Drafted on March 25th 2018
This Privacy Statement (hereinafter “Statement”) informs you how Purefox Oy’s business operations in Finland collects, processes and discloses personal data in connection with the Service provided (“Service”) and in use of websites www.purefox.fi and 18.104.22.168. Please read this Statement carefully before you start using the Service or browsing the website.
1. Data controller
The data controller in accordance with the applicable data protection law is Purefox Oy and its subsidiaries (hereinafter ”Purefox”, ”Rockodile”, “we”, “us” or ”our”). Purefox is responsible for ensuring that your personal data is processed in compliance with this Statement and applicable data protection laws.
Contact details of the data controller:
Purefox Oy Oy
Business ID: 2545321-7
Address: Yliopistonkatu 39, 20100 Turku, Finland
Name of the person responsible for data protection:
Address: Yliopistonkatu 39, 20100 Turku, Finland
2. Collection of personal data
Your personal data can be collected through different means. Primarily, we collect and process personal data, which
- is provided by you when you contact us or do business with us, e.g. when you buy our Service or Products, subscribe to our newsletter or contact us requesting an offer, support or information;
- is generated when using the Service, Product or visiting our website, e.g. when you use the Product or Service; and
- is obtained from other sources, where permitted by applicable law, e.g. Trade Register, Population Information System, The Business Information System or Post’s address information system.
You are not required to provide any personal data to us, but if you decide to do so, it is possible that we will not be able to provide our Service or Products to you.
The personal data we collect and process includes e.g. the following categories of data:
- basic information, such as name, title and your relation to a company you represent and contact details (email, address and phone) as well as language preference;
- information relating to customer relationship, such as Service, Product and order details, payment details, billing information, marketing permissions and prohibitions;
- customer interaction and related correspondence and entries on the use of individuals’ rights;
- personal data generated in connection with the use of our Service or collected data while browsing our website e.g. user IDs, passwords, authentication details and log data on the usage of Service, data collected by means of cookies and similar technologies through websites (device ID and type, operating system and application settings); and
- other data, which is based on your consent and defined in detail on a case by case basis.
3. Purpose and legal basis for processing personal data
We only collect and process personal data, which is needed for operational purposes, customer care and relevant commercial purposes.
Your personal data is processed for the following purposes:
1. SERVICE PROVISION AND MANAGING CUSTOMER RELATIONSHIP
The primary purpose of processing personal data is to provide and deliver the Services and Products to you or to the company you represent. In order to do so we manage and maintain the customer relationship between us and you or the company you represent. In this case, our processing of personal data is based on the contract between you or the company you represent and us.
We may contact you to inform you about new features of the Service or Products or to promote and sell other services and products. We may use your personal data also for market research and customer surveys. Processing of personal data is based on our legitimate interest to provide information as part of the Service and Products and to promote our other services and products to you. You may object to processing of your personal data for direct marketing at any time (please see section 8 of this Statement).
3. SERVICE DEVELOPMENT, INFORMATION SECURITY AND INTERNAL REPORTING
We also process personal data to take care of the information security of the Service, Products and the website, to improve the quality of the Service, Products and the website as well as to develop the Service and Products. We may also generate internal reports based on personal data in order to provide relevant information to our management to operate our business appropriately. In these cases, the processing of personal data is based on our legitimate interest to ensure that our Service, Products and our website have an adequate level of information security and that we have sufficient and appropriate information at hand to develop our Service and Products and to manage our business.
4. COMPLIANCE WITH THE LAW
We may process your personal data in order to meet our statutory obligations to fulfil authorities’ (e.g. tax authority) requests based on the law.
5. OTHER PURPOSES YOU HAVE CONSENTED TO
We process your personal data also for other purposes, if you have consented to such processing.
4. Transfers and disclosures of personal data
We may disclose personal data to third parties:
- when permitted or required by law, e.g. to comply with request by competent authority or related to legal proceedings;
- when our trusted service providers process personal data on behalf of us and under our instructions. We secure the appropriate use of your personal data at all times;
- if we are involved in a merger, acquisition, or sale of all or a portion of our assets;
- when we assess that disclosure is necessary to protect our rights, protect your safety or safety of others, investigate fraud, or respond to a request of the authority; and
- with your consent to parties the consent relates to.
5. Transfers of personal data outside the EU or EEA
We may transfer personal data outside the EU or the European Economic Area when our trusted service provider working for us is established outside these areas.
For example, our marketing service provider may transfer personal data to the United States during the course of providing services. In such case, the service provider has ensured appropriate safeguards for personal data by self-certifying to the Privacy Shield Framework between the EU and the United States or by using standard contractual clauses that are approved by the European Commission. To learn more about the Privacy Shield Framework, please see https://www.privacyshield.gov/welcome.
7. Retention of personal data
Personal data is retained only for as long as necessary to fulfill the purposes defined in this Statement.
Personal data is retained during the course of customer relationship. Personal data may also be retained to the extent necessary after the end of the customer relationship, if allowed or required by applicable laws. For example, after the end of the customer relationship we typically store personal data that are necessary to response on requests or claims under applicable provisions concerning statute of limitations, or we may store your personal data, to the extent necessary, in order to respect your request not to receive direct marketing from us.
When retention of personal data is no longer required by law or rights or obligations by either party, personal data will be deleted.
8. Your rights
You have a right to access your personal data. You may ask to correct, update or remove your personal data at any time. However, please note that certain information which is strictly necessary for fulfilling the purposes defined in this Statement or which is required by law, cannot be removed. You have a right to object or restrict processing of your personal data to the extent required by applicable data protection law.
In some cases you have a right to data portability, i.e. right to receive your personal data delivered to us in a structured, commonly used machine-readable format and transmit your personal data to another data controller, to the extent required by applicable law.
If our processing of your personal data is based on a consent, you have a right to withdraw the consent at any time. We will no longer process your personal data on the purposes consented, unless there is another legal ground available for processing.
You can execute your rights by sending the above-mentioned requests to us at firstname.lastname@example.org. If you think that the processing of your personal data is not appropriate, you have a right to contact Data Protection Supervisor.
9. Information Security
We maintain security measures (including physical, electronic and administrative measures) that are appropriate to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, we limit access to personal data to only such individuals, who need the information in the course of their work tasks.
Please be aware that even the most appropriate security measures cannot prevent all potential security breaches. If a security breach occurs, we will inform you in accordance with applicable laws.
10. Changes to this Statement
We have the right to change this Statement. If we make any changes to this Statement, we will let you know it on our website at www.purefox.fi, where you can also find the latest version of this Statement.
11. Contact us
If you have any questions regarding this Statement or the personal data we process about you, please contact us at email@example.com.