Privacy Policy

Ge­ne­ral

This Pri­vacy Po­licy desc­ri­bes how Di­gi­loik­ka Oy (“Di­gi­loik­ka”, "Loik­ka" or the “cont­rol­ler”) proces­ses per­so­nal da­ta. The Pri­vacy Po­licy applies to our web­si­te, mar­ke­ting ac­ti­vi­ties and cus­to­mer re­la­tions­hip ma­na­ge­ment, as well as to the proces­sing of per­so­nal da­ta re­la­ted to pro­ducts and ser­vices we pro­vi­de. In ad­di­tion, this pri­vacy sta­te­ment al­so applies to the proces­sing of per­so­nal da­ta via a sur­veil­lance ca­me­ra ins­tal­led at Loik­ka's pre­mi­ses. We may ha­ve secu­ri­ty ca­me­ras on our pre­mi­ses that can au­to­ma­tical­ly record and record pic­tu­res/vi­deos of you when you vi­sit our pre­mi­ses. Such recor­dings may con­tain your per­so­nal da­ta if such ima­ges or vi­deos al­low us to iden­ti­fy you. Secu­ri­ty ca­me­ras are po­si­tio­ned in such a way that they do not desc­ri­be the public space sur­roun­ding our pre­mi­ses. We do not use au­to­ma­ted facial recog­ni­tion or si­mi­lar tech­no­lo­gies to iden­ti­fy an in­di­vi­dual as a re­sult of the proces­sing of bio­met­ric da­ta.

We comply with applicable da­ta pro­tec­tion le­gis­la­tion in all our per­so­nal da­ta proces­sing. Da­ta pro­tec­tion le­gis­la­tion re­fers to applicable laws on da­ta pro­tec­tion, such as the EU Ge­ne­ral Da­ta Pro­tec­tion Re­gu­la­tion (2016/679) and the Fin­nish Da­ta Pro­tec­tion Act (5 Decem­ber 2018/1050). Da­ta pro­tec­tion concepts not de­fi­ned in this Pri­vacy Po­licy are in­terpre­ted in accor­dance with da­ta pro­tec­tion le­gis­la­tion.

Our ser­vices and web­si­tes may al­so con­tain links to ex­ter­nal web­si­tes and ser­vices ope­ra­ted by ot­her or­ga­ni­sa­tions. This Pri­vacy Po­licy does not apply to such ser­vices and web­si­tes, and we encou­ra­ge you to read their pri­vacy sta­te­ments be­fo­re using them.

“Per­so­nal da­ta” means any in­for­ma­tion that concern na­tu­ral per­sons (“da­ta sub­jects”) from which a per­son can be iden­ti­fied, di­rect­ly or in­di­rect­ly, in the man­ner desc­ri­bed in mo­re de­tail in the EU GDPR.

Cont­rol­ler and da­ta pro­tec­tion of­ficer

Cont­rol­ler: Di­gi­loik­ka Oy
Busi­ness ID: FI27900332 (2790033-2)
Address: Lem­min­käi­sen­ka­tu 14-18 A, 20520 Tur­ku, FIN­LAND
Email: con­tact@loik­ka.io

Con­tact de­tails:
Joo­nas Suo­mi­nen
tel. +358 40 0782 838

Pur­po­ses and law­ful ba­sis for the proces­sing of per­so­nal da­ta

We process per­so­nal da­ta for the fol­lowing pur­po­ses:

  • de­li­ve­ring pro­ducts and ser­vices, conclu­ding cus­to­mer cont­racts and ful­fil­ling or­ders (cont­rac­tual re­la­tions­hip or its pre­pa­ra­tion, le­gi­ti­ma­te in­te­rest)
  • cus­to­mer ser­vice and com­mu­nica­tion and cus­to­mer sa­tis­fac­tion sur­veys (le­gi­ti­ma­te in­te­rest, con­sent, cont­rac­tual re­la­tions­hip)
  • mar­ke­ting, inclu­ding mar­ket re­search, ot­her mar­ke­ting pro­mo­tion and ana­ly­sis, and the pro­duc­tion of sta­tis­tics and mea­su­re­ments on the ef­fec­ti­ve­ness of mar­ke­ting and com­bi­ning and up­da­ting per­so­nal da­ta for di­rect mar­ke­ting pur­po­ses (le­gi­ti­ma­te in­te­rest, con­sent)
  • di­rect mar­ke­ting, inclu­ding elect­ro­nic di­rect mar­ke­ting and te­le­mar­ke­ting, as well as plan­ning and mea­su­ring the ef­fec­ti­ve­ness of ad­ver­ti­sing and mar­ke­ting, and com­bi­ning and up­da­ting per­so­nal da­ta for di­rect mar­ke­ting pur­po­ses (le­gi­ti­ma­te in­te­rest, con­sent)
  • ma­na­ge­ment of sta­ke­hol­der and subcont­rac­tor re­la­tions and coo­pe­ra­tion with ser­vice pro­vi­ders (le­gi­ti­ma­te in­te­rest, cont­rac­tual re­la­tions­hip or its pre­pa­ra­tion)
  • im­pro­ving the user ex­pe­rience of our web­si­te and ot­her ser­vices and mo­ni­to­ring user traf­fic (con­sent)
  • car­rying out le­gal obli­ga­tions (such as ac­ti­vi­ties re­la­ted to accoun­ting and taxa­tion) and re­por­ting obli­ga­tions (compliance with a le­gal obli­ga­tion)
  • in­ter­nal and Group-le­vel re­por­ting and ot­her in­ter­nal ad­mi­ni­stra­tion (le­gi­ti­ma­te in­te­rest, compliance with a le­gal obli­ga­tion)
  • proces­sing of war­ran­ty and lia­bi­li­ty mat­ters and complaints and con­duc­ting le­gal and of­ficial procee­dings (compliance with a le­gal obli­ga­tion)
  • Cus­to­mer due di­li­gence (KYC) compliance and process ma­na­ge­ment (compliance with a le­gal obli­ga­tion)
  • pre­ven­ting and in­ves­ti­ga­ting abuses and en­su­ring da­ta secu­ri­ty and the sa­fe­ty of per­sons and pro­per­ty (le­gi­ti­ma­te in­te­rest, compliance with a le­gal obli­ga­tion)

The law­ful ba­sis of our proces­sing for the pur­po­ses of de­li­ve­ring pro­ducts and ser­vices, conclu­ding cus­to­mer cont­racts and ful­fil­ling or­ders and their re­la­ted obli­ga­tions is the per­for­mance of a cont­ract or its pre­pa­ra­tion.

The law­ful ba­sis for proces­sing per­so­nal da­ta may al­so be the le­gi­ti­ma­te in­te­rest of the cont­rol­ler or a third par­ty. For example, proces­sing for the pur­po­ses of ma­na­ging cus­to­mer re­la­tions­hips, cus­to­mer com­mu­nica­tions, re­por­ting, proces­sing complaints and le­gal procee­dings is ba­sed on a le­gi­ti­ma­te in­te­rest. In all proces­sing ba­sed on le­gi­ti­ma­te in­te­rest, Di­gi­loik­ka Oy en­su­res that the proces­sing is pro­por­tio­na­te to the in­te­rests of the da­ta sub­ject and that the da­ta is proces­sed for pur­po­ses that meet the rea­so­nable ex­pec­ta­tions of the da­ta sub­ject. Upon request, we will pro­vi­de furt­her in­for­ma­tion on how we process per­so­nal da­ta ba­sed on our le­gi­ti­ma­te in­te­rest.

Re­gar­ding to ca­me­ra sur­veil­lance, the le­gal ba­sis for proces­sing per­so­nal da­ta is le­gi­ti­ma­te in­te­rest. The proces­sing is neces­sa­ry for the pro­tec­tion of pro­per­ty against theft, unaut­ho­ri­sed access to da­ta or ot­her ac­ti­vi­ties car­ried out with the in­tent to cause harm, and for the pre­ven­tion and in­ves­ti­ga­tion of cri­mi­nal of­fences.

In the ca­se of new cus­to­mers, cer­tain mar­ke­ting mea­su­res, such as mar­ke­ting to pri­va­te cus­to­mers th­rough elect­ro­nic chan­nels, are ba­sed on the explicit con­sent of the da­ta sub­ject. For exis­ting cus­to­mers, we may send elect­ro­nic di­rect mar­ke­ting ba­sed on our le­gi­ti­ma­te in­te­rest when the mar­ke­ting concerns the di­rect mar­ke­ting of pro­ducts or ser­vices be­lon­ging to the sa­me group of pro­ducts.

When we process per­so­nal da­ta in or­der to comply with le­gal obli­ga­tions or to ful­fil so­me speci­fic re­por­ting obli­ga­tions, the law­ful ba­sis for proces­sing is pri­ma­ri­ly compliance with a le­gal obli­ga­tion. For example, the proces­sing of per­so­nal da­ta for the pur­po­ses of the KYC process is ba­sed on a le­gal obli­ga­tion.

Au­to­ma­ted deci­sion-ma­king and pro­fi­ling

The proces­sing of per­so­nal da­ta does not inclu­de au­to­ma­ted deci­sion­ma­king or pro­fi­ling.

Ca­te­go­ries of per­so­nal da­ta and sources of da­ta

  • Iden­ti­fying and con­tact in­for­ma­tion. The sys­tem sto­res the na­me, email address, pho­ne num­ber, street address, pos­tal co­de and ci­ty as ba­sic in­for­ma­tion about cus­to­mers/con­tact per­sons of the cus­to­mer busi­nes­ses, po­ten­tial cus­to­mers and repre­sen­ta­ti­ves of po­ten­tial cus­to­mers. For con­tact per­sons of cus­to­mer busi­nes­ses or po­ten­tial cus­to­mer busi­nes­ses, the sys­tem sto­res the con­tact per­son's po­si­tion in the com­pa­ny and the na­me and iden­ti­fier of the repre­sen­ted busi­ness (busi­ness ID or equi­va­lent).
  • Da­ta on the use of web­si­tes and ot­her di­gi­tal ser­vices. IP address, elect­ro­nic com­mu­nica­tion iden­ti­fica­tion da­ta, search and brow­sing da­ta, brow­ser and ope­ra­ting sys­tem da­ta and re­gi­stra­tion da­ta
  • Da­ta re­la­ted to KYC process. In­for­ma­tion re­la­ted to iden­ti­fica­tion, such as per­so­nal iden­ti­fica­tion num­ber, of­ficial docu­ment col­lec­ted for the ve­ri­fica­tion of cus­to­mer iden­ti­ty, cor­res­pon­ding in­for­ma­tion on be­ne­ficial ow­ners of the com­pa­ny, cor­res­pon­ding in­for­ma­tion on po­li­tical­ly ex­po­sed per­sons (PEPs) lin­ked to the com­pa­ny.
  • Ima­ge and vi­deo recor­dings. Ma­te­rials for on-si­te sur­veil­lance ca­me­ras

We col­lect per­so­nal da­ta di­rect­ly from da­ta sub­jects, for example in con­nec­tion with a ser­vice tran­sac­tion, or when the da­ta sub­ject bu­ys or or­ders our pro­ducts or ser­vices, eit­her on the da­ta sub­ject’s own be­half or on be­half of the or­ga­ni­sa­tion being repre­sen­ted, or in con­nec­tion with re­gi­stra­tion to a ser­vice, when the da­ta sub­ject vi­sits our web­si­te or ot­her di­gi­tal ser­vices, uses our di­gi­tal ser­vices, subsc­ri­bes to our news­let­ter, res­ponds to a cus­to­mer sa­tis­fac­tion sur­vey or ot­herwi­se con­tacts us. We al­so recei­ve per­so­nal da­ta from ot­her ex­ter­nal sources, such as pri­va­te re­gi­stry ser­vices and re­gis­ters main­tai­ned by the aut­ho­ri­ties.

Re­ten­tion of per­so­nal da­ta

We sto­re per­so­nal da­ta for as long as neces­sa­ry to ful­fil the pur­po­ses speci­fied in the Pri­vacy Po­licy and always for the pe­riod requi­red by law (for example, res­pon­si­bi­li­ties and obli­ga­tions re­la­ted to accoun­ting or re­por­ting), or for the pur­po­se of re­sol­ving a le­gal ca­se or si­mi­lar dis­pu­te. Af­ter the end of the pur­po­se of use, per­so­nal da­ta is de­le­ted or ano­ny­mi­sed wit­hin a rea­so­nable pe­riod of ti­me. We do not sto­re out­da­ted or un­neces­sa­ry da­ta. We stri­ve to en­su­re that your per­so­nal da­ta is up-to-da­te and cor­rect.

Ima­ge and vi­deo recor­dings are ge­ne­ral­ly sto­red for 3 days to 24 months, de­pen­ding on the pur­po­se of proces­sing and the loca­tion of the of­fice in ques­tion. Due to si­tua­tions that en­dan­ger pro­per­ty or sa­fe­ty, we may re­tain ca­me­ra and vi­deo recor­dings for a lon­ger pe­riod of ti­me if this is neces­sa­ry for the es­tablish­ment, exerci­se or de­fence of le­gal claims.

Upon request, we will pro­vi­de ad­di­tio­nal in­for­ma­tion on our prac­tices for sto­ring per­so­nal da­ta.

Reci­pients of per­so­nal da­ta

Per­so­nal da­ta may be disclo­sed between com­pa­nies be­lon­ging to the sa­me group as the cont­rol­ler in accor­dance with the requi­re­ments of da­ta pro­tec­tion le­gis­la­tion for the pur­po­ses desc­ri­bed in this pri­vacy sta­te­ment.

In proces­sing per­so­nal da­ta, we may al­so use va­rious ser­vice pro­vi­ders and ot­her third par­ties, such as pro­vi­ders of tech­nical so­lu­tions or ser­ver space and accoun­ting and fi­nancial ma­na­ge­ment ser­vice pro­vi­ders. In using third par­ties to process per­so­nal da­ta, we en­force the cont­rac­tual clauses requi­red by da­ta pro­tec­tion le­gis­la­tion.

We may disclo­se per­so­nal da­ta to third par­ties in si­tua­tions requi­red by law or the aut­ho­ri­ties, or in or­der to in­ves­ti­ga­te abuses and to en­su­re sa­fe­ty. We may be requi­red to disclo­se per­so­nal da­ta in con­nec­tion with li­ti­ga­tion or si­mi­lar le­gal procee­dings.

If the cont­rol­ler or a com­pa­ny be­lon­ging to the sa­me group as the cont­rol­ler is in­vol­ved in a mer­ger, busi­ness tran­sac­tion or ot­her cor­po­ra­te tran­sac­tion, per­so­nal da­ta may be disclo­sed to ot­her par­ties to the ar­ran­ge­ment or to par­ties as­sis­ting in the ar­ran­ge­ment.

Upon request, we will pro­vi­de ad­di­tio­nal in­for­ma­tion on the reci­pients of our disclo­su­res of per­so­nal da­ta.

Trans­fer of per­so­nal da­ta out­si­de the Eu­ro­pean Eco­no­mic Area

We do not trans­fer per­so­nal da­ta out­si­de the EU/EEA.

Pro­tec­tion of per­so­nal da­ta

Da­ta secu­ri­ty and the pro­tec­tion of per­so­nal da­ta are of ut­most im­por­tance to us. We use ap­propria­te tech­nical and or­ga­ni­sa­tio­nal sa­fe­guards to pro­tect per­so­nal da­ta. Per­so­nal da­ta sto­red by us is pro­tec­ted by tech­nical and or­ga­ni­sa­tio­nal means. We sto­re da­ta on ser­vers and sys­tems that are pro­tec­ted by fi­rewalls, passwords, and ot­her tech­nical mea­su­res. Access to per­so­nal da­ta is gran­ted on­ly when neces­sa­ry for the proces­sing of the da­ta. In­di­vi­duals who process per­so­nal da­ta are bound by pro­fes­sio­nal sec­recy on mat­ters re­la­ted to the proces­sing of per­so­nal da­ta.

Rights of da­ta sub­jects

Da­ta sub­jects ha­ve rights to their per­so­nal da­ta in accor­dance with da­ta pro­tec­tion le­gis­la­tion. Howe­ver, the applica­tion of rights in each in­di­vi­dual ca­se de­pends on the pur­po­se and si­tua­tion of the proces­sing.

  • Right of access to per­so­nal da­ta. Da­ta sub­ject ha­ve the right to recei­ve con­fir­ma­tion as to whet­her their per­so­nal da­ta is being proces­sed as well as ot­her in­for­ma­tion on proces­sing as re­fer­red to in da­ta pro­tec­tion le­gis­la­tion. Da­ta sub­jects ha­ve the right to recei­ve a co­py of their per­so­nal da­ta.
  • Right to rec­ti­fica­tion of per­so­nal da­ta. Da­ta sub­jects ha­ve the right, with cer­tain re­stric­tions, to de­mand that incor­rect or inaccu­ra­te da­ta be rec­ti­fied or era­sed.
  • Right to era­su­re of per­so­nal da­ta. Da­ta sub­jects ha­ve the right to request the de­le­tion of their per­so­nal da­ta in accor­dance with the con­di­tions of da­ta pro­tec­tion le­gis­la­tion. Upon request, we will de­le­te per­so­nal da­ta un­less the law or any ot­her applicable excep­tion in accor­dance with da­ta pro­tec­tion le­gis­la­tion requi­res us to re­tain the da­ta.
  • Right to re­strict proces­sing. Da­ta sub­jects ha­ve the right, wit­hin the con­di­tions speci­fied in da­ta pro­tec­tion le­gis­la­tion, to request re­stric­tions on the proces­sing of per­so­nal da­ta in cer­tain si­tua­tions.
  • Right to trans­fer per­so­nal da­ta. Da­ta sub­jects ha­ve the right to request the trans­fer of their per­so­nal da­ta to anot­her cont­rol­ler. In principle, the right to trans­fer applies to per­so­nal da­ta which the da­ta sub­ject has pro­vi­ded to the cont­rol­ler in a struc­tu­red and mac­hi­ne­rea­dable form, and which is proces­sed ba­sed on the da­ta sub­ject's con­sent or cont­ract, and/or which are proces­sed au­to­ma­tical­ly.
  • Right to ob­ject to proces­sing. Da­ta sub­jects ha­ve the right, wit­hin the con­di­tions speci­fied in da­ta pro­tec­tion le­gis­la­tion, to ob­ject to the proces­sing of per­so­nal da­ta ba­sed on le­gi­ti­ma­te in­te­rests, inclu­ding pro­fi­ling. We may re­fuse such request if proces­sing is neces­sa­ry to sa­tis­fy the com­pel­ling and le­gi­ti­ma­te in­te­rests of the cont­rol­ler or a third par­ty. Howe­ver, da­ta sub­jects always ha­ve the right to ob­ject to the proces­sing of per­so­nal da­ta for di­rect mar­ke­ting pur­po­ses and for pro­fi­ling re­la­ted to di­rect mar­ke­ting.
  • Right to with­draw con­sent. If the proces­sing of per­so­nal da­ta is ba­sed on the da­ta sub­ject's con­sent, the da­ta sub­ject has the right to with­draw con­sent to the proces­sing of their per­so­nal da­ta. With­drawal of con­sent has no ef­fect on pre­vious proces­sing.

Exerci­se of the da­ta sub­ject’s rights

We ho­pe that you will con­tact us if you ha­ve any ques­tions re­gar­ding the proces­sing of your per­so­nal da­ta. You can send a request to exerci­se your rights as the da­ta sub­ject by let­ter or email to the addres­ses lis­ted in this Pri­vacy Po­licy. We will ve­ri­fy the iden­ti­ty of the per­son ma­king the request be­fo­re proces­sing the request. We will res­pond to requests wit­hin a rea­so­nable ti­me and, in principle, wit­hin one month of sen­ding the request and ve­ri­fica­tion of iden­ti­ty. If the request can­not be gran­ted, we will no­ti­fy you of this se­pa­ra­te­ly.

Right to lod­ge a complaint with the su­per­vi­so­ry aut­ho­ri­ty

Da­ta sub­jects ha­ve the right to lod­ge a complaint with the com­pe­tent da­ta pro­tec­tion aut­ho­ri­ty if they feel that their per­so­nal da­ta has been proces­sed in vio­la­tion of da­ta pro­tec­tion le­gis­la­tion. Con­tact in­for­ma­tion of the Fin­nish Da­ta Pro­tec­tion Aut­ho­ri­ty can be found he­re.

Chan­ges to this pri­vacy po­licy

This Pri­vacy Po­licy may need to be amen­ded from ti­me to ti­me. The chan­ges may al­so be ba­sed on chan­ges in da­ta pro­tec­tion le­gis­la­tion. We the­re­fo­re recom­mend that you re­vi­sit this Pri­vacy Po­licy re­gu­lar­ly for any chan­ges.

This Pri­vacy Po­licy was publis­hed on Ja­nua­ry 17, 2024

Description of cookies