.png)
This privacy statement describes how HOP IN Oy (3355387-5) processes personal data, what personal data the company collects, for what purposes the data is used, to which parties the data may be disclosed, and how the data subject can influence the processing. This privacy statement is in accordance with the EU General Data Protection Regulation (GDPR).
We reserve the right to make changes and updates to the privacy statement.
1. Contact details
Data controller
HOP IN Oy (3355387-5)
Contact person or data protection officer
Person: Janne Leppänen
Email: janne.leppanen@hop-in.fi
2. Processing and purpose of collecting personal Data
2.1. Basis for processing personal data
We always process your personal data lawfully, fairly, and transparently. We collect and process your information only if we have a legal basis for it. The processing of personal data is based on legal obligations. We collect and use your data only if:
- you have given us permission to use the data for a specific purpose
- it is necessary to fulfill a contract you are a party to, or to implement certain measures at your request before entering into the contract
- it meets a legitimate interest (which is not overridden by your data protection rights), such as investigating abuse, statistical and research work, or protecting our legal rights or interests
3. Purpose and legal basis for processing personal data
3.1. We collect and process personal data for the following purposes:
- For customer relationships
- For customer service
- For customer communications
- For maintaining customer and partnership relationships
- For contractual relationships
- For marketing purposes
- For targeting marketing to customers and potential customers
- For organizing events
- For research
- For statistical purposes
- For reservations and orders of products and/or services
- For producing, maintaining, developing, and quality assurance of services/products
- For ensuring security and preventing and investigating abuse
- For risk management and preventing abuse
- For fulfilling legal obligations
- For business planning and product development
- For monitoring usage
3.2. Personal information is collected from
- From the individual or company providing the data
3.3. The company will process the following information
- Personal or company information
- Contact details
- Billing or payment information
- Information related to customer relationships
- Contract details
- Product and order information
- Customer feedback
- Contacts and communications
- Reclamations and complaints
- Marketing-related consents
- Information related to online behavior
4. Regulatory disclosures of data and data transfers
4.1. We handle data storage and processing with care and ensure data security through firewalls, passwords, and various generally accepted technical methods. Manually maintained records are kept in locked areas with access restricted to unauthorized individuals. Data storage and processing are carried out through service providers with established security. Data is protected with carefully restricted access rights and is processed only for the purpose for which it was collected. All personal data is handled confidentially.
4.2 We do not generally disclose or transfer data to third parties unless explicit consent has been given. Exceptions may include obligations related to legislation or regulatory requirements, which are always assessed on a case-by-case basis. Another exception may be the disclosure of data based on agreements with service providers or subcontractors, who may process the data to deliver the service. In these cases, proper and lawful processing of personal data is ensured through contracts and, if necessary, non-disclosure agreements.
4.3 Data may also be transferred outside the EU or EEA if necessary.
5. Storage of personal data
5.1 Personal data is retained for the duration of the customer relationship and for 10 years thereafter. After the retention period ends, the data will be deleted or anonymized within 6 months. Data may also be deleted upon the customer’s request after the relationship ends. We reserve the right to notify separately of a shorter or longer retention period.
5.2 We do not use personal data for automated decision-making.
6. Data subject rights
6.1. The data subject has the right to access and review their own data. They can request the information to be provided in physical form or electronically.
6.2. Correction and deletion of data
The data subject has the right to request the correction of incorrect or inaccurate data and to request the deletion of their data.
6.3. Data inspection
The data controller actively ensures the removal, correction, and completion of incorrect, unnecessary, incomplete, or outdated personal data in relation to the purpose of processing.
6.4. Data transfer
The data subject has the right to request the transfer of their data to another data controller. They can also request the restriction of their personal data processing in certain situations.
6.5. Objection to the use of data
The data subject has the right to object to the use of their data for certain purposes. They can refuse the disclosure and processing of their data for direct marketing purposes.
6.6. Withdrawal of consent
If the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time. This does not affect the processing carried out before the withdrawal.
6.7. Right to lodge a complaint
If the data subject believes that the processing of their personal data infringes the EU General Data Protection Regulation or national data protection laws and regulations, they have the right to file a complaint with the supervisory authority.
6.8. Requests regarding the rights of data subjects
All requests regarding data subject rights should be made electronically and addressed to the Data Protection Officer. Identity will be verified before data is provided. Requests will be handled within a reasonable time and as soon as possible after the request is made and identity is verified. If the request cannot be accommodated, the data subject will be informed in writing.
Updated 11.6.2024