Privacy statement
Innoflame Oy online store privacy statement
Data protection and processing of personal data at Innoflame Oy
It is of utmost importance to maintain the privacy of our customers and staff. We are committed to protecting the privacy of personal data. We are working regularly on both data protection and information security, and develop our operations as needed to enhance these areas.
Our privacy statements and material describing the processing of personal data are available to all on our website and, if needed, we will provide the data subject with their data upon request.
Personal data are collected for different purposes and data content varies for different registers: our staff register, for example, contains different type of data with a different purpose of use than our customer register. This privacy statement describes the data collected in this register and the register-specific purposes of use in detail. Data protection documentation is updated as needed, and we inform our customers about any changes. The date when the privacy statement was last modified is mentioned on the privacy statement.
We have analysed, together with key persons processing personal data, what processing personal data refers to in our operations. We have, for example, defined what kind of data are collected and saved, and for how long the data will be stored. Personal data are not processed or stored without a purpose, and all unnecessary data are deleted. Legislation has been followed when defining the storage periods for personal data.
Persons who process personal data have also been restricted, and only members of staff whose duties require the processing of personal data are given access to the data. Different roles have also been used to restrict the processing of personal data in our various systems. This ensures that only required personal data are being used at each time. Personal data are not processed outside Innoflame.
Processing of personal data occurs in compliance with established principles, which are legality, reasonableness and transparency, purpose limitation, data minimisation and accuracy, and confidentiality. We comply with these principles in our operations in practice, and we have trained our staff to operate in compliance with the principles.
In addition to processes related to the processing of personal data, we have addressed our technical solutions and ensured that we only use secure technologies. We require all our subcontractors and contracting partners to comply with our quality standards.
We actively follow the data protection practices in our industry and ensure the high level of data protection competence of our staff. The competence takes into account the person’s role and, if it entails processing personal data to a significant extent, we require a high level of competence.
A data subject can exercise their rights by sending an e-mail or by filling out the form on our website. We respond to data requests as swiftly as possible and, if we are unable to fulfil the data subject’s request within one month for some reason, we will notify the data subject immediately.
Data subjects have the right to prohibit the processing of their data for the purposes of direct advertising, remote sales or other direct marketing as well as market and opinion polls. They also have the right to demand the correction of incorrect data by contacting the person in charge of register matters.
We are always happy to help with matters related to the processing of personal data, and our current contact details can be found on our website and on our privacy statement.
1. Data controller and responsible person
Innoflame Oy (business ID: 1055712-8)
Kornetintie 3
00380
Helsinki
Tel: +358 (0)20 5 669 601
Responsible person: Sami Savela
sami.savela(at)innoflame.fi
2. Register name
Innoflame Oy online store register
3. Purpose of use of the register
Personal data are processed as per pre-defined use cases, such as to execute and maintain an online store, to maintain customer relationships, for communication, to fulfil the data subject’s rights, to fulfil the rights and obligations of each party, to develop and analyse the data controller’s operations, for marketing, and to plan business operations.
Personal data included in the register may be used, as permitted by applicable law and subject to permission and prohibition, for the direct advertising, remote sales or other direct marketing, market and opinion polls, and other comparable addressed communications by the data controller and companies belonging to the same group at any given time as well as collaboration partners selected by the data controller.
4. Register content
Data necessary for the purpose of the register are processed within the register, such as:
- first and last name, company name
- business ID
- contact details (company and/or home address, phone number, e-mail address, country)
- photo
- start and/or end date of customer relationship
- login details for using services, credentials and identification information for electronic communications
- newsletter subscribers
- advertising campaigns, product information and guidelines as well as other communications targeting the data subject
- invoicing information
- selected payment method, identification information for payment instruments, purchase details
- communication related to the customership
- permissions and prohibitions for direct marketing, information related to targeted marketing
- user analysis data
- change/log details of the former identified data
5. Regular data sources and storage of data
Personal data are collected from customer enterprises, from data subjects themselves, and from the data controller’s systems when processing personal data.
Personal data may be collected and updated from the data controller’s registers, from those of companies belonging to the same group at any given time, and from collaboration partners of the data controller.
Data will be stored only for the period that is necessary for fulfilling the need as per the purpose of use.
6. Register protection
Databases containing register data are protected by technical means, such as firewalls and passwords, and are stored in locked premises. Manual data are processed only in locked premises, and manual archives are kept in locked premises with restricted access.
The data controller ensures that access to data containing personal data is only granted to such members of the data controller’s staff or staff of companies working for the data controller that require it for executing their duties.
7. Data release and transfer
The data controller may release data as permitted and obligated by applicable law to parties such as collaboration partners selected by the data controller for marketing purposes, unless the data subject has prohibited such release of their data.
Data are not transferred outside the European Union or outside the European Economic Area. The data controller ensures the level of data protection as required by law.
8. Cookies
Innoflame Oy online store uses cookies. A cookie is a small text file the browser saves on the user’s terminal device. A cookie contains an anonymous unique identifier that enables the identification of the browser visiting the website. Cookies do not harm the user’s terminal device and cannot be used to spread malware.
Cookies cannot be used to identify the user.
Cookies are used to provide and develop the website. Cookies enable the analysis of data on how the website is used. Cookies can also be used for targeted advertising.
The website user may disable cookies by changing their own browser settings or delete cookies from their own browser. In this case, however, it should be noted that disabling or deleting cookies may deteriorate or completely prevent the use of the website.