Privacy Policy

Loikka Solutions Oy’s customer register privacy policy

Controller

The controller of the register is Loikka Solutions Oy (business ID 1025833-9)

The contact person for registry matters is:
Aki Sopanen
Loikka Solutions Oy
Address: c/o Workland, Keilaniementie 1, 02150 Espoo, Finland

Name of the register

The name of the register is Loikka Solutions Oy’s customer register

Purpose of processing personal data

Personal data is processed for purposes related to the management, administration and development of the customer relationship, the provision and delivery of services, and the development and billing of services. Personal data is also processed for the purposes of dealing with possible complaints and other claims. In addition, personal data is processed for customer communications, such as information and news purposes and marketing, which also includes processing of personal data for direct marketing and electronic direct marketing purposes. The customer has the right to opt-out of direct marketing directed at him/her.

The controller processes the data itself and uses subcontractors acting for and on behalf of the controller to process personal data.

Legal grounds for processing

The legal bases for processing personal data are the following criteria under the EU General Data Protection Regulation (also referred to as “GDPR”):

• the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes (Article 6(1)(a) GDPR);
• processing is necessary for the performance of a contract to which the data subject is a party or for carrying out pre-contractual measures at the request of the data subject (GDPR Art. 6 Art. 1.b);
• processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party (GDPR Art. 6 Art. 1.f).

The legitimate interest of the controller referred to above is based on a relevant and proper relationship between the data subject and the controller, resulting from the fact that the data subject is a customer of the controller, and where the processing is carried out for purposes which the data subject could reasonably have expected at the time of collection of the personal data and in the context of the relevant relationship.

Data content of the register (categories of personal data processed)

The register contains the following personal data in principle for all data subjects:

• basic information and contact details: first name, surname, address, telephone number, email address;
• information relating to the person’s company or other organisation and the person’s position or job title in the company or organisation;
• the person’s direct marketing authorisations and prohibitions;
• marketing classification data (e.g. newsletter subscriber, campaign participant, industry, etc.)

Regular sources of information

Personal data is collected from the data subject himself/herself. Personal data are also collected and updated, within the limits of applicable law, from publicly available sources related to the performance of the customer relationship between the controller and the data subject and through which the controller carries out its obligations in relation to the maintenance of the customer relationship.

Retention period of personal data

Data collected in the register will be kept only for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data were collected. The need to retain personal data is assessed annually and in any case, data relating to a data subject will be erased from the register 5 years after the end of the data subject’s customer relationship with the controller and the completion of the obligations and measures relating to the customer relationship.

The controller regularly assesses the need for data retention in accordance with its internal code of conduct. In addition, the controller shall take reasonable steps to ensure that personal data which are inaccurate, incorrect or out of date, having regard to the purposes of the processing, are erased or rectified without undue delay.

Recipients (categories of recipients) of personal data and regular transfers of data

Personal data will not be disclosed to third parties.

Transfer of data outside the EU or EEA

The personal data contained in the register will not be transferred outside the EU or EEA.

Principles for the protection of the register

The database containing personal data is stored on a server in a locked room accessible only to designated persons authorised by their functions. The server is protected by an appropriate firewall and technical protection. Access to databases and systems is only possible with personal usernames and passwords, which are issued separately.

The controller has limited access rights and authorisations to information systems and other storage platforms so that only persons necessary for their lawful processing have access to and can process the data. In addition, access events to the databases and systems are recorded in the log files of the controller’s IT system. The employees and other persons of the controller are bound by the obligation of confidentiality and to keep confidential the information they receive in connection with the processing of personal data.

Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

• the right to obtain confirmation from the controller that personal data concerning him or her are being processed or not, and if so, the right of access to the personal data (Art. 15 GDPR);
• the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal (Art. 7 GDPR);
• the right to obtain from the controller the rectification of inaccurate or incomplete personal data (Article 16 GDPR);
• the right to obtain erasure of personal data where the conditions laid down in law are met (Art. 17 GDPR);
• the right to obtain restriction of processing where the conditions laid down in law are met (Art. 18 GDPR);
• the right to receive personal data in a structured, commonly used and machine-readable format and to transmit it to another controller (Article 20 GDPR);
• the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data infringes the EU General Data Protection Regulation (Article 77 GDPR).

Requests concerning the exercise of the rights of the data subject shall be addressed to the contact person of the controller mentioned in point 1.

Cookies and other tracking technologies

We use cookies to tailor the content and ads we offer, to support our social media features and to analyse our visitor numbers. We also share information with our social media, advertising and analytics partners about how you use our site. Our partners may combine this information with other information that you have provided to them or that has been collected when you have used their services.

The following services collect IP addresses and cookie information: Google Analytics, Salesforce Pardot

Targeted marketing

Based on referrals on the website, we may carry out targeted advertising on the following services: Facebook and Instagram, Google Ads, LinkedIn, YouTube.

You can opt out of the collection and storage of your data by third party data analytics platforms. Instructions for this can be found on the websites of these third party data analytics platforms. If you wish to opt-out of web-based behavioural advertising, you can visit for example: https://preferences-mgr.truste.com/ or https://optout.aboutads.info/.