Tikka Spikes Oy Privacy Policy
This document deals with how data protection matters are observed at Tikka Spikes Oy in accordance with the General Data Protection Regulation (GDPR) https://tietosuoja.fi/organisaatiot, which entered into force in all EU member states on May 25, 2018.
Information about what data we collect, how and why we do it, and how we process it
This privacy policy explains how we process your data if you:
- are our client, business partner, or a representative of either,
- are not (yet) our client but receive marketing communication from us,
- visit our website or
- report notification to our Whistleblow -channel.
We are always committed to protecting your privacy as described in this privacy policy.
Who are we and how can you contact us?
Your personal data is controlled by Tikka Spikes Oy. If you have any questions about matters related to privacy, please contact:
privacy@tikkaspikes.fi
What data do we process and why?
The following outlines the various types of personal data we process, the sources for each type of personal data, as well as the purpose and legal basis for processing said personal data.
If you are our client, business partner or a representative of either:
|
DATA TYPE |
SOURCE |
PURPOSE |
LEGAL BASIS |
||
|
Basic information such as name, language of service Contact information such as email address, phone number, company address details Information about the company and its contact persons, such as the business ID and the names, titles and contact details of the contact persons. |
You or your organization, civil registers, public authorities, contact information providers, |
Fulfilling our contractual and other promises and obligations , Provision of services, management of client relationship, billling |
Fulfilling our contractual and other promises and obligations |
||
|
Marketing our services (BtoB) |
Our legitimate interest to conduct business and develop it |
||||
|
Customer Surveys, Developing our products and services |
|||||
|
Accounting |
Legal obligation (Accounting Act) |
||||
|
Direct marketing bans |
You |
Respecting the customer’s wish regarding direct marketing |
Our legal obligation to comply with the prohibition on direct marketing |
||
|
Customer and contract information such as information about past and current contracts and orders, correspondence and other communications with you (incl. data relating to software and software platforms that enable communication or collaboration between two or more parties over an internet connection), payment information and information you voluntarily provide to our systems. |
You or your organization, credit reference agencies/banks |
Fulfilling our contractual and other promises and obligations |
Fulfilling our contractual and other promises and obligations |
||
|
Billing |
|||||
|
Customer relationship management |
Our legitimate interest in managing and developing the customer relationship |
||||
|
Accounting |
Legal Obligation (Accounting Act) |
||||
|
Information related to the events you attend such as registration details, special dietary requirements, invoicing information |
You |
Organising events |
Our legitimate interest to host events and, if necessary, to invoice |
||
|
Consent for health information (e.g. allergies) |
|||||
|
Information about the communication connection you use and the terminal device, such as IP address, device ID or other device-specific identifier, and cookie information. |
You |
Communication between You/Your company and us Targeting advertising on our online services |
Consent |
||
|
Customer relationship management |
Our legitimate interest in securing the communication between you and us |
||||
You are our potential customer, or you visit our website
|
DATA TYPE |
SOURCE |
PURPOSE |
LEGAL BASIS |
|
Basic information such as name, Contact details (email, phone number), |
You |
Marketing |
Your consent or our legitimate interest (marketing) |
|
Direct Marketing Consent Ban |
You |
Respecting the customer’s wish regarding direct marketing |
Our legal obligation to comply with the prohibition on direct marketing |
|
Information about the communication connection you use and the terminal device, such as IP address, device ID or other device-specific identifier, and cookie information. |
You |
Targeting advertising on our online services, analyzing the use of our webpages, smooth use of our webpages (language selection and analytics) |
Consent |
If you submit a notification to our Whistleblow- channel
The notification can be submitted anonymously. However, the whistleblower may be identifiable due to the nature and subject matter of the notification or on the basis of the information contained in it. To properly investigate notifications, we need to process the personal data described below, such as the data contained in the notification, the data of the parties involved in the reports and the witnesses involved. In addition, personal data is stored about the processors of notifications received through the channel, such as name, job title, email address, user IDs in the system and log data on the use of the system.
The notification channel is provided by Keski-Suomen Kauppakamari.
|
DATA TYPE |
SOURCE |
PURPOSE |
LEGAL BASIS |
|
Name contact and details (email, phone number) of the whistleblower if those have been given |
Notification, whistleblower |
The purpose of processing personal data is to implement a whistleblowing channel intended for reporting misconduct and to process reports received in it. The data is used to monitor and investigate misconduct and, if necessary, to establish, exercise or defend legal claims. |
Our legal obligation to comply with Act on the Protection of Persons Reporting Infringements of European Union and National Law (the Whistleblower Act) and the EU Directive on whistleblower protection |
|
Information in the report, such as the name and contact details of the subject of the report, a description of the violation or misconduct, time and place, and other factors deemed relevant by the whistleblower (depending on the nature of the report, the personal data processed may include personal data related to special categories of personal data) |
Notification, whistleblower |
||
|
Names and contact details of any witnesses or other persons involved in the case |
Notification, whistleblower, persons named in the notifications, witnesses, IT systems to gather information |
||
|
Other information given by the whistleblower |
Notification, whistleblower |
||
|
Information relating to submitting handling and processing of the notifications (number/progress status); possible communication with the whistleblower |
Notification, whistleblower, IT system were the notification is handled |
Who processes your data? Is data processed by third parties or outside the European Economic Area?
Your data is processed by Tikka Spikes Oy. We may disclose your data if it’s required by law to authorities, or to our financial or legal service providers.
We also use subcontractors, such as IT service providers to process and store personal data on our behalf.
The personal data is store in the server’s located in EU/ETA. However, it is possible due to technical implementation of IT-systems that data is processed or transferred outside the European Union or the European Economic Area unless. When personal data is processed outside the EU/EEA, we will ensure that the subcontractor is bound by the EU Commission’s Model Clauses or other legally approved safeguard on the processing of personal data.
General description of technical and organizational safeguards
Only those of our employees who are entitled to process customer data as part of their job are entitled to use the systems containing personal data. Each user has his/her own user name and password for the system and they are bound by confidentiality obligation. We’ve signed agreements with these partners ensuring they comply with GDPR data protection and security requirements.
Databases containing personal data are protected by passwords and access levels. The data is located in an environment protected by appropriate security software and technical arrangements. Manually processed documents containing customers’ personal data are kept in locked storage facilities.
How long do we keep your data?
We regularly assess the necessity of data retention in the light of applicable law. In addition, we will take reasonable steps to ensure that no personal data relating to data subjects are incompatible, outdated or inaccurate for the purposes of processing. We will correct or destroy such data without undue delay.
Personal data may be kept for longer than the below-mentioned retention periods if there is a specific reason to do so, such as in connection with suspected criminal offences and the related administrative investigation. In addition, after the end of the customer relationship, personal data relating to customer transactions may be kept for longer than the above-mentioned periods, in accordance with the retention periods required by the Accounting Act.
|
Data group |
Retention period |
|
Contact information etc. |
Duration of the relationship and thereafter 10 years (if it relates to contract) |
|
Information relating to contracts, business relationship etc |
Duration of the relationship and for maximum 10 years thereafter |
|
Information related to direct marketing (contact persons for businesses) |
Until you request to be removed from the mailing list and/or your email address is inactive |
|
Reclamations relating to customer relationship |
Duration of the relationship and thereafter 10 years (if it relates to contract) |
|
Cookies |
See cookie banner for additional information |
|
Whistleblow notifications |
5 years from receiving the notification |
What are your rights?
|
Right |
In which situations |
|
Check the information stored about yourself |
Always |
|
Request the correction of incorrect or outdated information |
Always |
|
Request the deletion of data |
Where the customer has withdrawn consent or where one of the other conditions set out in Article 17 of the GDPR is met. |
|
Withdraw consent |
Where processing is based on consent |
|
Object to the processing of data |
Where the processing is based on legitimate interests and involves a particular personal situation or where the data are processed for direct marketing purposes. |
|
Request restriction of processing (e.g. until requests for data are resolved and settled) |
If the accuracy of the data is contested or one of the other conditions set out in Article 18 of the GDPR is met. |
|
File a complaint about the processing of your personal data with the Data Protection Ombudsman |
Always |
The above requests, denials and cancellations may be made by sending them in writing to above mentioned contact person. The request must contain the name and contact details of the data subject. In order to ensure data protection, we may ask to prove your identity upon request.
We will respond to customer requests and enquiries about the exercise of data subjects’ rights within one month.
_________________________
UPDATE INFORMATION ON THE PRIVACY POLICY
|
DATE |
A BRIEF DESCRIPTION OF THE CHANGE |
|
1.11.2024 |
Clarified the structure of the notice; clarified the personal data to be collected, the purpose of the processing and the legal basis; updated the retention periods for the personal data to be collected. |