PRIVACY POLICY

1)     OUR DATA PROCESSING POLICY IN A NUTSHELL

• We collect personal data from our customers and partners in order to enable us to manage customer accounts, develop our business and plan and implement marketing campaigns.
• The data we collect include, for example, information that you give us when you place an order or participate in a raffle at one of our events.
• We use your personal data to process your orders, send you news and offers via different communication channels and organise events and prize draws.
• We always respect your privacy. We never process information that can be directly linked to you unless it is necessary to achieve the purpose of the processing.

2)    CONTROLLER
Oy Finntack Ltd (business ID: 0966752-2), Keskikankaantie 29–31, 15860 HOLLOLA, FINLAND, CEO Johannes Nevanlinna

3)    WHAT TYPES OF PERSONAL DATA DO WE PROCESS?
We process the following types of personal data in order to manage customer accounts and market our services:

Basic information
Your name and contact information, such as your address, telephone number and e-mail address.
The name of your employer, where applicable, and your position in the company.

We cannot open an account for you or serve you properly unless you give us your name and contact information.

Account history
Correspondence relating to your customer account, orders and billing

Marketing and events
Your interests, participation in previous events and prize draws, offers sent to you and any information you have provided in response, your consent to direct marketing and targeted advertising based on your order history

Online behaviour
Your IP address, operating system and device model, the website you visit immediately before ours and your behaviour on our website

4)    FOR WHAT PURPOSES DO WE USE YOUR PERSONAL DATA?
We use your personal data to manage your account. This includes, for example, corresponding with you online, processing your orders, analysing and improving our products and services, direct marketing, organising events and prize draws, and conducting opinion polls and market surveys. We also sometimes use your personal data to analyse, plan and improve our own business and that of other companies belonging to the same group of undertakings.

Your personal data help us to plan, target, implement and improve our marketing campaigns.

Our partners’ and their representatives’ data are used to manage the partnership.

5)    ON WHAT BASIS DO WE USE YOUR PERSONAL DATA?
We use your information to draw up and execute a contract with you, to process your orders and give you access to our services and prize draws. We also process our partners’ data for similar purposes.

Our right to process your data is based on our legitimate interests that arise from our relationship with you. Once you have given us your contact information in connection with purchasing our products or services, we can use the information to send you direct marketing communications relating to the same or similar group of products online.

If we have asked you for permission to send you direct marketing communications and/or newsletters, our right to process your personal data is based on your consent. You can withdraw your consent at any time by e-mailing us at GDPR@finntack.com or by clicking on “Unsubscribe” in the bottom corner of our newsletter.

6)    HOW DO WE GET YOUR PERSONAL DATA?
We mostly get your personal data from you when you order products from us or participate in our events or prize draws. All our marketing communications include an option to refuse further correspondence.

If you represent one of our corporate customers, we mostly get your personal data from you. We also collect information about our corporate customers from their websites and other public sources, Suomen Asiakastieto Oy’s business database and other commercial operators who provide information about businesses and their representatives. We use the services of Intrum Justitia and Craydon to check our corporate customers’ credit history.

If you have given us permission to send you electronic direct marketing communications, we can ask our partners, such as equestrian sports organisations, for your contact information.

7)    TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
We only disclose your personal data when permitted or required by law.

We can disclose your information to our partners, such as delivery companies and online payment service providers, in order to fulfil our contractual obligations.

We also have the right to disclose your personal data if, for example, we have a legal or procedural obligation to do so, if we have reason to believe that a crime has been committed and in order to protect and defend our rights and interests as well as the rights and interests of our partners, suppliers or customers.

We can also disclose your personal data to other companies belonging to the same group of undertakings for the purposes listed in section 4 above.

Should our business or a part thereof be sold, we have the right to disclose your personal data to the buyer.

We have outsourced some aspects of our personal data processing to the following kinds of service providers:

• Communications service providers
• Marketing service providers
• IT system suppliers

8)    SOCIAL MEDIA
Our website uses social media plug-ins that enable you to share content on social media, such as Facebook, Twitter and Pinterest (you can, for example, share our advertisements with other users on social media). Whenever you use our social media plug-ins, your browser will send us the following information:

• The date and time of your visit
• Your current URL
• Your IP address
• The browser you are using
• The operating system you are using
• Your username, if you have an account on the social media platform in question, and (if necessary) your first name and surname as well as the content that you wish to share

For this kind of information, we observe the terms and conditions of the social media operator in question. More information about the types of data that are collected by means of social media plug-ins and the purposes for which data are collected is available on social media operators’ websites. You can block social media plug-ins in your browser settings.

9)    LINKS
You may see links to other websites on our website. Our privacy policy only covers our own website and services, such as the Finntack online store. Always check the privacy policy of the website that you are visiting. Please note that we cannot be held responsible for the ways in which other website operators process your personal data.

10)   COOKIES
Our website uses cookies. In order to get the best out of our website, you need to accept cookies in your browser settings. We use cookies to collect technical data and information about users’ online behaviour as well as to analyse website traffic. The information is used to improve our website and tailor the content to users’ needs. We also use the information collected using cookies to target our marketing communications and manage our advertising campaigns. You can disable cookies in your browser settings at any time. However, please note that disabling cookies may slow down or prevent access to certain parts of our website.

11)   ADVICE ON USING SOCIAL MEDIA
We use your contact information for online marketing, to target our marketing communications and to advertise online. This means that our advertisements may pop up, for example, on your news feed in Facebook. In these instances, Facebook acts as the processor of the transferred personal data.

Our website features social media tools, such as buttons that allow you to “Like” or “Share” content on Facebook. We have the right to ask Facebook to share with us any comments or links relating to our website that you share on Facebook. Facebook is also permitted to share with us any information contained in your public profile as well as any information that you share as a Facebook user with our services.

For more information about how Facebook processes your information and to manage your privacy settings on Facebook, visit https://www.facebook.com/privacy/.

12)  DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU OR THE EEA?
As a rule, we do not transfer your personal data to countries outside of the EU or the EEA. If we ever do transfer your data to countries outside of the EU or the EEA, we make sure that your data are protected as required by law, for example, by applying the standard contractual clauses approved by the European Commission.

13)  WHAT ARE MY RIGHTS IN RESPECT OF THE PROCESSING OF MY PERSONAL DATA?
Right of access
You have the right to ask us for confirmation as to whether or not we are processing any personal data that concerns you. When you exercise your right to access your data, we send you a copy of the personal data concerning you that we process. If you need more than one copy, we can, within reason, charge you a fee based on our administrative costs.

Right to rectification
You have the right to ask us to promptly correct any inaccurate or incorrect information that we have about you. You also have the right to have any incomplete data supplemented by sending us additional information.

Right to erasure (‘right to be forgotten’)
You have the right to ask us to promptly remove any personal data of yours that we have in our possession if

• the data are no longer needed for the purposes for which they were collected or otherwise processed,
• you withdraw the consent on which our right to process your data was based and we have no other legal basis for processing your data,
• you object to us processing your data due to your personal circumstances and there are no overriding legitimate grounds for the processing or you object to us using your data for direct marketing purposes,
• we have processed your data unlawfully, or your personal data must be erased in order to comply with a legal obligation.

Right to restriction of processing
You have the right to restrict the processing of your personal data so that, in addition to storing your data, we can only process your data with your consent or in order to establish, exercise or defend legal claims or to protect the rights of another natural or legal person if

•  you contest the accuracy of your personal data, in which case we will refrain from processing your data until we have verified their accuracy,
• we have been processing your data unlawfully but instead of asking us to erase your data you wish to restrict their use instead,
• we no longer need to process your personal data but you need the data to establish, exercise or defend legal claims, or
• you have objected to us processing your data due to your personal circumstances and you are waiting for confirmation as to whether our legitimate grounds for processing your data override the grounds for your objection.

Right to data portability
You have the right to receive any personal data that you have given us in a structured, commonly used and machine-readable format and transmit those data to another controller if

• we process your data by automated means and
• our processing of your data is based on your consent and necessary for the execution of our contract with you or for preparatory work requested by you to enable the execution of our contract.

The right to data portability can only be exercised in so far as it does not adversely affect the rights and freedoms of others.

Right to object
You have the right to object to us processing your personal data due to your personal circumstances unless we are able to demonstrate compelling legitimate grounds for the processing.

You have the right to object to us using your personal data for direct marketing purposes. The easiest way to opt out of electronic direct marketing communications is to click on “Unsubscribe” in the bottom corner of our messages.

Right to withdraw consent
You can withdraw your consent to us using your personal data for marketing purposes at any time. The easiest way to do this is to click on “Unsubscribe” in the bottom corner of our newsletter.

Right to complain to the authorities
You have the right to file a complaint with the Finnish Data Protection Ombudsman if you feel that our processing of your personal data violates your rights under the General Data Protection Regulation.

For more information, see www.tietosuoja.fi.

14)  FOR HOW LONG WILL YOUR PERSONAL DATA BE STORED?

We only keep your personal data for as long as we need them for the purposes for which they were collected or to meet our legal obligations. The period for which we store your data therefore depends on, for example, limitation periods for bringing legal claims, accounting regulations, our obligations under money laundering laws and legal recommendations on document retention periods.

We keep accounting records for a period of six years from the end of the year during which each financial year ends. If you miss a payment, we will keep your details until you have paid the amount in full or until the debt can no longer be collected.

Any personal data that we have collected for marketing purposes are kept until we are asked to stop processing the data for that purpose.

15)  HOW DO WE ENSURE INFORMATION SECURITY IN THE PROCESSING OF PERSONAL DATA?

Your personal data are stored in a system that is protected by firewalls, passwords and other technical means that are generally accepted as the norm in our industry. Any information that we keep manually is stored in a locked space that cannot be accessed by unauthorised persons. Only employees who need to process personal data to perform their work have access to the information.

16)  WHOM CAN YOU CONTACT TO EXERCISE YOUR RIGHTS OR IF YOU HAVE OTHER QUESTIONS RELATING TO DATA PROTECTION?

Oy Finntack Ltd

Keskikankaantie 29–31

15860 HOLLOLA
FINLAND

Business ID: 0966752-2

GDPR@finntack.com

www.finntack.com

In order to protect your privacy and prevent any misuse of your personal information, we reserve the right to request proof of identity before disclosing or removing any personal data from our data file.