Data protection

• Who is the data controller and what are its contact details
• What kind of personal data we process and where the data is collected from
• For what purposes do we use personal data and what is the legal basis for the processing
• How long we keep data
• How you can influence what we can do with the data?
• Where we transfer and hand over data
• How we protect data
• When do we act as a joint registrar
• How can we make changes to the privacy statement

Please familiarize yourself with the content of this privacy statement. Please also note that our site may contain links to third-party services. If you click on these links and go to a third-party service, we encourage you to familiarize yourself with the principles regarding the processing of personal data followed on that page.

Who is the data controller?

Vainio Clothing Oy ("Vainio")

Social security number: 3355386-7
Address:
c/o Otto Vainio
Puolukkakuja 4
49210 HUUTJÄRVI

Contact information: otto@vainion.fi +358 50 492 0094

What kind of data do we process and where is the data collected?

We typically process the following data:

• consumer customer information, such as name, contact information, contacts, order and billing information, direct marketing consents and prohibitions, other information provided by the data subject
• contact person information for business customers , such as name, contact information, title and contacts, information about the organization represented by the contact person, such as name, social security number, contact information and invoicing information, order and invoicing information, direct marketing consents and prohibitions
• contact information of potential customers , such as name, contact information, title, and information about the organization represented by the contact person, such as name, social security number, contact information
• details of the partners' contact persons , such as name, contact information, title and contact information, as well as the information of the organization represented by the contact person, such as name, social security number, contact information and invoicing information
• website visitor information , such as name and contact information provided on the contact form or chat, automatically collected log information, and information collected with cookies describing the user's terminal device and website usage in accordance with section 5. You can also visit our website without providing any information that can identify you personally.
• We receive the information of our customers and partners from the registrant himself or the organization he represents or, for example, from partners who provide credit information. We collect information about potential customers from public sources, such as the trade register, company websites or professional profiles, such as LinkedIn, or through contacts from websites.

For what purposes do we use personal data and what is the legal basis for the processing?

We process data for the following purposes:

• Implementation of services and delivery of products: We process the information you provide to fulfill a contract we have entered into with you or the organization you represent. We cannot contact you in matters related to the contract, manage your digital customer account, deliver the newsletter you have ordered or invoice our products or services or monitor or collect payments without processing personal data. This processing is based on a contractual relationship (if you yourself are a party to the contract) or on a factual connection based on a contract with the organization you represent and our legitimate interest.
• Marketing: We process and may disclose your information for marketing based on our legitimate interest. Marketing, such as targeting advertising using cookies and electronic direct marketing to consumer customers, may also be based on your consent.
• We use partners in marketing and digital advertising. For example, we use Facebook's "custom target groups", where we target advertising on Facebook to our existing customers. Facebook's custom target groups are formed in such a way that an encrypted identifier is created in the browser based on your email address or phone number, which is compared to Facebook's encrypted identifiers. In this way, we can target advertising on Facebook at our customers or create target groups that resemble our customers' profiles. We do not receive information about which identifiers passed on to Facebook end up in the final target group and which identifiers cannot be matched on Facebook. Facebook, on the other hand, does not receive information from us about who is behind the tag. We can also do similar advertising and marketing with our other partners. You can find more information about third parties and cookies used for digital advertising in sections 5 and 7 of this privacy statement.
• Market, opinion and other studies: We process and may disclose your data for market, opinion and other research based on our legitimate interest.
• Raffles and contests: We organize raffles and competitions in which you can participate if you wish. The processing is based on the consent given in connection with participation. You can withdraw your consent at any time when you are no longer participating in the draw or competition.
• Business development: We process your data to develop our business and services. This processing is based on our legitimate interest.
• Ensuring data security and investigating abuses: We process data to ensure data security in accordance with our legal obligations. We also occasionally have to use data to prevent and investigate abuse. For example, with the help of automatically collected log data, we can monitor and determine the actions of the user of the information system and the permissibility of data use in accordance with our legitimate interest.
• Safeguarding our rights : We may have to process personal data in order to, for example, resolve disagreements. This processing is based on our legitimate interest.
• Implementation of statutory obligations: We may be required to retain some of your personal information to comply with accounting or other mandatory legislation, such as product liability laws. From time to time we have to carry out repair and recall campaigns required by the authorities. In this case, the processing is based on compliance with a statutory obligation.

To the extent that the processing is based on a legitimate interest, we consider that the processing is beneficial for both you and us. The processing of personal data enables you to receive relevant information about our contract or our services. Considering the nature and purpose of the data, we consider that the processing does not conflict with your fundamental rights or freedoms. You can object to marketing at any time. You can object to other processing based on a legitimate interest on grounds related to your personal situation as described in section 6.

We do not make automated decisions that would have legal effects or otherwise significantly affect you.

How long do we keep data?

We keep your personal data as long as necessary to fulfill the purposes described above. Mainly the storage periods are as follows:

• we keep the personal data of our customers and partners as long as the customer or contractual relationship is active or the direct marketing consent is valid and for approximately two years after its termination for the purposes described in this privacy statement, such as managing the contractual relationship, business development and marketing;
• after the above-mentioned storage period, we store data for about five years in order to respond to complaints and to fulfill the obligations of product liability and consumer protection legislation; and
• we keep any personal data included in the vouchers for seven years to comply with accounting obligations.

After the above-mentioned retention periods have expired, we will delete the information, unless it is necessary to keep it longer, for example to respond to a legal claim.

What kind of influence do you have?

We exercise the rights described below within the limits permitted and required by legislation:

• Right of inspection : You have the right to receive confirmation that your personal data is being processed or that it is not being processed. If your personal data is processed, you have the right to a copy of the personal data, provided that providing the data does not adversely affect the rights and freedoms of others.
• Right to correct and delete data : At your request, we will correct or delete incorrect, incomplete or unnecessary personal data in terms of the purpose of the processing. Information is not deleted if it is necessary, for example, to prepare, present or defend a legal claim.
• Data transfer: If you wish, you can have the personal data you provide, which we process automatically on the basis of consent or agreement, transferred to you or to a third party in a machine-readable format.
• The right to prohibit direct marketing and related profiling: You can at any time deny the transfer and processing of your data for direct marketing.
• The right to withdraw consent: You can withdraw your consent at any time.
• Right to object and limit : You can object to processing based on a legitimate interest, on grounds related to your personal situation. For example, in such a situation, the processing is limited for the period when grounds for objecting to the processing are evaluated. Processing can also be limited e.g. when you dispute the accuracy of personal data, in which case the processing is limited to the time during which we can verify the accuracy of the data. If there is a significantly important and justified reason for the processing that overrides your rights or freedom, or the data processing is necessary to prepare, present or defend a legal claim, we will contact you to continue the data processing.
• Right of appeal: You can file a complaint with the authority if your personal data has been processed in violation of this privacy policy and the legislation in force at any given time. The contact information of the supervisory authority, the data protection officer, can be found at: www.tietosuoja.fi . However, we kindly ask you to contact us first so that we can resolve the matter amicably.

To exercise the rights described above, we ask you to contact the address shown in point 1. You can object to direct marketing or withdraw your consent to it via the link at the end of each message. We ask you to verify your identity so that we can make sure that the information is not given to anyone other than the registered person.

Where is data transferred and disclosed?

We use subcontractors for data processing, in which case we guarantee with contractual arrangements that the data is processed in accordance with the legislation in force at any given time. If we transfer data outside the EU or EEA area, we ensure an adequate level of personal data protection by, for example, agreeing on matters related to the confidentiality and processing of personal data as required by legislation, such as by utilizing EU model contract clauses.

We do not disclose information to third parties for their own, independent purposes in cases other than those mentioned below:

• Authorities : We can hand over personal data in the manner required by the competent authorities, based on the legislation in force at any given time.
• Marketing and market, opinion and other research: We can hand over your information to selected partners for marketing and research purposes, unless you have forbidden this.
• Collaborative partners : We can hand over your data to our collaborative partners for their justified purposes of use, unless you have prohibited this.
• Corporate reorganizations : If we sell, merge or otherwise organize our business, personal data may be disclosed to buyers and their advisers.
• Collection and legal claims: We may disclose your information to our selected partners in order to collect our receivables and to present and defend legal claims.

How is data protected?

We use appropriate technical and organizational data security measures to protect personal data against unauthorized processing. Such means include, for example, the use of firewalls and encryption technologies, appropriate access control, limited access rights, instructions for personnel involved in the processing of personal data, and careful selection of subcontractors.

When do we act as joint registrar?

To the extent that we maintain a page on Facebook or another similar social media service or utilize their functionalities, such as the like button on our website, we can be joint data controllers. with the service provider. For example, through Facebook fan pages, we collect statistical data, e.g. About the likes and visits of our Facebook pages, the visibility of our publications and the demographic profiles of the people who reached our publications. In addition, we see the public information of people who like or comment on our pages, such as name and profile picture, as well as other information in accordance with the privacy settings defined by the user on Facebook. You can get more information about the processing of personal data from the data protection description of Facebook or another similar social media service.

Can changes be made to this privacy statement?

We are constantly developing our services and may change this privacy statement. Changes can also be based on changes in legislation or official guidelines. We recommend that you familiarize yourself with the content of the privacy statement regularly on our website.

The data protection statement was last updated on October 4, 2024.