This privacy statement provides information on our processing of personal data.
Updated on 26.4.2023.
Oikiat Design Oy (Business ID: 2934831-8)
Address: Kirkkokatu 17 B 15, FI-90100 Oulu
Collection, purpose and grounds for processing of data
We collect personal data from an individual in person, partly also using analytics, in connection with an order, agreement or cooperation, and online shopping. The grounds for processing are an agreement based on an order or cooperation, and possibly a legitimate interest based on customership or cooperation, such as customer communications or marketing. We acquire consent for processing separately where necessary, for example in the case of cookies. Discharging our statutory obligations also constitutes grounds for processing.
We use the data to serve our customers, to implement customer service, customer communications and marketing, for our cooperation and product development, to develop our operations, and for participation in surveys and competitions* in a manner separately notified where necessary. We shall request your prior consent and separately inform you of the processing and its grounds, as necessary at the time, if we collect your personal data for other purposes.
What information do we collect?
- name, postal address, e-mail address and telephone number
- details of orders and payments, and delivery information
- the undertaking and job title of an individual in the case of business customers and partners
- messaging history, such as occasions of contact
- consent to receive marketing communications in individual cases
- responses to surveys and competitions* in individual cases
We use trusted contractual partners, whose operations accommodate GDPR and other statutory requirements. Any transfer or disclosure of information is governed by the statutory security measures that are applicable at the time. In such cases, for example, an agreement on transfer or disclosure will be concluded in accordance with the standard contract clauses and other conditions established by the European Commission, or there will be other lawful grounds for the transfer, such as the preparation, filing or defence of a legal claim.
Use of rights and erasing of data
You are entitled under applicable law to:
- receive information concerning the processing of your personal information
- access your information
- correct errors in your information
- delete the information and be forgotten
- restrict processing of your information
- transfer your information between systems
- object to processing of your information
- not be subject to automated decision-making
Please contact firstname.lastname@example.org if you wish to change your registered e-mail address, obtain a copy of all information concerning you, check and correct this information, or erase it from our database. The exercise of rights may be subject to restrictions. We shall notify you if we are unable to discharge your individual request in any respect, such as by erasing information that we have a statutory duty or right to retain. Relevant factors in such circumstances include the grounds for processing your personal information. You are nevertheless always entitled, for example, to prohibit the use of your information for direct marketing purposes. We correct or erase any personal information in our records that is incorrect, unnecessary, incomplete, or outdated for the purpose of processing, either spontaneously or at your request and without undue delay, unless we have a duty to retain the information.
Right to lodge a complaint with a supervisory authority
If you believe that your personal information is not being processed in accordance with the General Data Protection Regulation (EU) 2016/679 or with applicable legislation, and you are unable to resolve the matter through contact with us, you may lodge a complaint with the supervisory authority in the EU Member State where you are domiciled or employed, or where you consider that the incident occurred. The supervisory authority in Finland is the Data Protection Ombudsman (Lintulahdenkuja 4, FI-00530 Helsinki, e-mail: email@example.com).
Data retention period
Data protection principles
We apply administrative, organisational, technical and physical safeguards to protect the personal data that we collect and process. Examples of necessary measures may include encryption, firewalls, secure premises and right-of-access systems. Our security controls are designed to maintain appropriate data confidentiality, integrity, availability, flexibility, and the ability to recover data. We regularly test services, systems and other assets. Staff access to personal data is also restricted, with necessity for discharging duties imposed as a condition of employee access to data and data processing.
Service developments and statutory amendments may require us to modify this privacy statement. Registered customers will be notified of significant modifications to the privacy statement when the terms and conditions are updated.
*Responses to surveys and competitions
Surveys and competitions (such as applications to a test group, product and service development surveys, and responses to competitions) seek to gather information in support of customer service, product development and marketing. The contact details of a respondent will only be requested if the customer wishes to be contacted, or if the contact information is needed for such purposes as delivering a prize or agreeing on participation in a test group. Contact details are retained only for a limited period not exceeding one year after the survey or competition ends. Responses may only be used for research, product development, training and marketing in ways that cannot result in identification of the respondent, unless the individual has given special permission for information to be published.
As a customer from California please visit our CCAP policy page.