Privacy Policy

Metsola Lifestyle Oy Privacy Policy 

Metsola Lifestyle Oy is committed to protecting your privacy. This privacy statement applies to the processing of personal data of our customers, potential customers, partners, and website users.


In this privacy statement, we provide more information on:

  1. Who is the data controller?
  2. What type of data do we process, and where is the data collected from?
  3. For what purposes do we use personal data, and what is the legal basis for processing?
  4. How long do we retain the data?
  5. How are cookies used on the website?
  6. What rights do you have as a registered user? '
  7. To whom are the data transferred and disclosed?
  8. How is the data protected?
  9. When do we act as a joint data controller?
  10. Can this privacy statement be changed? 


We ask you to familiarize yourself with the content of this privacy statement. Please note that our website may contain links to third-party services. If you click on these links and access a third-party service, we encourage you to review the privacy principles applicable on that page.

1. Who is the data controller?

Metsola Lifestyle Oy 

Business ID: 2245002-9 

Juurakkokuja 4, 01510 Vantaa

gdpr@sgn.fi

 

2. What type of data do we process, and where is the data collected from?

We typically process the following data:

  • Consumer customer data: such as name, contact information, communications, billing information, order details, details of purchased products and devices, direct marketing consents and objections, information on pages opened through customer or marketing communication, and other information provided by the data subject.
  • Corporate customer contact data: Name, contact information, title, communications, organization details (e.g., name, business ID, contact information, billing information), order details (e.g., purchased products and devices, including possible serial or registration numbers), information on possible securities, direct marketing consents and prohibitions, and data on websites accessed via customer or marketing communications.
  • Potential customer contact data: Name, contact information, title, organization details (e.g., name, business ID, contact information), and data on websites accessed via customer or marketing communications.
  • Partner contact data: name, contact information, title, and organization details. (e.g., name, business ID, contact information), and data on websites accessed via customer or marketing communications.
  • Website visitor data: Name and contact information provided through contact forms or chat, automatically collected log data, and cookie-collected data on device usage and site interactions as outlined in section 5. Visitors may browse our website without providing personally identifiable information.

We obtain the information of our customers and partners directly from the registered individuals themselves or the organizations they represent, from credit information providers, or from authorities. The information of potential customers is collected from public sources such as the trade register, company websites, professional profiles like LinkedIn, commercial data sources, or through inquiries made via websites.

3. For what purposes do we use personal data, and what is the legal basis for processing?

We process data for the following purposes:

  • Provision of Services and Product Delivery: We use your data to fulfill agreements with you or the organization you represent, enabling communication about agreements, management of your digital customer account, newsletter delivery, billing for products or services, and payment monitoring or collection. This processing is based on the contractual relationship (if you are a direct party) or our legitimate interest in the agreement with your organization.
  • Marketing: We process and may share your information for marketing purposes based on our legitimate interest. Marketing activities, such as targeted advertising using cookies and electronic direct marketing to consumer customers, may also be based on your consent.

We work with partners in marketing and digital advertising. For example, we use Meta’s "Custom Audiences" to target advertising to our existing customers on Meta platforms. Meta's Custom Audiences are created by encrypting your email address or phone number into a browser-based identifier, which is then compared to Meta’s encrypted identifiers. This allows us to target ads to our customers on Meta or create audiences that resemble our customer profiles. We do not receive information about which identifiers end up in the final audience or which identifiers do not match. Similarly, Meta does not know who is behind any specific identifier.

We may carry out similar advertising and marketing with other partners. For more information about third parties and cookies used in digital advertising, see sections 5 and 7 of this privacy notice.

  • Contests and Draws: We organize contests, and prize draws that you can choose to participate in. The processing is based on the consent you provide when entering the contest or draw. You can withdraw your consent at any time, in which case you will no longer be part of the contest or draw. Business development: based on our legitimate interest.
  • Business Development: We process your information to develop our business and services. This processing is based on our legitimate interest.
  • Ensuring Information Security and Investigating Misuse: We process information to ensure information security in accordance with our legal obligations. We may also need to use data to prevent and investigate misuse. Rights protection: for resolving disputes, based on our legitimate interest.
  • Protecting Our Rights: We may need to process personal data to resolve disputes, for example. This process is based on our legitimate interest.
  • Compliance with Legal Obligations: We may be required to retain certain personal data to comply with accounting or other mandatory legislation, such as product liability laws. Occasionally, we may need to carry out correction or recall campaigns as required by authorities. In such cases, the processing is based on compliance with a legal obligation.

To the extent that processing is based on legitimate interest, we believe that processing benefits both you and us. The processing of personal data enables us to provide you with relevant information about our contract or services. Considering the nature of the data and its intended use, we believe that the processing does not conflict with your fundamental rights or freedoms. You can object to marketing at any time. You may also object to other processing based on legitimate interest for reasons related to your personal situation, as described in section 6.


We do not make automated decisions that have legal consequences or otherwise significantly affect you.


4. How long do we retain the data?


Personal data is retained as long as necessary for the purposes described above.

Typically:

  • We retain personal data for as long as the customer or contractual relationship is active (for example, while the contract or direct marketing consent is valid, or until a business customer’s contact person has opted out of marketing) and for approximately two years after its termination, for purposes described in this privacy notice, such as contract management, business development, and marketing.
  • We retain data related to sold equipment for approximately ten years based on product liability; and
  • We retain personal data that may be included in receipts for approximately seven years to comply with accounting obligations.
    Once the retention periods mentioned above have passed, we will delete the data, unless it is necessary to retain it for a longer period, for example, to respond to a legal claim, to comply with regulatory inquiries, or to meet product liability or other mandatory legal requirements.

5. How are cookies used on the website?

We may collect information about users’ devices through cookies and similar technologies. A cookie is a small text file stored on the user's device by the browser, containing a unique, anonymous identifier that helps us recognize and count browsers visiting our site.

Cookies do not move independently on the internet but are placed on the user’s device when they visit our website. Only the server that sent the cookie can read and use it later. Cookies or similar technologies do not harm your device or files, nor can they be used to run programs or spread malware.

Cookies help us collect technical information about your device and details of your use of our website, including:

  • Device information, such as device type, browser version, screen size, operating system, and IP address.
  • A unique cookie or mobile identifier.
  • Website usage data, such as page views, session times, navigation details, and content viewed (e.g., articles or e-commerce products).

We use session cookies, which expire when you close your browser, and persistent cookies, which remain on your device for a set time or until you delete them. Persistent cookies typically last from a few months to several years.

Our site uses first-party cookies (set by the site’s domain) and third-party cookies from partners, such as ad tech providers and social media services.

Cookies are categorized by purpose:

  • Necessary cookies: Required for our services and features, such as login, chat, and shopping cart functionality.
  • Analytics cookies: These cookies collect data on how our site is used. For example, we use Google Analytics to analyze site usage and improve our website. Google Analytics cookies send data to Google servers worldwide, which may process the data outside your country. Using the data, Google provides us with reports on site usage and Internet statistics. Google may share data with third parties if required by law or when third parties process data on Google’s behalf. Google’s privacy policy is available here: https://policies.google.com/privacy?hl=en-US
  • Advertising cookies: These cookies are used to target ads across the internet, typically set by third parties. Some of these third parties act as independent controllers; more details are in their privacy policies. For instance, Google and Facebook place advertising cookies.

 

You can manage cookies in the following ways:

  • Blocking cookies: Upon arriving on the site, you can choose which cookies to accept. You can also block cookies in your browser settings, but this may affect our services’ functionality.
  • Deleting cookies: You can delete or clear cookies in your browser settings, resetting any profile linked to a previous identifier.
  • Disabling Google Analytics: You can prevent your data from being used by Google Analytics by installing a browser add-on to block it. This add-on stops the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing visit data with Google Analytics.
  • Blocking targeted advertising: The Your Online Choices website offers extensive information on online advertising and the option to disable interest-based advertising. After opting out, you will still see ads, but they may not be relevant to you. You can also manage ad preferences on specific third-party sites. For example, Meta’s ad settings are available here.


6. What rights do you have as a registered user?

In accordance with applicable laws, you have the following rights:

  • Right of Access: You have the right to confirm whether or not your personal data is being processed. If your data is processed, you can request a copy, provided this does not adversely affect the rights and freedoms of others.
  • Right to Rectification and Erasure: Upon request, we will correct or delete inaccurate, incomplete, or unnecessary data for the processing purpose. Data will not be deleted if needed for establishing, exercising, or defending a legal claim.
  • Right to Data Portability: You can request a transfer of your personal data, which we process automatically based on your consent or contract, to yourself or a third party in a machine-readable format.
  • Right to Object to Direct Marketing and Profiling: You can opt out of your data being used or shared for direct marketing at any time.
  • Right to Withdraw Consent: You can withdraw your consent at any time.
  • Right to Object and Restrict Processing: You may object to processing based on legitimate interest due to personal reasons. Processing can be restricted while your objection is being evaluated. Processing may also be restricted if you dispute the accuracy of the data, in which case processing will be limited
    until we can confirm the data's accuracy. If a compelling legitimate reason for
    processing exists that outweighs your rights or if processing is necessary for establishing, exercising, or defending a legal claim, we will inform you before continuing.
  • Right to Lodge a Complaint: If your data has been processed in violation of this privacy policy or applicable laws, you can lodge a complaint with the supervisory authority. The Data Protection Ombudsman’s contact details are available at www.tietosuoja.fi. However, we kindly ask that you first contact us to resolve the issue amicably.

To exercise these rights, please contact us using the address provided in section 1. In our online stores, you can review and manage your data yourself.

You may also object to direct marketing or withdraw consent via the link provided in each message. We may ask you to verify your identity to ensure information is only disclosed to the registered data subject.

7. To whom are the data transferred and disclosed?

We use subcontractors for data processing, such as transport companies, warehouse operators, and IT service providers. We ensure, through contractual arrangements, that data is handled in compliance with applicable laws. If we transfer data outside the EU or EEA, we ensure adequate data protection, including confidentiality and processing agreements as required by law, using tools like the EU’s standard contractual clauses.

We do not disclose data to third parties for their independent purposes, except in the following cases:

  • Authorities: We may disclose personal data to competent authorities as required by current legislation.
  • SGN Group: We may process and share data within the SGN Group.
  • Marketing: We may disclose your data to selected partners for marketing purposes unless you have opted out.
  • Partners: We may share your data with partners for their legitimate purposes unless you have opted out.
  • Corporate Restructuring: In the event of a sale, merger, or reorganization, personal data may be disclosed to buyers and their advisors.
  • Debt Collection and Legal Claims: We may share your data with selected partners for debt collection and legal claims.

8. How is the data protected?

Your personal data is handled confidentially and securely. All employees processing your data are contractually bound to confidentiality. We use role-based access control, meaning employees can only access data necessary for their role and job duties. The networks and services our employees use are protected by appropriate security measures.

In line with our data breach policy, we assess any potential privacy risks and report them to the Data Protection Ombudsman and to you if necessary. We also provide regular training to employees to ensure personal data is handled appropriately.

9. When do we act as a joint data controller?

When we manage a page on Meta or similar social media platforms, or utilize their functionalities, such as a “like” button on our website, we may act as joint controllers with that service provider. For example, through Meta fan pages, we collect statistics on page likes, visits, post visibility, and demographic profiles of people reached by our posts. We also view public information of users who like or comment on our pages, such as their name and profile picture, as permitted by their Meta privacy settings. For more information on data processing, refer to Meta’s or the relevant social media platform's privacy policy.

10. Can this privacy statement be changed?

We continually develop our services and may update this privacy policy. Changes may also be made to reflect updates in legislation or regulatory guidance. We recommend reviewing this privacy policy regularly on our website.

The privacy statement was last updated on April 4th, 2025.


Date: April 4th, 2025
Description of changes: Privacy statement updated and clarified regarding retention periods, cookies, and personal data management