Privacy Policy

PRIVACY POLICY Metsola Lifestyle 

Metsola lifestyle oy is committed to protecting your privacy. This privacy statement applies to the processing of the personal data of our customers, potential customers and partners as well as the users of our website. In this privacy statement, we explain in detail:

 

• The identity and contact information of the controller
• The type of personal data we process and the source of the collected data
• Our purpose and legal basis of processing personal data
• The data storage period
• The use of cookies
• Your ways to influence
• Where we transfer or disclose data
• The measures we take to protect data
• When we act as a controller
• The ways we can make changes to the privacy statement

 

We ask you to familiarize yourself with the content of the privacy statement. We would also ask you to bear in mind that our website may include links to the services of third parties. If you click the links to access third-party services, we advise you to read the principles applicable to the processing of personal data on the site in question.

 

1. The identity of the controller

Metsola Lifestyle Oy

Business ID: 2245002-9
Address: Juurakkokuja 4, 01510 Vantaa

Contact information: info@metsola.fi

 

2. The type of data we process and the source of the collected data

Typically, we process the following types of data:

• Consumer customer data, such as name; contact information; contacts; invoicing information; order information, e.g. information regarding purchased products or equipment and their potential product or register numbers; direct marketing consent or bans; information about websites opened via customer or marketing messages; other information provided by the data subject.

• Data about the contact persons of corporate customers, such as name; contact information; title and contacts; information about the organization represented by the contact person, e.g. name, Business ID, contact information and invoicing information; order information, e.g. information regarding purchased products or equipment and their potential product or register numbers; direct marketing consent or bans; information about websites opened via customer or marketing messages.

• Data about the contact persons of potential customers, such as name; contact information; title; information about the organization represented by the contact person, e.g. name, Business ID, contact information; information about websites opened via customer or marketing messages.

• Data about the contact persons of partners, such as name; contact information; title and contacts; information about the organization represented by the contact person, e.g. name, Business ID, contact information and invoicing information.

• Website user data, such as name and contact information provided via a contact form or chat; automatically collected log data; information about the user’s device and site usage collected via cookies in accordance with section 5. You can also use our site without entering data which makes it possible to identify you.

We collect data about our customers and partners from the data subjects themselves or the organization they represent, a partner providing credit information or the authorities. We collect data about potential customers from public sources, for example, the trade register, companies’ websites or professional profiles, such as LinkedIn, or via contacts made on our website.

 

3. Our purpose and legal basis of processing personal data

We process data for the following purposes:

• Implementing services and delivering products: We process your data in order to fulfill a contract conducted with you or the organization you represent. We are unable to contact you with regard to matters pertaining to the contract, manage your digital customer account, send a newsletter you have subscribed to, invoice you for our products or services or collect payments without processing personal data. The processing is based on a contractual relationship (if you personally are a contracting party) or a material connection based on a contract conducted with the organization you represent and our legitimate interest.

• Marketing: We process and may disclose your details for marketing purposes on the basis of our legitimate interest. Marketing, such as targeted marketing using cookies or electronic direct marketing to consumer customers, may also be based on your consent.

We use partners for marketing and digital advertising. For example, we use Facebook’s “customized target groups” to target our advertising on Facebook at our existing customers. The way Facebook’s customized target groups work is that, based on your email address or phone number, an encrypted identifier created in the browser is matched with Facebook’s encrypted identifiers. This enables us to send targeted adverts to our customers via Facebook or create target groups resembling our customers’ profiles. We do not know which identifiers conveyed to Facebook end up in the final target group and which identifiers are unmatched on Facebook. On the other hand, we do not reveal the person behind the identifier to Facebook. We may also engage in similar advertising and marketing with our other partners. For more information regarding third parties as well as cookies used for digital advertising, please consult sections 5 & 7 of this privacy statement. 

• Prize draws and competitions: We organist prize draws and competitions in which you can take part. The processing is based on your consent granted in connection with your registration. You can withdraw your consent at any point, in which case you are no longer included in the prize draw or competition.

• Business development: We process your data for the purpose of developing our business and services. This processing is based on our legitimate interest.

• Ensuring data security and investigating instances of abuse: We process your data to ensure data security in line with our statutory obligations. From time to time, we may also need to use the data to prevent or investigate abuse. For instance, automatically collected log information helps us to manage and supervise the actions of the information system users as well as the authorized use of data in accordance with our legitimate interest.

• Securing our rights: We may have to process personal data, e.g. in order to settle disputes. This processing is based on our legitimate interest.

• The implementation of statutory obligations: We may be obligated to store some of your personal data in order to comply with the accounting legislation and other mandatory legislation, such as the Product Liability Act. From time to time, we have to implement repair and withdrawal campaigns required by the authorities. In this case, the processing is based on compliance with a statutory obligation.

To the degree that the processing is based on our legitimate interest, we deem the processing to be of benefit to you as well as us. The processing of personal data enables us to provide you with relevant information regarding our contract or services. Taking into consideration the nature and purpose of use of the data, we do not deem the processing to be contradictory with you basic rights and freedoms. You are free to refuse marketing at any point in time. When it comes to other processing based on our legitimate interest, you can refuse it on the basis of a personal reason as described in section 6.

We do not make automated decisions that have legal effects or that otherwise materially affect you.

 

4. The data storage period

We will store your personal data as long as it is necessary to fulfill the purposes of use described above. As a rule, the storage periods are as follows:

• We will only store personal data for as long as the customer relationship or contractual relationship is active (e.g. the contractual relationship or direct marketing consent is valid or the contact person of a corporate customer has not banned marketing) and for approximately two (2) years after the termination thereof for the purposes of use listed in this privacy statement, such as the management of a contractual relationship, business development or marketing.
• After the aforementioned storage period, we will store the data for approximately five (5) years in order to respond to potential claims.
• We will store personal data potentially included in receipts for a period of seven (7) years to meet our accounting obligations.

Once the above-mentioned storage periods have been met, we will delete the data unless it is necessary to store it for longer, for example, in order to respond to a legal claim or an official enquiry or to comply with the product liability legislation or some other mandatory legislation. 

 

5. The use of cookies on the website

We may collect information about the device used by the user of our services via cookies or other similar technologies. A cookie is a small text file saved by the browser on to the user’s device. Cookies contain a unique anonymous identifier, which enables us to identify and count the browsers accessing our site.

Cookies do not move online on their own; they are installed on the user’s device only when the user accesses a website. Only the server that sent the cookie can read and use it later. Cookies and other technologies do not harm the user’s device or files, and cookies cannot be used to access programs or spread malware.

We use cookies to collect technical information about your device and the way you use our site. This information includes, for example:

• Device information, such as the device type, browser version, screen size, operating system and IP address
• A unique cookie or mobile identifier
• Information on the use of online services, such as page loads, the time and duration spent using the online service, navigation of the online services or viewed content, such as articles or products in the online store.

We may use session-specific cookies that expire when you close your browser or permanent cookies that stay on your device for a fixed period of time or until you delete them. Typically, the validity of permanent cookies varies from a few months to a few years.

So-called first-party cookies were installed by the site displayed on the address bar. In addition to them, our website also uses so-called third-party cookies, such as the cookies of advertisement technology providers or social media service providers.

We classify the cookies in the following way based on their purpose of use:

• Necessary cookies: These cookies are necessary in order to provide our services or ensure their functionality, e.g. for logging in or using the chat or shopping basket feature.

• Analytics cookies: These cookies provide us with information about the way our sites are used. For our services, we use, for example, the online analytics service provided by Google Inc., Google Analytics, in order to analyze the way our websites are used and to develop our websites to make them more user-friendly. The data stored in the cookies used by Google’s tools is sent to Google’s servers around the world for storage. For this reason, the data may be processed on servers located outside the user’s country of residence. Based on the data received, Google assesses the way the user browses the page contents and draws up summary reports on the site usage. In addition, Google draws up reports on the services offered in connection with the sites and provides statistics on the use of the Internet. Google may also disclose data to third parties if legally required to do so or in case a third party is processing data on behalf of Google.

• Advertising cookies: These cookies are used for targeted advertising elsewhere on the Internet. Advertising cookies are primarily third-party cookies. Some of these third-parties process data as independent controllers. You can find out more about the way they process personal data in their respective privacy statements. Advertising cookies are installed, e.g. by Google and Facebook.

You can affect cookies in the following ways:

• Deleting cookies: You can delete or clear cookies in your browser settings, in which case any profile linked to the deleted identifier is reset.

• Blocking cookies: You can block cookies in your browser settings. Blocking cookies may affect the functionality of our services or prevent you from using, for instance, the login or shopping basket features of our services.

• Preventing the use of Google Analytics: You can prevent the use of the site data in Google Analytics by installing an add-on that blocks Google Analytics here. The add-on stops the Google Analytics JavaScript (ga.js, analytics.js and dc.js) active on websites from sharing information about your accessing the site with Google Analytics.

• Opting out of targeted advertising: Your Online Choices is a website that provides comprehensive information about online advertising and the option to opt out of advertising based on browser use. It is important to bear in mind that, after opting out, you will see the same amount of advertisements as before. They are just not targeted or necessarily within your sphere of interest. You can also influence targeted advertising directly on the third-party website. For example, for Facebook, you can change your advertising settings here.

 

6. Your ways to influence

We implement the following rights within the framework permitted or obligated by the law:

• Right to inspection: You have the right to receive a confirmation that your personal data is processed or not processed. If your personal data is being processed, you have the right to receive a copy of your personal data provided that the disclosure of the data does not materially undermine the rights or freedoms of others.

• Right to rectification and right to erasure: At your request, we will rectify or erase any personal data that is erroneous, incomplete or superfluous with regard to processing. The data will not be erased if it is required, for example, in order to draw up, present or defend a legal claim.

• The transfer of data: At your discretion, the personal data provided by you that we are automatically processing on the basis of your consent or a contract can be transferred either to you or a third party in a machine-readable format.

• Right to object to direct marketing and the related profiling: At any time, you have the right to forbid the disclosure and processing of your data for direct marketing.

• Right to withdraw your consent: You can at any time withdraw your consent.

• Right to object and right to limitation: You can object to processing based on legitimate interest on the grounds of your personal situation. For example, in a situation like this, the processing will be limited while the grounds for objecting to the processing are assessed. The processing can also be limited, for example, if you dispute the validity of the personal data, in which case the processing will be limited until we can ensure the validity of the data. If there is a significant and justified reason for the processing, which supercedes your rights or freedoms, or if the processing of the data is necessary in order to draw up, present or defend a legal claim, we will contact you to continue with processing your data.

• Right of appeal: You can appeal directly to the authorities if your personal data has been processed in breach of this privacy statement or the current legislation. You can find the contact information of the supervisory authority, the Data Protection Ombudsman, here: tietosuoja.fi/en/. However, we would kindly ask you to first get in touch with us in order to settle the matter in a spirit of reconciliation.

In order to implement your rights described above, please contact the address in section 1. You can also object to or withdraw your consent for direct marketing using the link at the end of each message. We ask you to verify your identity in order to ensure that the data is not disclosed to anyone except the data subject.

 

7. Where is the data transferred or disclosed?

For the processing of data, we use subcontractors, such as transport companies, warehouse operators and data system providers, ensuring by means of contractual arrangements that the data is processed in accordance with the current legislation. If we transfer data outside the EU or the EEA, we ensure the adequate protection of personal data, e.g. by making agreements regarding the confidentiality and processing of personal data pursuant to legal requirements, such as the model contract clauses of the EU.

We do not disclose data to third parties for their own independent purposes of use, with the exception of the following cases:

• The authorities: We may disclose personal data in a manner required by a competent authority based on the current legislation.

• SGN Group: We may process or disclose personal data within SGN Group.

• Marketing: We may disclose your personal data to select partners for marketing, unless you have prohibited it.

• Partners: We may disclose your personal data to our partners for their justified purposes, unless you have prohibited it.

• M&A transactions: If we sell, merge or otherwise rearrange our operations, personal data may be disclosed to buyers and their advisors.
• Collection and legal claims: We may disclose your data to select partners for the collection of our receivables or with regard to legal claims.

 

8. How is the data protected?

We use appropriate technical and organizational data security measures to protect personal data from unauthorized processing. The measures include, e.g. the use of firewalls and encryption technologies, appropriate access control, restricted user rights, instructions for the employees involved in personal data processing as well as the careful selection of subcontractors.

 

9. When do we act as a controller?

To the degree that we maintain a Facebook page or a similar social media page or use their functionalities, such as a ‘Like’ button, on our website, we may act as a controller with the service provider in question. For example, via Facebook’s fan pages, we collect statistical information on likes and visits on our Facebook pages, the visibility of our posts as well as the demographic profiles of the persons reached by our posts. In addition, we can see the public information of the persons who liked or commented on our pages, such as their name and profile picture, and other information in accordance with the privacy settings specified by the user on Facebook. To find out more information about the way personal data is processed, please read the privacy statements of Facebook or similar social media services.

        10. Can this privacy statement be subject to changes?

We are continuously developing our services, and we may make changes to this privacy statement. Changes may also be based on changes in the legislation or official guidelines. We recommend reading the privacy statement on our websites on a regular basis.

 

The privacy statement was last updated on 22 March 2021.