Hi-IS Oy CUSTOMER REGISTER PRIVACY POLICY AND INFORMATION ABOUT COOKIES
Hi-IS Oy is committed to protecting your personal data and complies with valid personal data processing legislation. We have outlined below how Hi-IS Oy processes personal data relating to you as a customer of Hi-IS Oy.
1.CONTROLLER
Hi-IS Oy, Hernemäentie 34a, FI-04330 Lahela, Business ID: 2563856-1, email: privacy@hi-is.com
2. DATA FILE MANAGED BY
Sami Porokka, tel. +358 (0)505217726 (local/national rates)
3. NAME OF DATA FILE
Hi-IS Oy’s customer register.
4. PURPOSE OF PROCESSING PERSONAL DATA
The name and contact information saved in the customer register is used:
- to maintain the customer relationship,
- to provide information relating to the customer relationship and for customer service purposes
- to deliver the goods you order and to complete related payments,
- to identify the customer and to deliver consignments,
- for customer service purposes, such as responding to your enquiries and complaints,
- for customer and product information, marketing, studies and organising competitions for the controller and other companies within the same group.
- Marketing communications via email and post are only sent to data subjects on the customer register if the customer indicated that they wish to receive marketing communications from Hi-IS Oy when they registered or thereafter.
In addition, Hi-IS Oy processes some personal data for the purposes outlined below:
- Purchasing and business information, and product review information that is processed on the register is also used to target the data subject with profiling and offers, benefits and other marketing measures, along with customer communications, that the data subject will find interesting. Profiling refers to the automatic processing of personal data that is carried out on purpose to evaluate the personal properties of an individual person.
In addition, we use data relating to your age in an anonymised format for reporting and marketing purposes.
5. CONTENT OF THE DATA FILE
Hi-IS Oy collects the following data about its customers:
- First and last names
- Date of birth
- Address
- Telephone number
- E-mail address
- Purchasing transaction and business information in various channels
- Information about marketing consent and prohibitions
- Other information provided by the customer, such as event sign-ups and information provided about the customer’s diet and allergies. Hi-IS takes photographs and/or other equivalent recordings at some of its events. Customers may be identifiable from the recordings.
6. LAWFUL BASIS FOR PROCESSING
The lawful basis for the processing of your personal data relating to operations is the implementation of the agreement between you and the controller and/or the implementation, at your request, of measures preceding the making of an agreement.
Your personal data is processed with your explicit consent for direct marketing purposes. Where your personal data is processed with your consent, you have the right to withdraw your consent at any time. Withdrawal of consent, however, will not affect the legality of processing carried out before the consent is withdrawn. If you wish, you can object to the use of your data for marketing or information purposes at any time by notifying us.
If we process surveillance camera footage or any photographs or other recordings taken of you at our events, the lawful basis for processing is our legitimate interest. Hi-IS Oy has grounds of legitimate interest to store surveillance camera recordings for safety and security reasons, and to store images taken at events for promotion and marketing purposes. The processing of personal data for such purposes cannot be considered surprising or to place unreasonable limitations on your privacy. After careful consideration, we have decided that your basic rights, interest, and freedoms in these cases do not override our grounds of legitimate interest and as such do not require privacy protection. If your personal data is processed for this kind of activity, the comparison of interests forms a lawful basis for this kind of personal data processing.
We always request your consent if we publish photographs or video of you on Hi-IS’ social media channels, newspapers, or Hi-IS’ other media. Your consent will be requested when you sign up for an event where pictures or video of you may be recorded. The lawful basis for this kind of personal data processing is your consent to processing.
7. TRANSFER OF DATA OUTSIDE OF THE EU OR EEA
Personal data is not disclosed outside of the EU or EEA unless it is necessary for the technical implementation of data processing.
If your personal data is transferred outside of the EU/EEA, it will be transferred in accordance with legislation in the Data Protection Act in order to maintain the same level of privacy protection. In such cases there is either an EU Commission decision available stating that the country has an adequate level of data protection, or appropriate protective measures have been implemented in some other way, such as standard legally binding clauses, or rules that are binding on the company.
Sensitive data is not stored or transferred outside of the EU or EEA.
8. FOR HOW LONG WILL MY PERSONAL DATA BE STORED?
We store your personal data for as long as the data is required in order to implement the agreement between you and Hi-IS. Once your contractual relationship with us ends, the rule of thumb is that we either delete or anonymise all of your personal data. Customers can at any time request the erasure of their personal data that we are not obligated to store for legal reasons (such as product reviews or order history.)
In addition, some kinds of personal data are subject to storage periods that may be longer or shorter than the aforementioned rule of thumb:
- Information concerning complaints that you have submitted are stored for 2 years after the complaint has been processed.
- Email enquiries you send to us are stored for a maximum of 2 years after the last contact relating to the message.
- Information concerning your orders will be stored for a maximum of 7 years after the order is placed.
We store surveillance camera recordings for a maximum of one month. We store footage from Hi-IS events for a maximum of 10 years after the footage is recorded.
9. PRINCIPLES OF DATA FILE PROTECTION
The data on the customer register is stored on a system that can only be accessed with a username and password. The system is also protected with firewalls and other technical measures. The information on the data file saved on the system can only be accessed by certain pre-authorised employees of the controller. The information on the data file is located in a locked and guarded facility.
Hi-IS’ website uses the Secure Sockets Layer (SSL) safety protocol together with 256-bit encryption for transferring personal data. This technology provides a high level of security and is also used by big banks to protect online banking data. Always remember to check your browser’s address bar for the closed lock symbol on any website, including on non-Hi-IS websites. It will indicate that the website in question uses encrypted data transfer.
Our software uses the Secure Socket Layer (SSL) protocol to protect your order data, including your name, address, bank details and credit card number. SSL protection works in most modern browsers. The information you provide during your order will be encoded in a non-readable format on our server.
10. RIGHT OF THE DATA SUBJECT TO OBJECT
You have the right to prohibit the controller from processing your personal data for direct advertising and other direct marketing purposes, and for market and opinion surveys. You also have the right to prohibit Hi-IS Oy from offering you individually compiled offers that are based on profiling.
Please send your objection by email to the address [privacy@hi-is.com]
11. RIGHT TO COMPLAIN
The data subject has the right to complain about the processing of their personal data to the supervisory authority. In Finland, the supervisory authority is:
The Data Protection Ombudsman
Visiting address: Ratapihantie 9, 6. krs, FI-00520 Helsinki
Postal address: PO Box 800, FI-00521 Helsinki
Switch: +358 (0)29 56 66700
Fax: +358 (0)29 56 66735
Email: tietosuoja(at)om.fi
12. COOKIES AND OTHER TRACKING TOOLS
Cookies are small text files that are stored on your device when you visit our website.
When visiting Hi-IS Oy’s website, third-party cookies are also placed on your device and these are used for purposes such as targeted marketing. We use these cookies in order to better target our marketing campaigns and to collect visit and purchasing data from our website.
Third-party cookies
Google Analytics cookies
Hi-IS Oy’s website uses the Google Analytics service, which is an online analytics service. Google Analytics uses cookies in its text information. This cookie is stored on your computer and makes it possible to analyse use of the website. The information provided by the cookie about website use (only an IP address which is made non-identifiable) is sent to and stored on Google’s server in the USA. In cases where Google transfers data outside of the EU and EEA, these transfers comply with the Privacy Shield arrangements in place between the EU and USA.
Google uses this data to evaluate use of the website by reporting the frequency of use and services relating to internet use. You can read more about Google Analytics’ data security policy at https://support.google.com/analytics/answer/6004245?hl=en. You can block cookies in your browser settings. This will however prevent you from using some of our website’s functions. If you use the website, Google may collect information in the aforementioned manner and for the aforementioned purposes. If you do not wish to share data about website use with the Google Analytics service, you can also download a separate addon for your browser. The addon can be downloaded on Google’s website.
Social media icons
The Hi-IS Oy website uses Facebook, Google Plus, YouTube, Pinterest, and Twitter icons. You can recognise these icons from the Facebook, Twitter, Pin it, and +1 logos. When you visit our website, these icons will connect your browser and server directly to the services in question. In this case, these services will obtain data that your IP address has visited our website. If you are logged in to social media and you click on an icon, information that you have visited our website may be saved on your social media account. If you use these services and do not want the service provider to collect information about your online traffic, always log out from social media services before you visit our website. Please note that as the providers of this website, we do not receive information about the data content forwarded about our customers, or about how social media service providers use this data. More information about the data that is transferred to each service via links can be obtained separately from each service’s data protection terms:
| Service | Contact information and more information about personal data processing |
| Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;Â http://www.facebook.com/policy.php.
http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications http://www.facebook.com/about/privacy/your-info#everyoneinfo |
|
| Google Plus | Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en |
| Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. | |
| Pinterest Europe Ltd. Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland |
LinkedIn Insight Tag
The LinkedIn Insight tag can be used to collect information about LinkedIn users’ visits to the Hi-IS Oy website, including the URL address, reference, IP address, device, and browser properties (User Agent) and timestamp. IP addresses are shortened or (if they are used to reach the user in different devices) encrypted, and the user’s direct identifiers are deleted after seven days and the data is pseudonymised. Pseudonymised data is deleted after 180 days. LinkedIn does not share personal data with the website owners; it only offers reports and notifications (that do not identify you) about the website’s audience and the efficacy of advertisements. LinkedIn also offers retargeting for website users, whereupon the website owner can see customised advertisements on its website by using this information, but without identifying the member. We use this data, which does not identify you, to improve the aptness of advertisements and to reach users on all devices. LinkedIn users can manage the use of their personal data for advertising purposes in their account settings.
LinkedIn’s privacy policy is available at https://www.linkedin.com/legal/privacy-policy
You can opt out of LinkedIn InsightTag tracking at  https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy
Consent to use of cookies
When you visit our website for the first time, we will give you the option to allow or to block various types of cookies. Before this, we may already place our own cookies which are necessary in order for our website to function.
You can withdraw your consent to the placement of cookies on your device at any time using the link below. You can also delete any cookies already on your device in your browser settings.
Blocking cookies:
You can opt out of LinkedIn InsightTag tracking at  https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy
Changes
We may occasionally make changes to the practices relating to our use of cookies. We recommend that you visit this page regularly for the latest information about cookies used on Hi-IS Oy’s website.