With this Privacy Notice we provide you information about why and how we process your personal data in our business operations. Please note that we process personal data both as a controller and a processor (see Section 3 of this Privacy Notice for more information of our data processing activities as a processor).
We process your personal data for the following purposes:
- a) Customer relationships
- b) Direct marketing
- c) Communications
- d) Cookies
1. WHAT TERMS ARE USED IN THIS PRIVACY NOTICE?
Controller means the party responsible for processing the personal data of the data subject.
Data subject is a term for a human being in accordance with data protection laws.
End-User means a person using our service to order goods or services of a Service Provider.
Legal basis for processing means the legal ground on which the controller processes the data subject’s personal data. The lawfulness of processing is described in Article 6 of the GDPR.
Personal data means any information concerning the data subject or information by which the data subject can be identified.
Privacy notice means a document drawn up in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (hereinafter ”GDPR”), through which the controller informs data subjects of the ways their personal data is processed.
Processor means the party who processes personal data on behalf of the controller.
Purpose for processing means the reason why the controller processes the data subject’s personal data.
Service Provider means a person using our service to sell his goods or services to End-Users.
2. OUR CONTACT DETAILS
Loistava Interactive Oy (Business ID: 2562657-9) Keskiyöntie 15 A 3, 02210 Espoo
If you have any questions regarding the privacy notice, please contact Timo Kari ([email protected]).
3. WHEN ARE WE A PROCESSOR?
We are a processor with a Service Provider for certain personal data of its End-Users. We act as a processor for the personal data the End-Users provide to us when they order the Service Providers goods and products or marketing services through our Qstio service. For more information about the purposes for which the Service Provider processes your personal data, please be in touch with the Service Provider.
When we process personal data of End-Users on behalf of Service Provider, we comply with the provisions of our data processing agreement between us and the Customer.
4. WHY DO WE PROCESS YOUR PERSONAL DATA?
We process your personal data in accordance with the processing purposes listed below. In the sections on processing purposes, you will find information on what personal data we process and on what legal basis we process your personal data.
a) Customer relationships
Explanation: Personal data is processed to conclude and carry out customer relationships with Service Providers and End-Users. Category of data subjects: Contact persons of Service Providers and End-Users. Categories of personal data: Contact details, pictures and videos and customer relationship data. Legal basis for processing: Performance of our contractual obligations with the our customers.
b) Direct marketing
Explanation: Personal data is processed to provide direct marketing to End-Users who wish to receive it. Category of data subjects: End-Users. Categories of personal data: Contact details and customer relationship data. Legal basis for processing: Consent.
Explanation: Personal data is processed to carry out communications. Category of data subjects: People who contact us. Categories of personal data: Contact details and possible other data disclosed to us by the data subject. Legal basis for processing: Our legitimate interests, according to which we carry out our communications. Our interests are in line with those of the people who contact us, as they expect us to process their data for communications purposes.
NB! You may have a right to object data processing for these purposes (see section concerning your rights).
Explanation: Personal data is processed in cookies of our websites. Category of data subjects: People visiting our websites. Categories of personal data: IP addresses. Legal basis for processing: Consent based on the Act on Electronic Communications Services of Finland (917/2014).
Please have a look at our Cookie Notice for more information about cookies used in our websites.
5. FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data from different sources, depending on our purposes for processing personal data.
a) Customer relationships / b) Direct marketing / c) Communications
We collect your personal data for these purposes from yourself.
We collect your personal data by using cookies.
6. DO WE TRANSFER YOUR PERSONAL DATA?
We may transfer personal data to third parties as a normal course of our business. When personal data is transferred to third parties, we ensure that the transfers are carried out in a secure way and in accordance with adequate data protection agreements.
We may also transfer personal data to third countries. When doing so, we ensure an adequate level of data protection, e.g. by using standard contractual clauses issued by the European Commission, and other similar arrangements.
All personal data may be transferred to data storage and communications services providers. Accounting related data may be transferred to financial management services providers.
7. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
The retention period of your personal data depends on the purposes for which we process your personal data. We inspect the necessity of the personal data stored regularly and keep records of the inspections.
a) Customer relationships
We process and retain personal data for as long as our contractual relationship is in effect.
b) Direct marketing
Necessary data shall be retained for as long as we have your consent to provide you with direct marketing.
We will process and retain the necessary personal data for three (3) years after the contact.
The retention period depends on each cookie used.
8. WHAT DATA PROTECTION RIGHTS DO YOU HAVE?
You may have the right to use the below listed data protection rights. The contacts concerning the rights shall be submitted to the controller’s contact person. Your rights can be put into action only when you have been satisfactorily identified.
You may also have a right to lodge a complaint to the supervisory authority, if you think that the processing of your personal data infringes the data protection laws.
Right to inspect
The data subject has a right to inspect what data the controller has stored of him/her.
Right to rectify and erasure
The data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law.
Right to restriction of processing
The data subject can request the controller to restrict the processing of the personal data concerning the data subject on the grounds provided by law.
Right to data portability
The data subject shall have a right to receive the personal data concerning him/her, which he/she has provided to the controller, in a structured, commonly used and machine-readable format where the processing is performed automatically and based on consent or a contract.
Right to object
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him/her for such marketing.
Where personal data are processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning him/her for such purposes in accordance with the law.
Automated individual decision-making, including profiling
The data subject shall have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.
Right to withdraw consent
Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw his/her consent.
9. CAN THIS PRIVACY NOTICE BE AMENDED?
We may unilaterally amend this privacy notice. We update the privacy notice as necessary, for example, when there is a change in legislation. Amendments to this privacy notice will take effect immediately when we post an updated version on our website.
If we make significant changes to the privacy notice, or if there is a significant change in the way it is used, we will notify the data subjects.
(Last update 10.12.2020)