This Privacy Statement (hereinafter referred to as “the Statement”) describes how Cupori Oy collects, processes and discloses personal information when providing and delivering products and services, communicating with its customers, purchasing materials, products and services that meet business needs, or otherwise interacting with its business partners or other stakeholders. Please, read this Statement carefully before using our services or products or browsing the website.
1. DATA CONTROLLER
The Data Controller under the applicable Data Protection Act is Cupori Oy (hereinafter referred to as “Cupori”, “we”, “us” or “ours”). Cupori is responsible for ensuring that your personal data is processed in compliance with this Statement and applicable data protection laws.
Contact details of the Data Controller:
Company ID: 2639859 -8
Address: Kuparitie, P.O. Box 60, FI-28101, Pori, Finland
Contact details for matters concerning the register:
2. COLLECTION OF PERSONAL DATA
Your personal data can be collected in different ways. As a rule, we collect and process personal data that
- you have provided us when you are in contact with us or when you are dealing with us, for example when you buy products or services, subscribe to our newsletter, or contact us to request an offer or information;
- are generated from the use of products or services or during a visit to our website; and
- are obtained from other sources to the extent permitted by applicable laws such as the Trade Register, the Population Information System, the Business Information System or the Posti address information system.
You do not have to provide us with your personal information, but if you decide so, we may not be able to offer our products or services to you.
We collect and process, for instance, the following categories of personal data:
- basic information such as name and contact details (email, address and telephone number) and the language of the service;
- basic information about the user’s employer such as name and contact details (email, address and telephone number);
- information related to the customer relationship such as products and services purchased or delivered:
- order information, payment information, billing information, marketing authorisations and prohibitions;
- customer contacts and related correspondence, as well as records of data subjects’ rights;
- information collected in connection with the use of our website such as timestamps and logs of use of the service, information collected from the website through cookies or similar technologies (IP address, device ID and type, operating system and application settings, user activity such as viewed pages and clicked items, location and country of origin); and
- other information specified on a case-by-case basis based on your consent.
3. PURPOSE AND LEGAL CRITERIA OF THE PROCESSING OF PERSONAL DATA
We collect and process only personal data necessary to conduct our business, manage the customer relationship and for appropriate commercial purposes.
We process your personal data for the following purposes:
- Provision of products and services, as well as customer relationship management
We primarily process personal data to provide and deliver you or your company with products and services. To do so, we maintain and manage the customer relationship between you or the company you represent and us. In this case, the processing of personal data is based on an agreement between you or the company you represent and us.
We can contact you to tell you about new product features or to market and sell you other services. We can also process your personal data for marketing surveys and customer surveys. The processing of personal data is based on our legitimate interest in providing information as part of the products and marketing other services to you. You have the right to object to the processing of your personal data for direct marketing at any time (see section 8 of this Statement).
- Service development, information security and internal reporting
We also process personal data to ensure the security of our services and website, to improve the quality of our products and website, and to develop our products and services. We may also compile internal reports based on personal data for our management to properly manage our business. In these cases, the processing of personal data is based on our legitimate interest in ensuring the appropriate security of our products, services and websites, and in obtaining adequate and appropriate information for the development of our products and the management of our business.
We may process your personal data in order to fulfil our statutory obligations, for example concerning accounting or to execute information requests based on the law of the authorities (e.g. the tax authority).
- Other purposes to which you have agreed
We also process your personal data for other purposes if you have given your consent to such processing.
4. DISCLOSURE OF PERSONAL DATA
We may disclose personal data to third parties:
- to the extent permitted or required by law such as the execution of a request for information by a competent authority or in connection with judicial proceedings;
- when our partners process personal data on our behalf and in accordance with our instructions. We will always ensure the proper processing of your personal data;
- if we are involved in a merger, restructuring or sale of the business or part of it;
- when we consider that disclosure is necessary to enforce our rights, to protect your or others’ safety, to investigate abuses or to respond to a request from an authority; and,
- with your consent, to the parties this consent concerns.
5. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU OR THE EEA
We do not transfer customers’ personal data outside the EU and the EEA.
You can read more about cookies here cupori.fi/tietoa-evasteista/.
7. STORAGE OF PERSONAL DATA
Personal data shall only be stored for as long as it is necessary for the purposes specified in this Statement.
Personal data is stored for the duration of the customer relationship. Personal data may also be stored to the extent permitted or required by applicable law after the termination of the customer relationship. For example, after the end of the customer relationship, we typically store personal data that is necessary to respond to claims or actions in accordance with the provisions in force concerning the limitation period. We may also store personal data where necessary to comply with the prohibition of direct marketing you have issued.
Personal data shall be deleted when their storage is no longer necessary for the exercise of the rights or obligations of the law or of either party.
8. YOUR RIGHTS
You have the right to check your personal data. At any time, you may also request that your personal data be corrected, updated or deleted. Please note, however, that personal data which are necessary for the purposes specified in this Statement or which are legally required to be retained cannot be deleted.
You have the right to object to or restrict the processing of your personal data to the extent required by applicable law.
In accordance with applicable law, in certain cases you have the right to transfer your personal data from one system to another, i.e. to obtain your personal data in a structured, commonly used, machine-readable format and to transfer your personal data to another data controller.
When we process your personal data based on your consent, you have the right to withdraw your consent at any time. After this, we will not process your personal data unless there is any other legal basis for the processing.
To exercise your rights, please submit a request to firstname.lastname@example.org.
If you feel that the processing of your personal data is not appropriate, you have the right to refer the matter to a data protection ombudsman.
9. DATA SECURITY
We take appropriate measures (including physical, digital and administrative measures) to protect personal data against loss, destruction, abuse and unauthorised access or disclosure. For example, personal data can only be accessed by persons who need it to perform their duties.
Please, note that even appropriate measures cannot prevent all possible security breaches. In the event of a personal data breach, we will notify you in accordance with applicable laws.
10. MODIFICATION OF THE STATEMENT
Please, contact us by email at email@example.com for further information regarding the processing of your personal data.