal data of these visitors for these statistical purposes. More information about Facebook Page Insights can be found
It also provides information about the Facebook groups associated with our Facebook page.
4. Legal grounds for the processing
The reason for the use of the Visitor Data and Analytics Data is mostly our legitimate interest to run, maintain and develop our operations and to create and maintain customer and other business relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g., provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.
We may also process your personal data when you have consented us to do so or to fulfill our contractual obligations or in order to comply with our legal obligations.
5. How we may share your personal data?
We only share your personal data within our organization if and as far as reasonably necessary for the purposes of this Privacy Statement. Most of the data we share is anonymized and aggregated data for data analysis purposes. For example, we might analyze the views of different websites.
We do not share your personal data with third parties outside of our organization unless one of the following circumstances applies:
For the purposes set out in this Privacy Statement and to authorized service providers
To the extent that third parties need access to the Visitor Data for us to provide the Services, we provide such third parties with your data. Furthermore, we may provide your personal data to our affiliates or to authorized service providers who perform services for us (including, for instance, data storage, accounting, payment, sales, and marketing service providers).
When your personal data is processed by third parties as data processors on behalf of Compensate, Compensate has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Statement and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures.
Please bear in mind that if you provide personal data directly to a third party, such as through a link somewhere on our website, the processing is typically based on their policies and standards.
For legal reasons and legal processes
We may share your personal data with third parties outside our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (I) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, crime, security or technical issues; and/or (iii) protect the interests, properties or safety of Compensate, the Visitors or the public as far as in accordance with the law. When possible, we will inform you about such processing.
For other legitimate reasons
If Compensate is involved in a merger, acquisition or asset sale, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all the Visitors concerned when the personal data are transferred or become subject to a different privacy statement.
With your explicit consent
We may share your personal data with third parties outside Compensate when we have your explicit consent to do so. You have the right to withdraw this consent at all times.
6. Transfer to countries outside the European Economic Area (EEA)
We use service providers in several geographical locations. As such, we and our service providers may transfer your personal data to, or access it in, jurisdictions outside the EEA and your domicile.
We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which they are processed. We provide adequate protection for the transfers of personal data to countries outside of the EEA through a series of agreements with our service providers based on the
7. How long we will store your data
Compensate does not store your personal data longer than is legally permitted and necessary for the purposes of this Privacy Statement. The storage period depends on the nature of the information and the purposes of the processing. The maximum period may, therefore, vary per use. When the processing of your personal data is no longer necessary for the purposes they were collected, we will delete or anonymize the personal data relating to you in a secure manner.
8. Your rights
Facebook and we have agreed that Facebook is responsible for providing you with information about the processing for Page Insights and for enabling you to exercise your rights under the GDPR. Under the GDPR, you have the right to
Your privacy rights are important to you. In relation to the data Compensate processes under this privacy statement, you have
right to access
right to withdraw consent
right to rectify
right to erasure
right to object
right to restriction of processing
right to data portability.
All the rights are outlined more in detail in Section 8 of our
Please note that, as stated above, Compensate may not be able to provide you with all the information under this privacy statement because we are jointly responsible for processing your personal data.
How to use your rights
The aforementioned rights may be used by sending a letter or an e-mail to Facebook or to us on the addresses set out above, including the following information: full name, address, and e-mail address. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection. Facebook and Compensate have agreed that the Irish Data Protection Commission is the lead supervisory authority responsible for overseeing the processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (please see at
In Finland, the local supervisory authority is the Data Protection Ombudsman (
9. Direct Marketing
You have the right to prohibit us from using your personal data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the unsubscribe possibility offered in connection with any direct marketing messages. You can prohibit Facebook from using your data for advertisements on your profile settings.
10. Information security
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities, and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. We regularly test our systems, and other assets for security vulnerabilities.
Should despite the security measures, a security breach occurs that is likely to have negative effects on your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.
More information on how we process your data please visit our