OIKIO’s Privacy Policy for Customers

30.1.2023

Controller

OIKIO Digital Performance Agency Oy (“OIKIO”)
Business ID: 2754417-1
Eerikinkatu 27
00180 Helsinki

Contact person for registry matters

Jari Puhakka, Data Protection Officer
Fonecta Oy
Firdonkatu 2T 151, 00520 Helsinki, Finland
tietosuoja@fonecta.com

Purpose and legal basis for processing personal data

The purpose of processing personal data is to provide services to customers, manage customer relationships, manage contractual relationships with partners and service providers, invoicing and development, communications related to customer and partner relationships and contractual obligations, monitoring and development of services, marketing of services and business development.

Personal data is also used for electronic direct marketing, for example to send newsletters.

We analyse the use of our website using cookies and similar technologies. We use cookie information to improve the functionality and usability of our websites and to target marketing on our own and third-party websites.

The legal grounds for processing personal data are the performance and preparation of a contract and the legitimate interest in the exercise and development of business activities and the marketing of services. For direct marketing and cookies, the processing basis is the consent of the data subject.

What data we process

In the context of the customer register, we process information about our customers, service providers and contact persons of our stakeholders. For cookies, we process the domain name information of visitors to our website.

The personal data we process consists of the following: name and contact details, name of the organisation, language, correspondence with contact persons, information relating to the customer or business relationship, information relating to billing and collection, information about direct marketing prohibitions and authorisations, information about newsletter subscriptions and information relating to feedback and contacts.

For cookies, we may process the following information: time and location, language, organisation, time zone, IP address, Google Analytics ID and website behaviour.

Where do we get the information

Data on customers, service providers and stakeholders is generally obtained from the data subjects themselves.

Web browsing data is collected from visitors to the OIKIO website using cookies and other similar technologies.

Data may also be obtained or acquired from the population register (address updates), public authorities, contact information providers or other public sources, as well as from contacts made by the data subject through social media services.

Recipients of personal data and transfer of data outside the EU or EEA

Personal data will not be disclosed to third parties for commercial purposes. Personal data may be disclosed as required by law to comply with the obligations of public authorities, to respond to a request from a public authority and in connection with corporate restructuring.

We mainly process the data ourselves, but we also use service providers who process personal data on our behalf. Such service providers include IT service providers who provide technical maintenance of systems and servers. We have ensured data protection with our service providers, for example by drawing up processing agreements for the processing of personal data.

Personal data may be stored and processed both in the EU/EEA and outside the EU/EEA, for example on the service provider’s servers in the United States. Where personal data is processed outside the EU/EEA, we will ensure that the service provider is committed to the safeguards required by data protection legislation, such as standard clauses adopted by the EU Commission.

Principles of personal data protection and retention period

Personal data is treated confidentially and the processors are bound by confidentiality. 

Access to systems containing personal data is restricted to those employees whose job description requires it.

Personal data is protected by appropriate technical and organisational measures, including access control, software security updates and backups. Each user has his/her own username and password for the systems. Data is processed in databases protected by firewalls, passwords and other technical means. Access to the databases and their backups is restricted to certain predefined persons. No hard copies of the customer register data are kept.

Data processing times have been designed to limit processing to the data necessary for each purpose. As a general rule, personal data relating to contractual relations are stored in the systems for a maximum of 2 years after the end of the contract. Personal data relating to payment transactions and invoicing are processed as part of OIKIO’s accounting material for the period defined by the Accounting Act, which is six years from the end of the calendar year in which the financial year ends. The data necessary for the processing of feedback and complaints are kept for the period required for the processing of the case, which typically does not exceed 2 years. Data relating to subscriptions to newsletters are kept only for the duration of the subscription, after which they are deleted. For information on cookie retention periods, see the Cookie Settings page.

We regularly assess the need to retain data, taking into account applicable legislation. In addition, we will take reasonable steps to ensure that no personal data relating to data subjects which are incompatible with the purposes of the processing, outdated or inaccurate are kept in the register. We will correct or delete such data without undue delay.

Your rights as a registered user

You have the right to inspect the personal data stored about you and to request the rectification of inaccurate or inaccurate information or the erasure of your personal data, if there are grounds required by law. If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.

OIKIO may, on its own initiative or at your request, supplement, correct or delete incomplete, inaccurate or outdated personal data.

To the extent that you have submitted data to the register that is processed on the basis of consent or a contract, you have the right to receive such data in machine-readable form for yourself and the right to transfer this data to another controller.

For specific personal reasons, you have the right to object to the processing of personal data concerning you where the processing is based on a legitimate interest of OIKIO or is necessary for the performance of a task carried out in the public interest. When making your request, you should identify the specific situation on the basis of which you object to the processing. OIKIO may refuse to comply with the request only on the grounds provided for by law.

You have the right to request restriction of the processing of your personal data and the right to lodge a complaint with a supervisory authority. The supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja(at)om.fi).

Automated decisions and profiling

You have the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects concerning you or similarly significantly affects you.

The personal data described in this Privacy Policy are not subject to automated decision-making and are not used for profiling purposes.

Who you can contact

Inquiries and requests concerning the processing of personal data described in this Privacy Policy can be addressed to the contact person indicated at the beginning of this Privacy Policy.

Please contact us in writing or in person.

Changes to the Privacy Policy

OIKIO may update its Privacy Policy regarding the personal data of its customers due to changes in its operations or legislation. The date of the most recent update is indicated at the beginning of the Privacy Policy.