Business ID: 2645106-1
Contact Person: Tatu Kuivalahti, email@example.com
Name of the register
Customer and marketing register of Custobar Oy (the “Register”).
Custobar Oy (“Custobar” or “we”), collects personal data of its customers, users and visitors of its websites and services whilst providing its services (jointly hereinafter the “Services”). To use the Services, you are required to register to Custobar by providing your contact information or via customer agreement. Some functions and sub-services of the Services may require more information to be provided, but this will be clearly stated and you will be requested to provide the extra information before you can use these certain services and functions.
Purpose for processing personal data
There are several purposes for the processing of your personal data by Custobar:
To provide our Services
Custobar processes your personal data in the first place to be able to deliver our Services to you and to run, maintain and develop our businesses. We would like to know who you are, so we can tailor our Services to meet your needs and desires as precisely as possible. Some of the functions and services of the Services are simply unable to work properly if we do not know who is using them. If you contact our customer service, we will use the information provided by you to answer your questions or solve your complaint. In order to ensure that our Services are in line with your needs, this data can be used for things like customer satisfaction surveys. We might also request another party to do this for us.
For customer communication (including marketing)
Custobar processes your personal data to contact you regarding our Services and to inform you of changes to our Services. Your data is also used for research and analysis to improve our Services. We may also use your data entered to our Services in certain cases to send information and marketing communication by e-mail, provided that you have given us consent to that or other legitimate grounds for such marketing communication exists.
Third-Party Service Providers
We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.
Legitimate grounds for processing and storage limitation
Custobar processes your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to maintain and develop our businesses.
Processed Data and Sources of Data
Custobar collects two types of information from our customers: (i) Customer Data; and (ii) Technical Data. Although we do not normally use Technical Data to identify you as an individual, you can sometimes be recognized from it. In such situations, Technical Data can also be considered personal data under applicable laws.
We may collect the following basic Customer Data and store it in the Register: (i) first and last name; (ii) e-mail address, telephone number, address and company; (iii) payment information and transactional data. In addition, we may collect the following data arising from the customer relationship: (i) information relating to maintaining the customer relationship; (ii) information on marketing permissions; and (iii) customer service data.
We may collect Customer Data from our customers and visitors in a variety of ways, including, when they register to our Services, when they submit customer feedback, claims or other communication or when they subscribe to a newsletter or fill out a form. Further, please note that we also collect details of any transactions and payments you carry out through our Services. We will collect Customer Data from customers and visitors only if they voluntarily submit such information to us or carry out transactions or payments through our Services. We may also update and supplement personal data with information provided by third parties in accordance with applicable data protection laws.
We and/or our authorized third party service providers, may automatically collect Technical Data when you visit or interact with our Services. Technical Data may include the browser name, the type of computer or device, time spent on website, interaction with the Services, URL of the website you visited before and after visiting the Services, the time and date of user visits, surfing habits, IP address, operating system and the Internet service providers utilized and other similar technical information.
Transfer to countries outside Europe
The Services may also contain advertisements served by third parties that deliver cookies or other tracking technologies to your device so your online activities across third-party sites or online services can be tracked for advertising purposes. These third-party services are governed by separate privacy policies. The Network Advertising Initiative provides opt-out mechanisms from some behavioral online advertising: http://www.networkadvertising.org/choices/. Users located in the European Union can learn of their rights relating to online advertising at www.youronlinechoices.eu.
Custobar may transfer your personal data to countries outside the European Union and the European Economic Area. When we transfer any data to a country for which no adequacy decision of the European Commission exits, such transfer will be subject to the provisions of the (standard or other) clauses adopted by the European Commission. If you wish to know more about international transfers of your personal data, you may contact us via the contact details above.
We do not share your personal data with third parties outside unless one of the following circumstances applies:
For legal reasons
We may share your personal data with third parties if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Custobar, our users or the public as far as in accordance with the law. When possible, we will inform you about such processing.
To authorized service providers
For other legitimate reasons
With your explicit consent
We may share your personal data with third parties outside Custobar for other reasons than the one mentions before, when we have your explicit consent to do so. You have the right to withdraw this consent at all times.
Right to access
Custobar offers you access to the personal data we process. This means you can contact us asking us to inform you about your personal data that we have collected and processed and the purposes such data is used for. We may charge a processing fee in case less than 12 months have passed since your last data request.
Right to correct
You have the right to have incorrect/unprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed by contacting us.
Right to deletion
You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from our active servers and backup systems.
Right to object
You may object to certain use of your personal data if such data is processed for other purposes than necessary for the performance of our Services or for compliance with a legal obligation. You may also object any further processing of your personal data after prior given consent. If you object to the further processing of your personal data, this may lead to fewer possibilities to use our Services.
You have the right to opt-out of receiving electronic direct marketing communications from us by clicking on the opt-out link provided in all marketing communications we send you, and choosing not to receive marketing communications from us in the future. You also have the right to prohibit us from using your personal data for direct marketing purposes, market research and profiling by contacting us on the addresses indicated above.
Right to restriction of processing
You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our Services.
Right to data portability
You have the right to receive your personal data from us in a structured, commonly used format in order to transmit the data to another controller.
How to use your rights
You may use these rights by sending a letter or e-mail, including your name, address, phone number and a copy of a valid ID to us on the addresses set out above. If your request regards personal data in a cookie, you have to enclose a copy of the said cookie. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded. In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.
We will take all reasonable, appropriate security measures to protect Custobar and our customers from unauthorised access to or unauthorised alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access rights systems. Should despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you about the breach as soon as reasonably possible.
Lodging a complaint
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.
In Finland, the local supervisory authority is the Data Protection Ombudsman (https://www.tietosuoja.fi).
Latest update: April 23, 2020