Customer Privacy Policy

Customer Privacy Statement

10.11.2022

Controller

OIKIO Oy (”OIKIO”)
Business ID: 2754417-1
Eerikinkatu 27
00180 Helsinki

Contact person for registry matters

Jari Puhakka, Data Protection Officer
Fonecta Oy
Firdonkatu 2T 151, 00520 Helsinki
tietosuoja@fonecta.com

Purpose and legal basis for processing personal data

The purpose of processing personal data is to provide services to customers, to manage customer relationships, to manage contractual relationships with partners and service providers, to invoice and develop services, to communicate with customers and partners and to fulfil contractual obligations, to monitor and develop services, to market services and to develop business.

Personal data is also used for direct electronic marketing purposes, for example to send newsletters.

We analyse the use of our website using cookies and similar technologies. We use cookie data to improve the functionality and usability of our websites and to target marketing on our own and third-party websites.

The legal grounds for processing personal data are the performance and preparation of a contract and legitimate interests in the conduct and development of our business and the marketing of our services. For direct marketing and cookies, the processing basis is the consent of the data subject.

What data we process

In the context of the customer register, we process data of our customers, service providers and contact persons of our stakeholders. For cookies, we process the domain name information of visitors to our website.

The personal data we process includes: name and contact details, name of organisation, language, correspondence with contact persons, information relating to the customer or business relationship, information relating to billing and collection, information about direct marketing prohibitions and permissions, information about newsletter subscriptions and information relating to feedback and contact.

For cookies, we may process the following information: time and location, language, organisation, time zone, IP address, Google Analytics ID and website behaviour.

Where we get the data from

As a general rule, information about customers, service providers and stakeholders is obtained from the data subjects themselves.

Web browsing data is collected from visitors to the OIKIO website using cookies and other similar technologies.

Each Fonecta group company may disclose to other group companies and use personal data collected by other Fonecta group companies for the same purposes in its own business.

Data may also be obtained or acquired from the Population Register (address updates), public authorities, contact information providers or other public sources, as well as from contacts made by the data subject through social media services.

Recipients of personal data and transfer of data outside the EU or ETA

Personal data will not be disclosed to third parties for commercial purposes. Personal data may be disclosed as required by law in order to comply with the obligations of public authorities, to respond to a request from a public authority and in the context of corporate restructuring.

We mainly process the data ourselves, but we also use service providers we rely on to process personal data. Such service providers include IT service providers who provide technical maintenance of systems and servers. We have ensured data protection with our service providers, for example by drawing up processing agreements for the processing of personal data.

Personal data may be stored and processed both in the EU/EEA and outside the EU/EEA, for example on the service provider’s servers in the United States. Where personal data is processed outside the EU/EEA, we will ensure that the service provider is committed to the safeguards required by data protection legislation, such as standard clauses adopted by the EU Commission.

Personal data protection principles and retention period

Personal data are treated confidentially and the processors are bound by confidentiality obligations. Access to systems containing personal data is restricted to those employees whose duties require it.

Personal data is protected by appropriate technical and organisational measures, including access control, software security updates and backups. Each user has his/her own user name and password for the systems. Data is processed in databases protected by firewalls, passwords and other technical means. Access to the databases and their backups is restricted to certain predefined persons. No hard copies of the customer register data are kept.

Data processing times are designed to limit the processing to the data necessary for each purpose. Personal data relating to contractual relations are, as a general rule, stored in the systems for a maximum period of 2 years after the end of the contract. Personal data relating to payment transactions and invoicing are processed as part of OIKIO’s accounting material for the period defined by the Accounting Act, which is six years from the end of the calendar year in which the financial year ends. The data necessary for the processing of feedback and complaints are kept for the period required for the processing of the case, which typically does not exceed 2 years. Data relating to subscriptions to newsletters are kept only for the duration of the subscription, after which they are deleted. For information on cookie retention periods, see the Cookie Settings page.

We regularly assess the need to retain data, taking into account applicable legislation. In addition, we will take reasonable steps to ensure that no personal data relating to data subjects that are incompatible with the purposes of the processing, outdated or inaccurate are kept in the register. We will correct or delete such data without undue delay.

Your rights as a data subject

You have the right to inspect the personal data we hold about you and to request the rectification of inaccurate or inaccurate information or the erasure of your personal data, where there are grounds required by law. If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.

OIKIO may, on its own initiative or at your request, supplement, correct or delete incomplete, inaccurate or outdated personal data.

To the extent that you have provided data to the register that is processed on the basis of consent or a contract, you have the right to receive such data in machine-readable form for yourself and the right to transfer such data to another controller.

For specific personal reasons, you have the right to object to the processing of personal data concerning you where the processing is based on a legitimate interest of OIKIO or is necessary for the performance of a task carried out in the public interest. When making your request, you should identify the specific situation on the basis of which you object to the processing. OIKIO may refuse to comply with the request only on the grounds provided for by law.

You have the right to request restriction of the processing of your personal data and the right to lodge a complaint with a supervisory authority about the processing of your personal data. The supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja(at)om.fi).

Automated decisions and profiling

You have the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects concerning you or similarly significantly affects you.

The personal data described in this Privacy Notice are not subject to automated decision-making and are not used for profiling of individuals.

Who you can contact

Inquiries and requests regarding the processing of personal data described in this privacy statement can be addressed to the contact person indicated at the beginning of this statement. Please contact us in writing or in person.

Changes to the Privacy Policy

OIKIO may update the Privacy Policy regarding the personal data of its customers due to changes in its operations or legislation. The date of the most recent update is indicated at the beginning of the Privacy Policy.