Privacy policy

CUSTOMER REGISTER PRIVACY POLICY

This privacy policy applies to the customer and marketing activities of Kipu Solutions Oy. It explains how Kipu Solutions Oy processes the personal data of its customers in customer relationship and marketing activities.

Kipu Solutions Oy is committed to complying with the data protection and privacy laws, including the EU General Data Protection Regulation (GDPR) and other applicable laws and regulations governing the processing of personal data. Kipu Solutions Oy handles personal data in accordance with good data management and processing practices. The staff of Kipu Solutions Oy is obligated to keep all personal data strictly confidential.

DATA CONTROLLER

Kipu Solutions Oy, business ID 3135737-9, Mantereentie 13, 37500 Lempäälä

CONTACT PERSON FOR THE PERSONAL DATA REGISTER
The contact person for data protection matters is Miko Flinkman. He can be reached regarding register matters by email: miko.flinkman@vaistoa.com

NAME OF THE REGISTER

Kipu Solutions Oy Customer Register

CONTENT OF THE REGISTER

The register may store and process the following data. Not all of the information listed below is necessarily available for every user.

  • Name, address, phone number, email, customer information, payment information, company and its billing information, and other information possibly provided by the customer
  • Changes to the above information

The register may also contain other notes and information related to the customer and their relationship necessary for good customer relationship management. This may include information about contact requests or newsletter subscriptions.

PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

The Data Controller aims to serve its customers and marketing activities in the best possible way and to provide content that interests the data subjects. Personal data is used by Kipu Solutions Oy for:

  • Targeting customer communications and marketing activities
  • Managing, maintaining, and developing customer relationships
  • Producing and delivering services

Personal data is processed based on the consent given by the data subject, the legitimate interests of the Data Controller, or to prepare or execute a contract in which the data subject is a party.

SOURCES OF INFORMATION

The personal data in this register is always obtained directly from the data subject.

RETENTION PERIOD OF PERSONAL DATA

The data collected in the register is retained only as long as necessary and permissible by law concerning the original or compatible purposes for which the personal data was collected. Primarily, personal data is retained for up to two (2) years from the last active event between the data subject and the Data Controller. The data is deleted once the specified retention period has expired. Personal data may be used after the termination of the customer relationship if required by applicable legislation.

Additionally, the Data Controller takes all reasonable steps to ensure that inaccurate, incorrect, or outdated personal data is corrected or deleted promptly in light of the purposes for which it is processed.

PRINCIPLES OF REGISTER SECURITY

The confidentiality of the customer's personal data is important to the Data Controller. The Data Controller has implemented appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Access to the register within the Data Controller's organization is restricted by user rights, ensuring that only employees who need the information for their duties and have the right to access it can handle the data stored in the register.

The information systems used for processing personal data are technically protected in an adequate manner, including personal user IDs and passwords. Special attention is paid to the security of backup and destruction of data containing personal information.

DISCLOSURE OF INFORMATION

The processing and storage of personal data are partially outsourced to external service providers. The Data Controller ensures that such outsourcing complies with the applicable data protection and privacy laws and that external service providers do not use the information in this register for their purposes.

Personal data will not be disclosed outside the Data Controller or its service providers storing the data in a way that allows the information to be identified as relating to an individual user, except in the following exceptional situations: as required by law or authority order, by court order, or if it is necessary to prevent or investigate suspected violations of law, terms of use of online services, or good conduct, or to protect the rights of the Data Controller or third parties.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION / EUROPEAN ECONOMIC AREA

The Data Controller may transfer personal data outside the EU and EEA for technical processing of the data when using external service providers for data storage based on a cooperation agreement between the parties. These transfers are carried out securely in accordance with data protection legislation and within its limits.

RIGHTS OF THE DATA SUBJECT

The data subject has the right to inspect the information concerning them in the register and to request the correction of any inaccurate, incomplete, or outdated information. Inspection and correction requests should be directed to the contact person for the personal data register, whose contact details are at the beginning of this policy, either by visiting them in person or by sending a signed letter or similarly verified document to ensure the legitimacy of the request. Inspection requests will be responded to within one month of the request being made.

The data subject has the right to withdraw their previously given consent to data processing at any time or to make a complaint about the processing of their personal data to a supervisory authority. The data subject also has the right to request the deletion of their personal data from the register, provided that the data is no longer needed for the purposes for which it was collected or otherwise processed, or that there are no existing legal obligations requiring the Data Controller to retain the data. The data subject also has the right to request the restriction of processing or to object to the processing of their personal data.

CUSTOMER ACQUISITION REGISTER PRIVACY POLICY

This privacy policy applies to the customer acquisition and marketing activities of Kipu Solutions Oy. It explains how Kipu Solutions Oy processes the personal data of its potential customers in marketing activities.

Kipu Solutions Oy is committed to complying with the data protection and privacy laws, including the EU General Data Protection Regulation (GDPR) and other applicable laws and regulations governing the processing of personal data. Kipu Solutions Oy handles personal data in accordance with good data management and processing practices. The staff of Kipu Solutions Oy is obligated to keep all personal data strictly confidential.

DATA CONTROLLER

Kipu Solutions Oy, business ID 3135737-9, Mantereentie 13, 37500 Lempäälä

CONTACT PERSON FOR THE PERSONAL DATA REGISTER

The contact person for data protection matters is Miko Flinkman. He can be reached regarding register matters by email: miko.flinkman@vaistoa.com

NAME OF THE REGISTER
Kipu Solutions Oy Customer Acquisition Register

CONTENT OF THE REGISTER
The register may store and process the following data. Not all of the information listed below is necessarily available for every user.

  • Name, phone number, email, and other information potentially provided by the prospective customer
  • Changes to the above information

The register may also contain other notes related to the data subject aimed at establishing a customer relationship. This may include information about contact requests or newsletter subscriptions.

PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

The Data Controller aims to serve its customer acquisition and marketing activities in the best possible way and to provide content that interests the data subjects. Personal data is used by Kipu Solutions Oy for:

  • Communication and marketing activities
  • Establishing customer relationships
  • Informing about services and delivering of services

Personal data is processed based on the consent given by the data subject.

SMS / text message marketing
If you opt in to receive SMS/MMS messages from us, we process your phone number and information related to your consent (opt-in/opt-out status and timestamp) to deliver and manage the messaging service, including sending marketing messages (e.g., promotions, product updates) and service-related messages where applicable. We process this data based on your consent and/or as necessary for performing a contract or our legitimate interests, as applicable.

SMS abandoned cart
If we use SMS cart reminder messages, the website uses cookies and similar technologies to help keep track of items you put into your shopping cart, including when you have abandoned your cart, and this information is used to determine when to send cart reminder messages via SMS.

SOURCES OF INFORMATION

The personal data in this register is always obtained directly from the data subject.

RETENTION PERIOD OF PERSONAL DATA

The data collected in the register is retained only as long as necessary and permissible by law concerning the original or compatible purposes for which the personal data was collected. Primarily, personal data is retained for up to two (2) years from the last active event between the data subject and the Data Controller. The data is deleted once the specified retention period has expired.

Additionally, the Data Controller takes all reasonable steps to ensure that inaccurate, incorrect, or outdated personal data is corrected or deleted promptly in light of the purposes for which it is processed.

PRINCIPLES OF REGISTER SECURITY

The confidentiality of the data subject's personal data is important to the Data Controller. The Data Controller has implemented appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Access to the register within the Data Controller's organization is restricted by user rights, ensuring that only employees who need the information for their duties and have the right to access it can handle the data stored in the register.

The information systems used for processing personal data are technically protected in an adequate manner, including personal user IDs and passwords. Special attention is paid to the security of backup and destruction of data containing personal information.

DISCLOSURE OF INFORMATION

The processing and storage of personal data are partially outsourced to external service providers. The Data Controller ensures that such outsourcing complies with the applicable data protection and privacy laws and that external service providers do not use the information in this register for their purposes.

SMS consent / opt-in data
We do not sell or share SMS opt-in data or consent status with non-affiliated third parties for their own marketing or other non-service-related purposes. We may share this information only with service providers that help us deliver the messaging service (e.g., messaging platforms, carriers, and vendors) to the extent necessary to provide SMS/MMS delivery and operate the service.

Personal data will not be disclosed outside the Data Controller or its service providers storing the data in a way that allows the information to be identified as relating to an individual user, except in the following exceptional situations: as required by law or authority order, by court order, or if it is necessary to prevent or investigate suspected violations of law, terms of use of online services, or good conduct, or to protect the rights of the Data Controller or third parties.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION / EUROPEAN ECONOMIC AREA

The Data Controller may transfer personal data outside the EU and EEA for technical processing of the data when using external service providers for data storage based on a cooperation agreement between the parties. These transfers are carried out securely in accordance with data protection legislation and within its limits.

RIGHTS OF THE DATA SUBJECT

The data subject has the right to inspect the information concerning them in the register and to request the correction of any inaccurate, incomplete, or outdated information. Inspection and correction requests should be directed to the contact person for the personal data register, whose contact details are at the beginning of this policy, either by visiting them in person or by sending a signed letter or similarly verified document to ensure the legitimacy of the request. Inspection requests will be responded to within one month of the request being made.

The data subject has the right to withdraw their previously given consent to data processing at any time or to make a complaint about the processing of their personal data to a supervisory authority. The data subject also has the right to request the deletion of their personal data from the register, provided that the data is no longer needed for the purposes for which it was collected or otherwise processed, or that there are no existing legal obligations requiring the Data Controller to retain the data. The data subject also has the right to request the restriction of processing or to object to the processing of their personal data.

WEBSITE VISITOR REGISTER PRIVACY POLICY

This privacy policy applies to the tracking activities of Kipu Solutions Oy's website. It explains how Kipu Solutions Oy processes the personal data of visitors to its website.

Kipu Solutions Oy is committed to complying with the data protection and privacy laws, including the EU General Data Protection Regulation (GDPR) and other applicable laws and regulations governing the processing of personal data. Kipu Solutions Oy handles personal data in accordance with good data management and processing practices. The staff of Kipu Solutions Oy is obligated to keep all personal data strictly confidential.

DATA CONTROLLER

Kipu Solutions Oy, business ID 3135737-9, Mantereentie 13, 37500 Lempäälä

CONTACT PERSON FOR THE PERSONAL DATA REGISTER

The contact person for data protection matters is Miko Flinkman. He can be reached regarding register matters by email: miko.flinkman@vaistoa.com

NAME OF THE REGISTER

Kipu Solutions Oy Website Visitor Register

CONTENT OF THE REGISTER

The register may store and process the following data.

  • The data subject's IP address
  • Information collected via cookies about the data subject's visits and activities on the Data Controller's website

PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

The Data Controller aims to serve its visitors in the best possible way and provide content that interests them. Personal data is used by Kipu Solutions Oy for:

  • Targeting marketing activities
  • Developing and improving services
  • Enhancing the user experience on the website
  • Planning and developing business operations

Personal data is processed based on the Data Controller's legitimate interests and the data subject's consent to the use of cookies.

SOURCES OF INFORMATION

The personal data in this register is obtained via cookies from the Data Controller's website.

RETENTION PERIOD OF PERSONAL DATA

The data collected in the register is retained only as long as necessary and permissible by law concerning the original or compatible purposes for which the personal data was collected. Primarily, personal data is retained for up to one (1) year from the data subject's most recent visit to the Data Controller's website. The data is deleted once the specified retention period has expired.

PRINCIPLES OF REGISTER SECURITY

The confidentiality of the website user's personal data is important to the Data Controller. The Data Controller has implemented appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
Access to the register within the Data Controller's organization is restricted by user rights, ensuring that only employees who need the information for their duties and have the right to access it can handle the data stored in the register.
The information systems used for processing personal data are technically protected in an adequate manner, including personal user IDs and passwords. Special attention is paid to the security of backup and destruction of data containing personal information.

DISCLOSURE OF INFORMATION

The processing and storage of personal data are partially outsourced to external service providers. The Data Controller ensures that such outsourcing complies with the applicable data protection and privacy laws and that external service providers do not use the information in this register for their purposes.

Personal data will not be disclosed outside the Data Controller or its service providers storing the data in a way that allows the information to be identified as relating to an individual user, except in the following exceptional situations: as required by law or authority order, by court order, or if it is necessary to prevent or investigate suspected violations of law, terms of use of online services, or good conduct, or to protect the rights of the Data Controller or third parties.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION / EUROPEAN ECONOMIC AREA

The Data Controller may transfer personal data outside the EU and EEA for technical processing of the data when using external service providers for data storage based on a cooperation agreement between the parties. These transfers are carried out securely in accordance with data protection legislation and within its limits.

RIGHTS OF THE DATA SUBJECT

The data subject has the right to inspect the information concerning them in the register and to request the correction of any inaccurate, incomplete, or outdated information. Inspection and correction requests should be directed to the contact person for the personal data register, whose contact details are at the beginning of this policy, either by visiting them in person or by sending a signed letter or similarly verified document to ensure the legitimacy of the request. Inspection requests will be responded to within one month of the request being made.

The data subject has the right to withdraw their previously given consent to data processing at any time or to make a complaint about the processing of their personal data to a supervisory authority. The data subject also has the right to request the deletion of their personal data from the register, provided that the data is no longer needed for the purposes for which it was collected or otherwise processed, or that there are no existing legal obligations requiring the Data Controller to retain the data. The data subject also has the right to request the restriction of processing or to object to the processing of their personal data.

PARTNER REGISTER PRIVACY POLICY

This privacy policy applies to the activities of Kipu Solutions Oy with its partners. It explains how Kipu Solutions Oy processes the personal data of its partners in its operations.

Kipu Solutions Oy is committed to complying with the data protection and privacy laws, including the EU General Data Protection Regulation (GDPR) and other applicable laws and regulations governing the processing of personal data. Kipu Solutions Oy handles personal data in accordance with good data management and processing practices. The staff of Kipu Solutions Oy is obligated to keep all personal data strictly confidential.

DATA CONTROLLER

Kipu Solutions Oy, business ID 3135737-9, Mantereentie 13, 37500 Lempäälä

CONTACT PERSON FOR THE PERSONAL DATA REGISTER

The contact person for data protection matters is Miko Flinkman. He can be reached regarding register matters by email: miko.flinkman@vaistoa.com

NAME OF THE REGISTER

Kipu Solutions Oy Partner Register

CONTENT OF THE REGISTER

The register may store and process the following data. Not all of the information listed below is necessarily available for every user.

  • Name, email address, phone number, company, title
  • Changes to the above information

The register may also contain other notes and information related to the data subject and their potential partnership and assignments necessary for good partnership management. This may include information about contact requests.

PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

The Data Controller aims to collaborate with its partners in the best possible way. Personal data is used by Kipu Solutions Oy for:

  • Actions related to establishing, managing, maintaining, and developing a partnership or subcontractor relationship
  • Personal data is processed based on the Data Controller's legitimate interests or to prepare or execute a contract in which the data subject is a party.

SOURCES OF INFORMATION

The personal data in this register is obtained either directly from the data subject, their represented company, or from a public source.

RETENTION PERIOD OF PERSONAL DATA

The data collected in the register is retained only as long as necessary and permissible by law concerning the original or compatible purposes for which the personal data was collected. Primarily, personal data is retained for up to two (2) years from the last active event between the data subject and the Data Controller. The data is deleted once the specified retention period has expired. Personal data may be used after the termination of the partnership if required by applicable legislation.

Additionally, the Data Controller takes all reasonable steps to ensure that inaccurate, incorrect, or outdated personal data is corrected or deleted promptly in light of the purposes for which it is processed.

PRINCIPLES OF REGISTER SECURITY

The confidentiality of the partner's personal data is important to the Data Controller. The Data Controller has implemented appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Access to the register within the Data Controller's organization is restricted by user rights, ensuring that only employees who need the information for their duties and have the right to access it can handle the data stored in the register.

The information systems used for processing personal data are technically protected in an adequate manner, including personal user IDs and passwords. Special attention is paid to the security of backup and destruction of data containing personal information.

DISCLOSURE OF INFORMATION

The processing and storage of personal data are partially outsourced to external service providers. The Data Controller ensures that such outsourcing complies with the applicable data protection and privacy laws and that external service providers do not use the information in this register for their purposes.

Personal data will not be disclosed outside the Data Controller or its service providers storing the data in a way that allows the information to be identified as relating to an individual user, except in the following exceptional situations: as required by law or authority order, by court order, or if it is necessary to prevent or investigate suspected violations of law, terms of use of online services, or good conduct, or to protect the rights of the Data Controller or third parties.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION / EUROPEAN ECONOMIC AREA

The Data Controller may transfer personal data outside the EU and EEA for technical processing of the data when using external service providers for data storage based on a cooperation agreement between the parties. These transfers are carried out securely in accordance with data protection legislation and within its limits.

RIGHTS OF THE DATA SUBJECT

The data subject has the right to inspect the information concerning them in the register and to request the correction of any inaccurate, incomplete, or outdated information. Inspection and correction requests should be directed to the contact person for the personal data register, whose contact details are at the beginning of this policy, either by visiting them in person or by sending a signed letter or similarly verified document to ensure the legitimacy of the request. Inspection requests will be responded to within one month of the request being made.

The data subject has the right to withdraw their previously given consent to data processing at any time or to make a complaint about the processing of their personal data to a supervisory authority. The data subject also has the right to request the deletion of their personal data from the register, provided that the data is no longer needed for the purposes for which it was collected or otherwise processed, or that there are no existing legal obligations requiring the Data Controller to retain the data. The data subject also has the right to request the restriction of processing or to object to the processing of their personal data.

Updated 29.7.2024