Data Protection at Innoflame

Home / Data Protection at Innoflame

Different groups of individuals and different types of processing are governed by different privacy practices.
Select the role below to view the corresponding privacy notice.

business Customer
Online store or direct sales
Consumer Customer
USER of the public online store
Internal online store
or points-store user
Gift card redeemer
Website visitor
Inno-bot virtual assistant user
Whistleblower channel user
Visitor at premises

Data protection inquiries: tietosuoja@innoflame.fi

Data protection in general

Data protection in Innoflame Oy’s operations:

  • Our customers’ privacy is very important to our business. We are committed to protecting the privacy of personal data and processing it appropriately and with a high standard of quality in all processing situations. We regularly work on both data protection and information security and enhance our operations to improve on these areas and entities.
  • The privacy statements are available to everyone on our website and, if necessary, we will send the information to the data subject upon request. The data protection documentation may be updated if necessary, and we will announce changes on the website. The privacy statement shows the date when it was last updated.
  • We actively follow the data protection practices in our field and ensure a high standard of data protection competence among our personnel. Competences are considered according to each person’s role – if a person’s job requires them to process significant amounts of personal data, they must have a high level of competence.

Processing personal data:

  • We have analysed the processing of personal data and the related processes in our operations. We have prepared an internal description of processing activities within the organisation. For data processing based on a legitimate interest, we have prepared a balance test to ensure that the legitimate interest is appropriate. We take a risk-based approach to processing personal data, and we regularly assess the threats and risks of processing personal data. We have conducted impact assessments if we have identified a high risk to the data subject due to the processing.
  • We do not process or retain personal data unnecessarily, and we erase all unnecessary data. Only a limited number of personnel process personal data, and the data can only be accessed by personnel whose job description requires them to process it. We use roles to limit the processing of personal data in different systems. This means that we only use the personal data that is necessary at the given time.
  • We process personal data in accordance with data protection principles, which we employ on a practical level in our operations. We have trained our personnel to act in accordance with the principles.

Information security

  • In addition to the processes related to processing personal data, we have paid attention to technical solutions to ensure that we only use secure technologies.
  • We require all our subcontractors and contractual partners to meet our quality requirements.
  • We ensure that firewall and antivirus solutions are up to date on all of our devices
  • We have implemented multi-factor login.
  • Our personnel are trained, and we use reliable, up-to-date systems and equipment.
  • We engage in continuous research and development work to ensure that information security is up to date.

Innoflame Oy’s role

  • Innoflame can act as both a controller and a processor of personal data.