Privacy Policy

Custobar Oy Wonderland Work Konepajankuja 1 00510 HELSINKI Finland

Business ID: 2645106-1

Contact Person: Tatu Kuivalahti, tatu.kuivalahti@custobar.com

Name of the register

Customer and marketing register of Custobar Oy (the “Register”).

Introduction

Custobar Oy (“Custobar” or “we”), collects personal data of its customers, users and visitors of its websites and services whilst providing its services (jointly hereinafter the “Services”). To use the Services, you are required to register to Custobar by providing your contact information or via customer agreement. Some functions and sub-services of the Services may require more information to be provided, but this will be clearly stated and you will be requested to provide the extra information before you can use these certain services and functions.

This Privacy Policy governs the principles of storing and processing the personal data included in the Register. This Privacy Policy explains what data we process, how we do that and how you may use your rights as a data subject (e.g. right to object, right of access).

This Privacy Policy may be updated from time to time if required in order to reflect the changes in data processing practices or otherwise. You can find the current version on our website (www.custobar.com).

Please note that this Privacy Policy only applies to processing of personal data where Custobar acts as a data controller. The Privacy Policy does not address and we are not responsible for, the privacy practices of any third parties.

Purpose for processing personal data

There are several purposes for the processing of your personal data by Custobar:

To provide our Services

Custobar processes your personal data in the first place to be able to deliver our Services to you and to run, maintain and develop our businesses. We would like to know who you are, so we can tailor our Services to meet your needs and desires as precisely as possible. Some of the functions and services of the Services are simply unable to work properly if we do not know who is using them. If you contact our customer service, we will use the information provided by you to answer your questions or solve your complaint. In order to ensure that our Services are in line with your needs, this data can be used for things like customer satisfaction surveys. We might also request another party to do this for us.

For customer communication (including marketing)

Custobar processes your personal data to contact you regarding our Services and to inform you of changes to our Services. Your data is also used for research and analysis to improve our Services. We may also use your data entered to our Services in certain cases to send information and marketing communication by e-mail, provided that you have given us consent to that or other legitimate grounds for such marketing communication exists.

Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.

Marketing Communications

With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.

Legitimate grounds for processing and storage limitation

Custobar processes your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to maintain and develop our businesses.

We store personal data only as long as necessary for the purposes set out in this Privacy Policy. Once the data is no longer necessary, we delete or anonymize it as soon as possible.

Processed Data and Sources of Data

Custobar collects two types of information from our customers: (i) Customer Data; and (ii) Technical Data. Although we do not normally use Technical Data to identify you as an individual, you can sometimes be recognized from it. In such situations, Technical Data can also be considered personal data under applicable laws.

We may collect the following basic Customer Data and store it in the Register: (i) first and last name; (ii) e-mail address, telephone number, address and company; (iii) payment information and transactional data. In addition, we may collect the following data arising from the customer relationship: (i) information relating to maintaining the customer relationship; (ii) information on marketing permissions; and (iii) customer service data.

We may collect Customer Data from our customers and visitors in a variety of ways, including, when they register to our Services, when they submit customer feedback, claims or other communication or when they subscribe to a newsletter or fill out a form. Further, please note that we also collect details of any transactions and payments you carry out through our Services. We will collect Customer Data from customers and visitors only if they voluntarily submit such information to us or carry out transactions or payments through our Services. We may also update and supplement personal data with information provided by third parties in accordance with applicable data protection laws.

We and/or our authorized third party service providers, may automatically collect Technical Data when you visit or interact with our Services. Technical Data may include the browser name, the type of computer or device, time spent on website, interaction with the Services, URL of the website you visited before and after visiting the Services, the time and date of user visits, surfing habits, IP address, operating system and the Internet service providers utilized and other similar technical information.

Cookies

We use various technologies to collect and store information when you visit a Custobar website, including cookies. Cookies allow us to calculate the aggregate number of people visiting our websites and monitor the use of the websites. This helps us to improve our websites and better serve our users. We also use cookies that make the use of the website easier for you, for example by remembering usernames, passwords and (language) preferences. We also use tracking and analytics cookies to see how well our services are being received by our users.

You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, note that some parts of our Services may not function properly. For more information about cookies and how to delete them, visit http://www.allaboutcookies.org.

A list of cookies used at the Custobar website

Transfer to countries outside Europe

The Services may also contain advertisements served by third parties that deliver cookies or other tracking technologies to your device so your online activities across third-party sites or online services can be tracked for advertising purposes. These third-party services are governed by separate privacy policies. The Network Advertising Initiative provides opt-out mechanisms from some behavioral online advertising: https://www.networkadvertising.org/choices/. Users located in the European Union can learn of their rights relating to online advertising at https://www.youronlinechoices.eu.

Custobar may transfer your personal data to countries outside the European Union and the European Economic Area. When we transfer any data to a country for which no adequacy decision of the European Commission exits, such transfer will be subject to the provisions of the (standard or other) clauses adopted by the European Commission. If you wish to know more about international transfers of your personal data, you may contact us via the contact details above.

Recipients

We do not share your personal data with third parties outside unless one of the following circumstances applies:

For legal reasons

We may share your personal data with third parties if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Custobar, our users or the public as far as in accordance with the law. When possible, we will inform you about such processing.

To authorized service providers

We may share personal data to authorized service providers who perform services for us (including data storage, sales, marketing and support services) or co-operation partners who we organize events in collaboration with. When data is processed by third parties on behalf of Custobar, we have taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures.

For other legitimate reasons

If Custobar is involved in a merger, acquisition or asset sale, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all customers concerned before the personal data is transferred or becomes subject to a different privacy policy.

With your explicit consent

We may share your personal data with third parties outside Custobar for other reasons than the one mentions before, when we have your explicit consent to do so. You have the right to withdraw this consent at all times.

Your Rights

Right to access

Custobar offers you access to the personal data we process. This means you can contact us asking us to inform you about your personal data that we have collected and processed and the purposes such data is used for. We may charge a processing fee in case less than 12 months have passed since your last data request.

Right to correct

You have the right to have incorrect/unprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed by contacting us.

Right to deletion

You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from our active servers and backup systems.

Right to object

You may object to certain use of your personal data if such data is processed for other purposes than necessary for the performance of our Services or for compliance with a legal obligation. You may also object any further processing of your personal data after prior given consent. If you object to the further processing of your personal data, this may lead to fewer possibilities to use our Services.

You have the right to opt-out of receiving electronic direct marketing communications from us by clicking on the opt-out link provided in all marketing communications we send you, and choosing not to receive marketing communications from us in the future. You also have the right to prohibit us from using your personal data for direct marketing purposes, market research and profiling by contacting us on the addresses indicated above.

Right to restriction of processing

You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our Services.

Right to data portability

You have the right to receive your personal data from us in a structured, commonly used format in order to transmit the data to another controller.

How to use your rights

You may use these rights by sending a letter or e-mail, including your name, address, phone number and a copy of a valid ID to us on the addresses set out above. If your request regards personal data in a cookie, you have to enclose a copy of the said cookie. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded. In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.

Information Security

We will take all reasonable, appropriate security measures to protect Custobar and our customers from unauthorised access to or unauthorised alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access rights systems. Should despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you about the breach as soon as reasonably possible.

Leadoo User Tracking

We use Leadoo’s tracking service to follow what users are doing on the site and combine this behavioral data with other data we can gather from e.g. chat interactions. Leadoo uses etag tracking in order to hook together the same users behavior over several sessions – in practice this works similarly to cookie based tracking. Please check out Leadoo Marketing Technologies Ltd’s Privacy Policy for more information on what is tracked and what your rights are. Leadoo works as the Processor and we work as the Controller for the data in terms of GDPR. You can stop the tracking by emptying your browser’s cache after the visit. Find out more on how Leadoo works as a GDPR compliant processor.

Lodging a complaint

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection. In Finland, the local supervisory authority is the Data Protection Ombudsman (https://www.tietosuoja.fi).

Latest updates:

  • January 23rd, 2023 (Leadoo user tracking)
  • February 4th, 2021 (a link to the list of cookies used on the Custobar website)
  • August 3rd, 2020 (company address)