Privacy policy

Privacy Policy
PRIVACY STATEMENT
KEIKI CUSTOMER PRIVACY STATEMENT
August 11, 2022

In this privacy statement, we explain how we collect and process your personal data. By continuing to use the Website and our services, you accept this Privacy Statement.

Data Controller

The data controller of the register is Keiki Concept Oy (business ID 3225935-9)
The contact person for registry matters is: Selman Yildiz / Founder
Keiki Concept Oy
Address: Holperinkuja 38, 04680 Hirvihaara
Phone: +358440388303
Email: hello@keiki.fi

Contact Information for Registry Matters

Keiki Customer Service
hello@keiki.fi
Phone: +358440388303

Purpose and Legal Basis of Personal Data Processing

Personal data is processed for purposes related to the management, administration, and development of the customer relationship, the provision and delivery of services, and the development and invoicing of services. Personal data is also processed for purposes necessary for resolving potential complaints and other claims.

Additionally, personal data is processed in customer communications such as information and news purposes, as well as in marketing, including direct marketing and electronic direct marketing purposes.
The customer has the right to prohibit direct marketing directed at them.
The data controller processes the data itself and utilizes subcontractors acting on behalf of and for the data controller in the processing of personal data.
The legal bases for personal data processing are the following grounds under the EU General Data Protection Regulation (hereinafter also "GDPR"):
the data subject has given consent to the processing of their personal data for one or more specific purposes (GDPR Article 6(1)(a));
processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR Article 6(1)(b));
processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party (GDPR Article 6(1)(f)).
The aforementioned legitimate interest of the data controller is based on a relevant and appropriate relationship between the data subject and the data controller, resulting from the fact that the data subject is a customer of the data controller, and when the processing occurs for purposes that the data subject could reasonably expect at the time of the collection of personal data and in connection with the relevant relationship.

Content of the Register (Processed Categories of Personal Data)

The register contains the following personal data by default from all registered persons:
the basic and contact information of the person: first name, last name, address, phone number, email address;
information related to the person's company or other organization and the person's position or job title in the said company or organization;
direct marketing permissions and prohibitions of the person.

Regular Data Sources

Personal data is collected from the registered person themselves.
Personal data is also collected and updated, within the limits of applicable law, from publicly available sources related to the implementation of the customer relationship between the data controller and the registered person, and through which the data controller fulfills its obligations related to the maintenance of customer relationships.

Retention Period of Personal Data

The data collected in the register is retained only for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data was collected.
The need for the retention of personal data is assessed every five years; and in any case, the data concerning a registered person is removed from the register six years after the termination of the customer relationship between the registered person and the data controller, and the obligations and actions related to the customer relationship have been completed. For example, accounting records are kept for six years after the end of the financial year.
The data controller regularly assesses the necessity of retaining the data according to its internal code of conduct. Additionally, the data controller takes all possible reasonable measures to ensure that inaccurate, incorrect, or outdated personal data, considering the purposes of the processing, is deleted or corrected without delay.

Disclosure of Personal Data to Third Parties

Your personal data may be disclosed within the limits allowed by law to the partners of Keiki Concept Oy, to the extent necessary for the customer's order. When using subcontractors or third parties, we ensure that the processing of personal data is conducted according to data protection regulations.
This privacy statement covers the use of your data only by Keiki. Please also review the privacy statements of our partners.
– Postal services: Posti
– Payment services: PayTrail, Klarna
– Social media: Facebook, Instagram, Google

Rights of the Data Subject

The data subject has the following rights under the EU General Data Protection Regulation:
the right to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where the personal data are not collected from the data subject, any available information as to their source (GDPR Article 15). These described basic details (i)-(vii) are provided to the data subject with this form;
the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (GDPR Article 7);
the right to require the data controller to rectify inaccurate and incorrect personal data concerning the data subject without undue delay, and the right to have incomplete personal data completed, including by means of providing a supplementary statement considering the purposes for which the data were processed (GDPR Article 16);
the right to have the data controller erase personal data concerning the data subject without undue delay, provided that (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; (iii) the data subject objects to the processing on grounds relating to their particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes; (iv) the personal data have been unlawfully processed; or (v) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject (GDPR Article 17);
the right to have the data controller restrict processing where (i) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (iii) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or (iv) the data subject has objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject (GDPR Article 18);
the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where the processing is based on consent within the meaning of the Regulation and the processing is carried out by automated means (GDPR Article 20);
the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to them infringes the EU General Data Protection Regulation (GDPR Article 77).
Requests concerning the exercise of the data subject's rights should be addressed to the data controller's contact person mentioned in section 1.

Changes to the Privacy Policy

Keiki reserves the right to change this privacy statement. The latest version of the privacy statement can always be found on this page along with the publication date. If the changes in the updated statement are significant, we will notify them prominently at the beginning of the statement and on the homepage of keiki.fi.