Privacy policy

Date: 7th July 2024

GENERAL

The data controller responsible for processing your personal data is PTVLABS Oy (hereinafter “PTVLABS”). Our company is committed to safeguarding individual rights and keeping your personal data secure. This Privacy Notice explains what information about you PTVLABS collects and why, how personal data are stored and disclosed, and what your privacy rights are.

PTVLABS processes personal data for several reasons. In this Notice, “you” refers to customers, prospective customers or employees of our customers. It may also refer to other relevant parties such as beneficial owners, authorised representatives, directors, shareholders and responsible officers. “we” or “the Company” refers to PTVLABS and any companies directly or indirectly owned or controlled by PTVLABS.

WHAT PERSONAL DATA DOES PTVLABS COLLECT?

Personal data are most often collected directly from you or generated through your use of PTVLABS’s products, services and channels. From time to time, we may need additional information to keep our records up to date or to verify the accuracy of the data we already hold.

For example, when you purchase something from our online store, we collect information such as your name, telephone number, address and email address as part of the transaction. When you merely browse our webshop, we automatically receive your device’s IP address, the browser you are using and your device’s operating system.

In certain cases, PTVLABS also collects and processes personal data relating to persons connected to you, such as employees, beneficial owners, representatives, payers and other individuals with whom we communicate and cooperate.

Below are the categories of personal data we collect and use, together with illustrative examples. The examples are not exhaustive; the type of data we collect depends on the service or product we provide to you.

Types of personal data:

  • Identification data: e.g. national identification number and full name.
  • Contact details: e.g. address, telephone number and email address.
  • Customer relationship data: e.g. your customer history.
  • Data for statutory and tax purposes: e.g. country of taxation or foreign tax identification number and information required for Know-Your-Customer (KYC) and Anti-Money-Laundering (AML) purposes.

Sources of the personal data we collect

From you

Some of the personal data collected by PTVLABS are obtained directly from you. For instance, we collect identification data such as name and national ID, email address and telephone number from new customers. When invoicing is requested, we may also need to obtain credit information in order to offer the product or service on invoice. We also collect information from messages you send us via our digital channels, such as feedback or inquiries.

From third parties

We also collect personal data from third parties, including publicly available sources and other external sources, in order to provide our products and services to you and to meet legal requirements. For example, when you request to pay by invoice, we may collect credit-related information from external sources such as central credit registers that hold data on your payment behaviour.

Examples of third-party data sources:

  • Registers maintained by public authorities (e.g. tax authorities, company registers, enforcement authorities).
  • Sanctions lists (e.g. lists maintained by international organisations such as the EU and UN, as well as national authorities).
  • Credit registers and other commercial information providers that supply data on payment defaults.
  • Payment-related data from money-transfer service providers, merchants, banks, payment-service providers and similar entities.
  • Social media (e.g. information that is publicly available on social-media platforms or via search engines; social-media channels may also share information with us in accordance with the privacy settings you have chosen in those channels).

Email marketing

With your consent, we may send you emails about our webshop, newly offered products and other store-related updates. You may unsubscribe at any time through the link provided in our emails or by contacting our customer service.

Recording of calls, online meetings and chat services

Telephone calls and chat conversations may be recorded for the purposes of documenting customer requests, confirming instructions, ensuring security, preventing fraud and fulfilling statutory requirements. For example, online meetings, calls and chat sessions may be recorded so that we have a record of what happened, what was said and any agreements made.

Surveillance

For security reasons and to prevent crime, we may use surveillance cameras in our premises.

Storage of collected data

We provide an e-commerce platform through which we sell products and services to you. Data collected from our customers are stored in systems, databases and platform storage associated with the webshop. Your data are protected by appropriate technical measures and are kept behind firewalls.

HOW DOES PTVLABS USE YOUR PERSONAL DATA AND ON WHAT LEGAL GROUNDS?

Performance of a contract

One purpose of processing personal data is to collect and verify information before making an offer or entering into a contract or transaction. We also process personal data to document and fulfil our contractual obligations to you, e.g. to provide and manage our products and services.

Examples of processing activities required for performance of the contract with you:

  • Collecting your contact information so we can deliver your order and provide customer service, including support, relationship management and communication with you.
  • Collecting your financial information to enable invoicing as a method of payment.

Legal obligations

In addition to performing our contractual obligations, we must process personal data to comply with duties set out in laws, regulations and official decisions.

Examples of legal obligations that require personal-data processing:

  • Customer due diligence (KYC).
  • Prevention of money laundering and terrorist financing.
  • Sanctions screening.
  • Accounting regulations.
  • Reporting to tax, police, enforcement and supervisory authorities.

Legitimate interest

Where necessary, we use your personal data to pursue our legitimate interests, provided that your interests or fundamental rights and freedoms do not override those interests.

Examples of processing based on legitimate interest:

  • Marketing, product and customer analyses. Marketing activities and the development (including testing) of processes, business operations and systems rely on personal-data processing so that we can improve our product range and optimise the services we offer to customers.
  • Profiling for customer analyses carried out for marketing purposes.
  • Anonymising financial and demographic data to compile statistics for product and service testing and development. Anonymised and aggregated statistics cannot be linked to an individual.
  • Analysing social-media usage so that we can provide better targeted marketing, communication, services and advice, respond to comments and deliver customer service.
  • Establishing, exercising or defending legal claims and debt-collection procedures.

Consent

By providing us with personal data while interacting with our webshop (e.g. validating your credit card, placing an order, selecting a delivery method or returning a purchased item) you consent to our collecting and using those data for that specific reason only.

If we require personal data for any secondary purpose, such as marketing, we will ask you directly for your explicit consent or provide you with an opportunity to refuse.

Whenever PTVLABS requests your consent, the request will include information about the purpose of processing, the nature of the processing, the type of personal data involved and your right to withdraw consent. If you have given consent, you may withdraw it at any time.

HOW DO WE USE AUTOMATED DECISION-MAKING?

We may use automated decision-making in certain cases where permitted by law, where you have given explicit consent, or where it is necessary for the performance of a contract. An example is the credit-granting process when invoice payment is chosen at checkout.

If automated decision-making is used, we will provide you with additional information on the logic involved, as well as the significance and potential consequences for you.

You may always express your opinion about a decision based solely on automated processing, such as profiling, if that decision produces legal effects concerning you (e.g. termination of a contract) or significantly affects you in a similar way (e.g. refusal of invoice payment).

TO WHOM DOES PTVLABS DISCLOSE PERSONAL DATA?

We may disclose your personal data to others to the extent required by law and as necessary for providing our services and complying with contracts.

Recipients may include public authorities, goods and service suppliers, payment-service providers and business partners. Before any disclosure, we always ensure that applicable confidentiality obligations are observed.

When can your personal data be shared?

We disclose information required for identity verification and for performing a transaction or contract to companies with which we cooperate in order to provide our services. Such services include secure payment solutions.

For example, in instalment-payment situations we may share data with a finance company or the webshop’s payment-solution provider. We may also share anonymised data for social or economic research or statistical purposes if we consider it to be in the public interest.

We disclose personal data to the following recipients

  • Authorities: We disclose personal data to authorities to the extent required by law. These authorities include, for example, tax, police, enforcement and supervisory bodies.
  • Within PTVLABS: We disclose personal data within PTVLABS with your consent or in accordance with applicable law.
  • External business partners: We disclose personal data to external business partners with your consent or in accordance with applicable law. External partners include payment-solution providers and finance-selling partners.
  • Suppliers of goods and services: We have concluded agreements with selected suppliers who process personal data on behalf of PTVLABS, for example providers of software development, maintenance, server and IT-support services.

Transfers of data to third countries

As a rule, PTVLABS does not transfer personal data to so-called third countries, i.e. outside the European Economic Area (EEA).

In exceptional circumstances, a transfer may be made if it is necessary for the performance of a contract or if you have given consent. Even in such cases, transfers may only take place if one of the following conditions is met:

  • The European Commission has decided that the third country in question ensures an adequate level of data protection.
  • Appropriate safeguards are in place, for example by using the European Commission’s Standard Contractual Clauses or by ensuring that the recipient company has binding corporate rules.

Where necessary, PTVLABS may outsource the processing of personal data to companies outside the EU/EEA, such as the United States, for example to obtain infrastructure and IT services or to send newsletters. In such cases, adequate data security and processing are ensured through mechanisms such as the EU–U.S. Privacy Shield framework or the European Commission’s Standard Contractual Clauses. Personal data disclosed may include name, address, email address and telephone number.

You can obtain a copy of the Standard Contractual Clauses used by PTVLABS for data transfers from eur-lex.europa.eu.

HOW DOES PTVLABS PROTECT PERSONAL DATA?

Protecting personal data is at the core of our business.

We have implemented appropriate technical, organisational and administrative security measures to protect all data in our possession against loss, misuse, unauthorised access, disclosure, alteration and destruction.

For example, when you provide credit-card details in connection with a payment, the data transfer is encrypted using secure SSL technology. We also comply with PCI-DSS requirements and employ other industry-standard safeguards.

What are your privacy rights?

You have the following rights regarding the personal data held by PTVLABS:

  • Right of access to your personal data.
  • Right to inspect the personal data we hold about you.
  • Right to request rectification of inaccurate or incomplete data.
  • Right to request erasure of data.

You have the right to request erasure of your data if:

  • You withdraw your consent and there is no other lawful basis for the processing.
  • You object to the processing and there are no overriding legitimate grounds for continued processing.
  • You object to processing for direct-marketing purposes.
  • The processing is unlawful.
  • The data concern a minor collected in relation to the offer of information-society services.

In certain cases, we are legally obliged to retain your personal data for the duration of the customer relationship and even afterwards, for example where required to comply with legal obligations or to handle legal claims.

Right to restrict processing

If you dispute the accuracy or lawfulness of the data we have recorded, or if you have objected to processing, you may request that we restrict processing to storage only until the accuracy of the data has been verified or it has been established whether our legitimate interests override yours.

If you are entitled to erasure but need the data to defend a legal claim, you may request that PTVLABS restrict processing to storage.

Even where processing has been restricted as described above, PTVLABS may still process your data in other ways if necessary for the establishment, exercise or defence of legal claims, or if you have given consent.

Right to object to processing based on legitimate interest

You always have the right to object to processing of your personal data based on PTVLABS’s legitimate interests, including processing for direct-marketing purposes or profiling related to direct marketing.

Right to withdraw consent

Where processing is based on your consent, you may withdraw that consent at any time. Whenever PTVLABS requests your consent, the request includes information about your right to withdraw it.

Right to data portability

You have the right to receive the personal data you have provided to us in a machine-readable format. This right applies to data processed solely by automated means and on the basis of consent or performance of a contract. Where technically feasible and secure, the data can also be transferred directly from us to another controller.

If you wish to exercise the above rights, your requests will be evaluated on a case-by-case basis. Please note that we may retain and use your data where necessary to comply with legal obligations, resolve disputes or enforce agreements.

How long does PTVLABS retain personal data?

We retain your data for as long as necessary for the purpose for which they were collected and processed, or for as long as required by laws and regulations.

Reasons for retaining your personal data

We keep your data for as long as they are needed to perform the contract and as long as laws and regulations impose retention requirements. If we retain data for purposes other than contract performance, such as accounting, we keep them only to the extent necessary for that purpose and/or as required by law.

Examples of retention periods

Accounting legislation: statutory data may be stored for up to 10 years.

Data relating to contract performance: information concerning your contract with PTVLABS may be stored for up to 10 years after the customer relationship ends.

Cookies

PTVLABS uses cookies. Performance, functionality and marketing cookies are not used unless you have consented to their use. You have the right to block cookies altogether, but please note that restricting cookies may affect the functionality of the website.

What are cookies?

Cookies are small text files containing letters and numbers that are stored on your computer or device. They are set when you visit a website that uses cookies and can be used to track the pages you visit, help you pick up where you left off, and remember preferences such as language settings.

By using our websites, you accept the use of cookies. Below we explain how declining cookies will affect your experience.

Why do we use cookies?

We use cookies and similar technologies to:

  • Provide products and services to our customers and website users.
  • Ensure a secure online environment, including fraud and unauthorised-use prevention.
  • Carry out marketing activities and enable a better online customer experience.
  • Monitor usage of our website.
  • Track analytics for our website.
  • Provide you with content that is as relevant as possible.

The data are not used to identify individual persons.

What types of cookies does PTVLABS use?

PTVLABS uses both session cookies, which are stored on your computer only while you are visiting the website, and persistent cookies, which store a file on your computer for a specific period.

Information about the cookies we use is presented transparently so that you can see which cookies are active to improve your browsing experience and make an informed decision about enabling them. If you wish to manage or delete cookies, you can do so in your browser settings.

In some cases, the use of cookies may involve the processing of personal data. We have implemented appropriate technical, organisational and administrative safeguards to protect all information.

Necessary

Necessary cookies are critical for the functions of PTVLABS’s website. These cookies are required for security and to support certain features, such as remembering a visitor’s preferences, including language settings, thereby ensuring that the website functions as intended.

Statistics

Statistics cookies are used to collect information on the general use of PTVLABS’s website. They enable us to optimise the website based on how visitors use the services, for example which pages are visited most often or which products most visitors view.

Marketing

Marketing cookies help us improve the user experience of our site. These cookies enable third-party functionalities such as videos, podcasts and social-media features. In addition, they allow PTVLABS to display tailored advertising in third-party media.

Third-party content

PTVLABS may display third-party content on its website in order to provide various functions such as YouTube videos, SoundCloud podcasts and Twitter posts. These third parties often use cookies and therefore receive and process information on how you use their services. PTVLABS does not control data collected by third parties in such cases. You can read more about how these third parties use cookies and process personal data on their own websites.

How can you contact PTVLABS or the Data Protection Ombudsman?

If you have any questions about this Privacy Notice, are dissatisfied with how we process your personal data, or wish to exercise the rights described above, you can contact PTVLABS by email or letter:

Ptvlabs Oy (3357783-4)

Albert Edelfeltin rantatie 25,
06400 Porvoo, Finland

info@ptvlabs.com

Complaint to the Data Protection Ombudsman

You may also lodge a complaint with or contact the Office of the Data Protection Ombudsman. Contact details are available on the Ombudsman’s website.

Changes to this Privacy Notice

We continuously improve and develop our services, products and websites, so this Privacy Notice may be updated from time to time. If significant changes are made, we will provide notice where required by applicable law.