1. What personal data we collect, when, and your consent
Personal data is collected directly from you when you submit your orders through our websites, registering as a new customer for our services, contact us via support or contact forms, subscribe to our newsletters, services, entering a contest or promotion. We collect personal data, such as name, e-mail address, phone number, postal address. You will find the full list of data we collect in the forms where you submit your data.
While we may ask you to give us a kind of consent to collect and process your personal data by showing the corresponding checkboxes when you submit your orders, registering for the services or contact us, as an additional way to show you that we value your privacy, we are generally do not rely on consent as a lawful basic for processing this data, but performance of a contract with you - see details in the next section.
Sometimes additional information is required to keep information up to date or to verify information we collect - we then usually contact you by email to get such information. You can also share your personally identifiable information with us by communicating with one of our customer care representatives by telephone or in writing.
When your are placing new order and becoming our new customer we may create an individual account for you to use our services and notify you about it. However, the iSocket e-Store concept is "easy ordering in just two steps!". You don’t need to go through a lengthy process of registration. Due to this fact in a case of some mistakes in your data you may need to place a new order and your data may be collected multiple times.
You are not required to provide any personal data to us, but if you decide not to do so, it is possible that we will not be able to provide our services to you. Generally, we do not rely on consent as a lawful basis for processing your personal data other than where the law requires it, for example in relation to sending certain direct marketing communications. Where our lawful basis is consent, you have the right to withdraw consent any time.
2. How we may use and disclose your personal data and the lawful basis for doing so
When you are contacting us for a quotation, ordering from our websites, becoming a new customer for the services you are entering into a product or service agreements with us (so called "performance of a contract"). The main purpose of our processing of personal data is to collect, verify, and process personal data prior to giving an offer and entering into a contract with you as well as documenting, administering and completing tasks for the performance of contracts. We also need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance. Below we give you a description of how we plan to use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
To fulfill your orders. This includes sending you emails, invoices, receipts, notices, shipping notifications and similar communication, processing payments. Lawful basis is performance of a contract with you and our legitimate interests (e.g. recover possible debts due to us). We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. We also send your shipping data to courier’s companies. Below we describe steps we take to safeguard that data.
To promote use of our services to you. We usually do this in a form of sending our newsletters. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send. We rely on your consent as a lawful basic for this type of communication. You give us your consent by checking the corresponding checkboxes when subscribe to newsletters. When our emails are not related to promotions, but important product updates or other important notifications, a lawful basis is performance of a contract with you - see the next.
To configure your products or services, send you alerts. We may help you with pre-configuration of the services or sold products, for example, configure your phone number of alerts, set your profile for services. We may send you SMS, voice or email alerts and for these purposes we might need to share your information, such as phone, name or email with providers of such services. Lawful basis for processing: performance of a contract with you.
To administer and protect our resources (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Lawful basis for processing: necessary for our legitimate interests (for running our business, prompt correct actions, provision of administration and IT services, network security, to prevent fraud); necessary to comply with a legal obligation.
To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. Lawful basis for processing: necessary to comply with a legal obligation.
To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements. Lawful basis for processing: necessary for our legitimate interests (to protect our business, our customers or third parties); necessary to comply with a legal obligation, performance of a contract with you.
To prosecute and defend a court, arbitration, or similar legal proceeding. Lawful basis for processing: necessary for our legitimate interests (to protect our business, our customers or third parties); necessary to comply with a legal obligations.
To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. Lawful basis for processing: necessary to comply with a legal obligations.
Your personal data will be used only in a manner consistent with the purpose for which we obtained it. Note that we may combine and process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. We never process personal data in a manner that is inappropriate in view of the defined purpose. We do not carry out any automated decision making.
3. With whom do we share your information?
We may share your personal data with others such as authorities, suppliers, payment service providers and business partners. To fulfill services and agreements we have to disclose information about you. If, for example you have placed your order, we need to disclose certain information about you to our payment processor - PayPal or Paytrail to fulfill your order. Your credit card details are communicated directly from your browser to these payment processors - we never (ever!) see your full Permanent Account Number (PAN), i.e. your credit card details.
We may disclose personal data to the following types of third parties for the purposes described in this policy:
Subcontractors working for us. When you request a certain feature we may ask our subcontractors to implement it.
Advisers. We may share your personal data with auditors and professional advisers like bankers, lawyers, accountants and insurers.
Other parties with your consent that can be obtained e.g. in connection with a particular service.
We require all third parties to respect the security of your personal data and to treat it in accordance with applicable laws. We do not allow such third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. If we transfer your personal data, we will take the appropriate steps in line with applicable laws to ensure that your right to privacy is continued to be protected.
Authorities, such as tax authorities, police authorities, enforcements authorities and supervisory authorities in relevant countries. We may disclose personal data to them in order to comply with applicable law or court order or in connection with judicial proceedings or other legal process. For example personal data may be disclosed for a copyrights’ owner or respective spokesman based on a court decision. We also disclose data to competent authorities (e.g. to the police or emergency services) when required by law and always in accordance with strict predefined processes.
We may also share your information:
In connection with business transfers such as part of any merger, acquisition, sale of our assets or transition of service to another company.
With third parties connected to advertising, retargeting and analytics. Please see Cookies below.
We may also process anonymized or aggregated data, which does not relate to you as an individual. Such data can be shared for other purposes and parties.
4. Public information and third-party websites
Blog. We have public blogs on our websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your personal data appears on our blogs and you want it removed, contact us. If we are unable to remove your information, we will tell you why.
Social media platforms and widgets. Our websites include social media features, such as the Facebook Like or Share buttons. These features may collect data about your IP address and which page you are visiting on our website, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. We also maintain presences on social media platforms including Facebook, Twitter, Google+, LinkedIn, YouTube and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
5. Safeguarding your personal data
We are passionate about safety and security in our services and we sharing the same passion when it comes to protect your personal data. We take reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal data.
We use a variety of secure techniques to protect your data, including secure servers, firewalls, encryption. While we are taking a proper steps to protect your data during transmition to us or from us, we do not guarantee the security of any information transmitted, because of the nature how Internet works. You have to control what connection to Internet you use, regularly update software on your computers or mobile devices and use firewalls and antiviruses.
Our services require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Your passwords are encrypted, which means we cannot see your passwords. We cannot resend forgotten passwords either. We will only reset them.
Our credit card processing vendors use security measures to protect your information both during the transaction and after it is complete.
If a security breach causes an unauthorized intrusion into our system that affects your data, then we will notify you as soon as possible and later report the action we took in response.
If you have any questions about the security of your personal data you may contact us through this form. Please note, we will reply only to emails for which we have collected personal data.
6. How long we process your personal data
We will keep your personal data for as long as it is needed for the purposes for which your data was collected and processed or required by laws and regulations. This means that we keep your data for as long as necessary for the performance of a contract and as required by retention requirements in laws and regulations.
For example, when you purchased the product from us, we need to provide you with both warranty and post-warranty support. We need to keep records about your order for that. If you decide to use your "Right to be forgotten" (see below) we may no longer provide you with warranty support.
Also we will retain your data for as long as your account for our services is active or as long as needed to provide you with our services. We also make a promise to you that you can come back at any time and use your account again. So, unless you actively delete this information, we keep it, so we can keep our promise to you.
We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements. It means that we may keep your data for a longer period than a duration of your account.
We also aim to make sure that the personal data and other customer information are up-to-date and correct. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold any of your personal data - see "Your legal rights" below for further information.
The data retention obligations are sometimes a subject to local laws.
Specific examples are:
Bookkeeping regulations: up to ten years.
Details on performance of an agreement: up to ten years after end of customer relationship to defend against possible claims.
The above is only for explanatory purposes and the retention times may differ country to country.
We aim not to keep outdated or unnecessary information. Once your account for the services or warranty period for the products plus two years has expired we will archive the data with the encryption key accessible only for management of the company. This archive will be stored in order to comply with our legal obligations described above.
In some circumstances you can ask us to delete your data - see "Your legal rights" below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7. Your legal rights
If the GDPR applies to you because you are in the European Union, you have the following rights under data protection laws in relation to your personal data.
The right of access. You have a right to access the personal data we are keeping about you for free. In many cases this information is already present to you in your profile for the services. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy.
The right to rectification – that is a right to make us correct personal data about you that may be incomplete or inaccurate. If the data are incorrect or incomplete, you are entitled to have the data rectified, with the restrictions that follow from legislation.
The right to erasure – that is also known as the 'right to be forgotten' where you can ask us to delete the personal data we have about you. This right is not absolute and only applies in certain circumstances. In most cases we have a legal basis to keep your data to fulfill our legal obligations. Usually only data related to email marketing received with your consent can be deleted and you can do it yourself by clicking the unsubscribe link in every marketing email we send.
The right to restrict processing – that is a right for you in certain circumstances to ask us to suspend processing personal data.
The right to data portability. You have a right to receive personal data that you have provided to us in a machine-readable format. This right only applies when the lawful basis for processing this information was consent or for the performance of a contract and the processing is carrying out by automated means.
The right to object – that is a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing).
Rights related to automated decision making including profiling - that is a right you have for us to be transparent about any profiling we do, or any automated decision making.
If you wish to exercise any of the rights set out above, please contact us through this form or by mail to PL 106, 78201, Varkaus, Finland. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We will try to respond to all legitimate requests within one month. We will notify you and keep you updated about any delays.
You can also lodge a complaint or contact the data protection authority in any of the countries where we provide services or products to you. We would, however, appreciate the chance to deal with your concerns before you approach authorities so please contact us in the first instance.
Our websites offer e-commerce or payment facilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.
When you submit data through different forms cookies may be set to remember your user details for future correspondence.
In order to provide you with a great experience on our websites we provide the functionality to set your preferences for how websites run when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Our websites may use Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use our website and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
As we sell products it's important for us to understand statistics about how many of the visitors on our websites make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
In some cases we may provide you with custom content based on what you tell us about yourself either directly or indirectly by linking a social media account. These types of cookies simply allow us to provide you with content that we feel may be of interest to you.
We also use social media buttons and/or plugins on our websites that allow you to connect with your social network in several ways. For these to work the following social media sites including Facebook, Twitter, LinkedIn, Instagram, YouTube, will set cookies through our websites which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.