Innoflame as a processor of personal data

Home / Data Protection at Innoflame / Innoflame as a processor of personal data

Data protection in general

Data protection in Innoflame Oy’s operations:

  • Our customers’ privacy is very important to our business. We are committed to protecting the privacy of personal data and processing it appropriately and with a high standard of quality in all processing situations. We regularly work on both data protection and information security and enhance our operations to improve on these areas and entities.
  • The privacy statements are available to everyone on our website and, if necessary, we will send the information to the data subject upon request. The data protection documentation may be updated if necessary, and we will announce changes on the website. The privacy statement shows the date when it was last updated.
  • We actively follow the data protection practices in our field and ensure a high standard of data protection competence among our personnel. Competences are considered according to each person’s role – if a person’s job requires them to process significant amounts of personal data, they must have a high level of competence.

Processing personal data:

  • We have analysed the processing of personal data and the related processes in our operations. We have prepared an internal description of processing activities within the organisation. For data processing based on a legitimate interest, we have prepared a balance test to ensure that the legitimate interest is appropriate. We take a risk-based approach to processing personal data, and we regularly assess the threats and risks of processing personal data. We have conducted impact assessments if we have identified a high risk to the data subject due to the processing.
  • We do not process or retain personal data unnecessarily, and we erase all unnecessary data. Only a limited number of personnel process personal data, and the data can only be accessed by personnel whose job description requires them to process it. We use roles to limit the processing of personal data in different systems. This means that we only use the personal data that is necessary at the given time.
  • We process personal data in accordance with data protection principles, which we employ on a practical level in our operations. We have trained our personnel to act in accordance with the principles.

Information security

  • In addition to the processes related to processing personal data, we have paid attention to technical solutions to ensure that we only use secure technologies.
  • We require all our subcontractors and contractual partners to meet our quality requirements.
  • We ensure that firewall and antivirus solutions are up to date on all of our devices
  • We have implemented multi-factor login.
  • Our personnel are trained, and we use reliable, up-to-date systems and equipment.
  • We engage in continuous research and development work to ensure that information security is up to date.

Innoflame Oy’s role

  • Innoflame can act as both a controller and a processor of personal data.

Innoflame as a processor of personal data

Innoflame Oy acts as the processor of personal data for GoKeep online stores, reward shops and the redemption of gift vouchers.

The data controller is the party that has authorised

  • the client to order a voucher
  • from an online store


When we process personal data, we always comply with the same data protection principles, whether our role is controller or processor. We protect personal data using technical and organisational operating models, and the personnel involved in processing personal data have been trained in processing personal data.

We have prepared data protection and information security policies to guide the processing of personal data. The processing is planned and takes risks into account.

As a processor of personal data, we have drawn up a written agreement on the processing of personal data, and the controller can supplement the agreement with instructions on a case-by-case basis in accordance with the EU’s General Data Protection Regulation.

Data subjects should contact the controller to exercise their rights. If we receive a request from the data subject as the processor, we will forward it to the controller.

If necessary, we will help the controller, for example, in situations where a data breach occurs or in other reports.

As a processor of personal data, we may use subcontractors to deliver the order and related activities. If you would like to know more about our role as a processor, please contact tietosuoja@innoflame.fi