2. Privacy policy

Privacy policy

Updated 21 October 2020

This privacy policy describes how we, as a registrar, process the personal data of our customers and users of our online service and how the processing of personal data may be influenced by the user.

The processing of personal data follows the applicable legislation in force.

Registrar

Innovaate Oy
Business ID: 2445065-5
Iso-Heikkiläntie 6, 3rd floor
20200 TURKU

Personal information to be collected

As a registrar, we collect and process personal data only to the extent necessary to fulfill the purposes described in this privacy policy.

The personal information collected and the scope of its processing will vary depending on the relationship between the registrar and the customer or user of the online services, the permissions and denial concerning the processing and marketing and the cookie and tracking settings of the browser used.

Personal data submitted

The personal data submitted to the registrar by the customer or user of the online services in different contexts, such as when subscribing to a product or newsletter or registering for the online service, may include, for example:

  • name and contact information
  • order and billing data, e.g. information on the payer and recipient of the order, as well as their e-mail address and telephone number
  • customer service data, e.g. customer feedback, communication with customer service
  • permit data, e.g. information on marketing authorizations or other authorizations and prohibitions related to the use of personal data
  • information on responses to surveys, inquiries or competitions carried out by the registrar or its partners
  • phone data, e.g. customer service calls
  • data collected from online service use

Data collected about the use of the online services may include:

  • user-specific data, e.g. browser version, device type, or screen size
  • data about online service use, e.g. information about page downloads, time spent at online services, navigation in online services or content viewed
  • data about web pages opened through customer communication
  • location data collected from an ip address with country accuracy
  • data collected by social plugins or other third parties
  • the user of the online services may be identified by a digital identifier created in the services when the customer logs in or arrives at the online service through targeted customer communications such as a newsletter

Data about the use of online services is collected by using cookies. You may want to read more about our cookie policy.

Derived and combined data

In order to provide better services to its customers and users of the online service, the registrar may process the personal data collected by analyzing them using different statistical methods and by combining data collected from different sources.

The above methods can be used to make assumptions about, for example, interests, gender, age group, buying behavior, or other similar characteristics. These assumptions are based on the information provided or collected mentioned in the previous paragraph. To ensure the protection of consumer privacy, the registrar does not make assumptions about information that is considered sensitive.

The registrar shall ensure the protection of the privacy of its customers or users of the online services by taking special care in the management and aggregation of data described above, so that the privacy of customers or users of the online services is not exposed to abuse.

Purposes of personal data use and the legal basis for processing

The registrar collects personal data for customer relationship management, product and service development, and commercial purposes.

Customer relationship management

The registrar uses customers' personal data for various measures necessary for the management of the customer relationship, such as:

  • delivery of product orders
  • customer relationship maintenance or customer communication
  • customer service or other customer support
  • billing
  • to conduct competitions or draws.

The processing of personal data for the purpose of managing a customer relationship is based on an agreement between the registrar and the customer on the delivery of a product or service or on another measure forming a customer relationship.

The customer has the opportunity to influence the processing of personal data in order to manage the customer relationship by contacting customer service.

Development of products and services

The registrar uses the information of customers or users of online services to develop products or services and to improve the quality and provision of the service. Measures taken to develop products or services can be, for example, product or content recommendations or personalization of services.

The processing of personal data for the development of products and services is based on the legitimate interest of the registrar to exploit the data for the benefit of its customers and users of its online services.

The user of online services can influence the use of information in the development of products and services with cookie settings.

Commercial uses

The registrar may use the information of customers or users of online services for marketing, advertising or other commercial activities. The information can be used, for example, to target advertising, direct marketing or display ads on third-party platforms.

The processing of data for commercial purposes is based on the customer's consent for electronic direct marketing. For other advertising and product recommendations, the processing of personal data is based on the legitimate interest of the registrar.

The customer can influence the targeting of advertising in customer service. The user of the online services can influence the targeting of advertising with cookie settings or third-party ad displays by adjusting the platforms' own ad settings.

Sharing and disclosure of personal data

The registrar uses personal data to fulfill the purposes described above in the section Purposes of personal data use and the legal basis for processing. In addition, the registrar may use the services of third parties, in which case the registrar shall ensure the lawful processing of the data through contractual arrangements and instruct third parties on the processing of the data.

The registrar may share or disclose personal data to third parties, for example in the following situations:

  • When applicable law requires the disclosure of personal information. The disclosure of personal data may then be necessary, for example, at the request of an authority or for the purpose of legal proceedings.
  • For a marketing action, research, or delivery of materials. Such service providers always act on behalf of and under the control of the registrar. The registrar will never sell or transfer personal data for marketing to third parties in such a way that third parties can use the personal data for marketing independently.
  • The registrar may disclose personal data to third parties if this is necessary to guarantee the rights or security of the registrar and the customer or user, to investigate fraud or to respond to government inquiries.

Transfer of personal data outside the EU / EEA

As a general rule, the registrar will not transfer or process data outside the European Union or the European Economic Area. If data is exceptionally transferred outside the EU / EEA, an adequate level of protection of personal data will be ensured in accordance with the applicable legislation.

Retention of personal data

The registrar shall keep the personal data for as long as is necessary for the purposes defined in paragraph 3. However, existing legislation, such as accounting or other mandatory legislation, may oblige the retention of personal data even after the purpose of the processing has ended. In such situations, retention shall be in accordance with the retention periods specified in the applicable legislation.

The rights and ways of the individual to influence the processing

The registrar undertakes to ensure the protection of the privacy of customers and users of online services and their rights under data protection legislation. Listed below are the most important rights and influence of customers regarding the processing of personal data:

  • The customer has the right to view personal information about himself and the right to request corrections to incorrect information.
  • The customer has the right to request the deletion of personal data concerning him / her as far as possible within the framework of other legislation.
  • The customer has the right to transfer certain personal data concerning him to another registrar.
  • The customer has the right to prohibit direct marketing or object to the processing of his personal data for direct marketing purposes. In addition, the customer has the opportunity to influence which channels direct marketing takes place.

For requests related to the rights described above, you can contact the registrar's customer service.

The user of the registrar's online service has the right to influence the use of cookies and other similar technologies in the registrar's services. For more information on the use of cookies and the potential impact they may have, see the registrar's cookie policy.

Information security

The registrar shall ensure the secure processing of personal data by appropriate data security measures. Personal data is protected from loss, destruction, misuse, unauthorized access and disclosure. Secure processing is ensured, for example, by restricting access to data and ensuring that our employees and subcontractors use personal data in accordance with the instructions and agreements provided.

Changes to the Privacy Policy

The registrar reserves the right to update this privacy statement due to, for example, the development of services or mandatory legislation. Changes and updates to the privacy statement will be announced in the online service.