Privacy policy

Personal Data File and Controller

This Privacy Policy (referred to as "Privacy Policy") informs why and how we process personal data about customers purchasing products from Vinta.fi (referred to as "you").

What personal data we process?

We collect personal data through different means, which are explained below in more detail. Personal data is mainly collected directly from the User in connection with the customer relationship.

Customer data

The following personal data is processed in connection with the customer relationship:

  • Information of the customers purchasing products provided by us, such as full name, email address, job title, company name;

  • Billing information, such as credit card details, bank account information, payments made, outstanding invoices, and invoices delivered;

  • Customer interaction, such as customer contacts, feedback and complaints; and

Special categories of personal data

We do not process special categories of personal data about our Users.

For what Purpose and with what legal basis we process personal data?

We process personal data for the following purposes:

Product provision based on contractual relationship with us

We process personal data when this is necessary under our contract with our customer, to provide our products and to manage and maintain the customer relationship between us. In this case, the processing is based on the performance of the customer contract.

Personal data is not processed for automated decision-making.

Our legitimate interest

We process personal data to the extent this is necessary to fulfill our legitimate interests, which include our interests to:

  • Effectively manage our relationship with our customers, including responding to queries, providing customer support and sending necessary information relating to our products and services. .

  • Protect the security, availability and integrity of our services and information systems, including by using authentication mechanisms and other security measures, monitoring our systems for security threats, keeping back-ups, and carrying out system maintenance services.

  • Protect our legal rights, including by handling complaints and exercising or defending legal claims.

  • Share personal data with our subsidiaries and service providers to the extent necessary to provide our products and to manage and organize customer service, as well as information security measures within the group in an appropriate and practical way and use shared IT systems within the group.

Legal obligations

We process personal data to comply with legal requirements under applicable laws (e.g. tax and accounting obligations) and with court orders and requests by competent regulatory and governmental authorities.

What personal data we disclose?

We disclose personal data to third parties as follows:

  • to our subsidiaries for the purposes listed under Our legitimate interest heading above;

  • to our third party service providers, including but not limited to delivery service providers, hosting service providers, technology service providers and payment service providers

  • as required or permitted to comply with legal obligations, requests by competent authorities and courts and related legal proceedings;

  • as required to establish, exercise or defend or to protect against legal claims; and

  • to prospective sellers or buyers if we are involved in a merger, acquisition, or sale of all or a portion of our assets.

Do we Transfer personal data outside the EU/EEA?

We store personal data on servers located in the European Union ("EU") provided by Google and Amazon Web Services.

We transfer personal data to our subsidiaries and third party service providers overseas, which may involve the transfer of personal data to countries outside the European Economic Area ("EEA") which have different data protection standards to those which apply in the EEA.

To the extent personal data is transferred to a country outside of the EU/EEA, we will use the required established mechanisms that allow the transfer to our subsidiaries and service providers in those countries, such as the Standard Contractual Clauses approved by the European Commission.

How long will we retain personal data?

We will only retain personal data for as long as necessary to fulfill the purposes defined in this Privacy Policy. The main retention periods are as follows:

  • We retain personal data for the duration of customer relationship and after that as required by legal obligations (e.g. accounting laws) or our contractual rights or obligations (e.g. for invoicing purposes).

  • If a dispute arises or a customer fails to make payment for our products, we may retain relevant information until such dispute is resolved or until such payment is made.

What rights does the user have?

Users have the following rights:

  • The right to request access to personal data about himself/herself;

  • The right to request rectification, restriction or erasure of personal data. However, certain information is strictly necessary in order to fulfil the purposes defined in this Privacy Policy and may also be required by law. Thus, it may not be possible to remove such personal data.

  • The right to object processing, that is based on legitimate interest;

  • The right to object processing for marketing purposes and the right to prevent from receiving future direct marketing;

  • If processing of personal data is based on consent, you have the right to withdraw consent at any time. The withdrawal will not affect the lawfulness of the processing carried out before the withdrawal; and

  • The right to data portability, meaning the right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law. This applies for personal data processed based on contract or the User's consent.

Should you wish to exercise his/her above mentioned rights, please send a request to us at info@vinta.

If you consider the way we are processing your personal data is conducted in an unlawful way or violates this Privacy Policy, you have a right to file in a complaint to your national data protection authority in the EU/EEA. You may also file in a complaint to the data protection authority in any other EU country where you live, work, or where you consider the alleged violation has occurred.

What Security measures have we taken?

We have carried out reasonable technical and organizational measures to secure the personal data processed against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, any physical data is stored in locked facilities and access to automatically processed data is limited by user rights and passwords within our organization.

Please be aware that, although we endeavour to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If we make any changes to this Privacy Policy, we will actively bring it to the attention of yours by using communication channels available to us. The most recent version of this Privacy Policy can be found at this same page.