Data protection

Innoflame Oy's online store privacy statement

Privacy and processing of personal data at Innoflame Oy

The privacy of our customers and staff is very important and we are committed to protecting the privacy of personal data. We work steadily on both data protection and security and, if necessary, develop our business to improve these areas.

Our data protection statement and data processing description are available to everyone on our website and we can provide the registered person information concerning them and held on the register upon request.

Personal data is collected for a variety of purposes and the data content varies in different registers. For instance, our employee register contains different information than our customer register and the registers are used differently. This privacy statement will outline the information to be collected in this register and the specific uses of the register. Data protection documentation will be updated as necessary and any changes will be notified to our customers. The privacy statement contains a possible date of amendment.

The key personnel handling personal data have analysed what personal data processing means in our organisation and determined what information is collected and stored, and for how long. Personal data will not be processed or stored unnecessarily and all unnecessary data will be deleted. Current legislation was considered when determining how long personal information should be retained.

Personal data handling has been restricted to named persons who need access to this data to carry out their duties. The handling of personal data in different systems is also restricted by different roles, enabling access to personal information only if it is needed for that role at that time. Personal information is not processed outside of Innoflame.

The handling of personal data is carried out in accordance with the principles established, namely lawfulness, fairness and transparency, purposefulness, minimisation and punctuality, as well as confidentiality. These principles are complied with in practice and we have trained our staff to act accordingly.

In addition to processes related to the handling of personal data, we have paid attention to technical solutions and make sure that we only use secure technologies. We expect all our subcontractors and contract partners to meet our quality requirements.

We are actively following the industry's privacy practices and ensure that our staff possess a high level of data protection skills in line with each person’s role in the organisation. If an employee’s work involves a significant amount of personal data processing, then their data protection skills must also be at a high level.

Registered users can exercise their rights by sending an e-mail or by completing a form on the website. We will respond to requests for information as soon as possible and if for any reason we are unable to complete a registered request within a month, we will immediately notify the registered person.

The registered person has the right to deny access to their data for direct mail, distance selling or other direct marketing purpose, as well as opinion polls and market research, and has the right to correct defective information by contacting the person responsible for the register.

We are always happy to help with issues related to the processing of personal data and up-to-date contact information is available on the website and in the privacy statement.

1. Controller and contact person

Innoflame Oy (Business ID: 1055712-8) Kornetintie 3 00380 Helsinki Tel: +358 (0)20 7433 601

Contact person: Sami Savela sami.savela (at) innoflame.fi

2. The name of the register

Innoflame Oy's e-commerce directory

3. Purpose of the register

Personal data is handled in line with predefined uses, such as the implementation and maintenance of e-commerce, customer relationship management, communications, implementation of the registered person’s rights, implementation of the parties' rights and obligations, development and analysis of the data controller’s activities, marketing and business planning.

The personal data contained in the register may be used in a manner permissible by law for direct mail advertising, distance selling or other direct marketing, opinion polls or market research and other comparable addressed deliveries of the controller, of companies within the same group, and of selected partners vetted by the controller.

4. Information contained in the register

The register contains appropriate information, which may include:

  • First and last name, company name
  • Business ID
  • Contact information (company and/or home address, telephone number, email address, country)
  • Photo
  • The start and/or end date of the customer relationship
  • Identification data and information relating to the use of the services, electronic identification data
  • Subscribers for newsletter
  • Registered promotional campaigns and product information, guidelines and other communications
  • Billing information
  • Selected payment method and payment information and purchase information
  • Customer relationship
  • Direct marketing permissions and bans and targeting information
  • User analysis data
  • Changes to previously identified data, log information

5. Regular data sources and data retention

Information is collected from the customer’s company, the registered user and the controller's systems when processing personal data.

Personal data can be collected and updated by the controller and the registers of companies belonging to the same group of companies, as well as from the controller's partners.

The data will only be retained for as long as it is necessary to carry out the intended use.

6. Protection of the register

Databases containing registered information are protected by technical means, such as firewalls and passwords, and stored in locked premises. Manual archives are handled only in locked premises with restricted access.

The controller shall ensure that data containing personal information is only handled by those employees of the company or a third-party who need access to it for the performance of their duties.

7. Disclosure and transfer of information

The controller may disclose information, within statutory limits, to the controller's selected partners for marketing purposes unless the registered person has forbidden such disclosure. The controller does not disclose information to third parties for marketing or other purposes.

Data is not transmitted outside the European Union or the European Economic Area unless there is an immediate need for transfer, for instance to enable the technical implementation of the service. In this case, the controller shall ensure the level of data protection as required by law.

8. Cookies

In the web store maintained by Innoflame Oy, cookies are used. A cookie is a small text file that a browser stores on the user's terminal. The cookie contains anonymous, unique identifier that allows the browser of a visitor to a website to be identified. Cookies do not harm the user's terminal and cookies cannot be used to spread malware.

The user cannot be identified using cookies.

Cookies are used to provide and develop a website and analyse its use. Cookies can also be used to target advertising.

The user of the website can block cookies by changing their own browser settings or clear cookies from their own browser. However, it should be noted that blocking or deleting cookies can adversely affect or completely block the use of the website.