7th of July 2023
WHAT PERSONAL DATA DO WE COLLECT?
Personal data is in most cases collected directly from you or generated as part of the use of our services, products and channels. Sometimes additional information is required to keep information up to date or to verify the information that we collect.
In some cases, we also collect and process personal data about persons associated with you, for example employees, beneficial owners, agents, chargors, payers, persons who are in contact with us in respect of a single transaction, and other individuals with whom we interact and collaborate with.
The types of personal data we collect
The categories of personal data that we collect, and use are listed below. We have provided examples of the types of personal data that fall within each category. Please note that the list of examples is not exhaustive. The type of personal data that we collect from you will depend on the service or product we are providing to you as a customer.
- Identification information: such as your unique identification number, full name and IP address.
- Contact information: such as physical address, phone number and e-mail address.
- Financial information: such as the history of the customer relationship between you and us, credit/payment card details, and type of agreement that you have entered into.
- Information related to legal requirements and taxation: such as country of taxation or foreign taxpayer reference, and information required to be collected for customer due diligence and anti-money laundering requirements.
The sources from which we gather your personal data
We collect information you provide directly to us. For example, when becoming a new customer, we collect personal data such as name, national unique identification number, e-mail address and phone number. We also collect debt information to be able to provide you with the product or service in question. We also collect information which you provide to us, such as messages you have sent as feedback or a request in our digital channels.
From third parties
To be able to offer you our products and services and to comply with statutory requirements, we will also collect personal data from third parties, such as publicly available and other external sources. For example, when you apply for a part payment from us, we may collect information from other sources, such as centralised credit information providers which information from other creditors. To ensure your personal data is accurate and up to date, we receive periodic updates of some personal data categories from third parties (e.g. public authorities).
Examples of third-party data sources include:
- Registers held by governmental agencies (such as registers held by tax authorities, company registration offices, enforcement authorities, etc.)
- Financial sanction lists (for example, lists held by international organizations such as the EU and UN as well as national organizations)
- Registers held by credit-rating agencies and other commercial information provider.
- Publicly available data, for example from social media or via search engines. Social media may also share data with us in accordance with your personalised privacy settings in those channels/media.
With your permission, we may send you e-mails regarding our online store, new products and other store-related updates. You can unsubscribe from our mailing list at any time.
Recording of telephone conversations, online meetings and storage of chat conversations
We may record phone calls and chat conversations for documentation of customer requests, verification of orders and security purposes, and to fulfil legal requirements. For example, online meetings, telephone, and chat conversations may be stored to document what happened and was said during the conversation, including any agreements entered into. In some countries, we may use a recording for quality control of services delivered and for improvement of our processes, if allowed by law.
For security purposes, including crime prevention, we may collect log data, have cameras in our branch offices and storage facilities.
Storage of data
We offer a service system and an online shopping platform on which we sell products and services to you. The information collected from our customers is stored in the information system connected to the online store, databases, and the storage space of the platform. Your data is safe, because it is stored behind a firewall and its protection has been taken care of with appropriate technical measures.
HOW DO WE USE YOUR PERSONAL DATA AND WHAT IS THE LAWFUL BASIS FOR DOING SO?
We use and process your personal data on the basis of the legal grounds and purposes described below.
Necessary to perform an agreement with you
One reason we process personal data is to collect and verify the data prior to giving an offer and entering into a contract with you. We also process personal data to document and complete tasks in order to fulfil our contractual obligations towards you, e.g. to provide and administer our products and services to you.
Examples of activities necessary to perform an agreement with you:
- collecting your contact information to provide you with customer service during the contract period, including customer care and customer administration and communication with you
- collecting your identification information and financial information to provide different payment options
In addition to the performance of contract, processing of personal data also takes place for us to fulfil our obligations under law, other regulations or authority decisions.
Examples of processing due to legal obligations:
- Know Your Customer requirements
- Prevention of money laundering and terrorist financing
- Sanctions screening
- Bookkeeping regulations
- Reporting to tax authorities, police authorities, enforcements authorities, and supervisory authorities
We use your personal data where necessary to further our legitimate interests, as long as those legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Examples of our processing based on legitimate interests:
- Marketing, product, and customer analyses. This processing forms the basis for marketing, process-, business- and system development, including testing. This is to improve our product range and to optimize our customer offerings.
- Profiling, for example when conducting customer analysis for marketing purposes.
- Anonymizing financial and demographic data to create statistics to test and develop new products and services. Anonymized and aggregated statistics cannot be linked to an individual.
- Analyses of the use of social media for the purpose of providing better and more targeted marketing and communication, services and advice, including to respond to your comments and provide you with user support.
- Possible establishment, exercise or defense of legal claims and collection procedure.
When you give us your personal data by using our services (for example, verifying your credit card, placing an order, choosing a delivery method or returning a product you ordered), you agree to the collection of your personal data.
There are situations when we will ask for your consent to process your personal data. Information about the purpose, processing activity, types of personal data and your right to withdraw your consent will be provided when you are asked to give us your consent. If you have given consent to processing of your personal data you can always withdraw the consent at any given time.
HOW DO WE USE AUTOMATED DECISION-MAKING?
We may in some cases use automated decision-making if it is authorized by legislation if you have provided an explicit consent or if it is necessary for the performance of a contract. One example is the automated credit approval process in case you choose to apply for a part payment or invoice.
When using automated decision-making we will provide you with further information about the logic involved, as well as the significance and the envisaged consequences to you.
You can always express your opinion about a decision based solely on automated processing, including profiling, if such a decision would produce legal effects (e.g. contract cancellation) or otherwise similarly significantly affect you (e.g. refusal of an online application).
WHO DO WE DISCLOSE YOUR PERSONAL DATA TO?
Your personal data can be shared with others to the extent we are under statutory obligation to do so and to fulfil services and agreements we have with you.
We may share your personal data with others such as authorities, suppliers, payment service providers and business partners. Before sharing, we always ensure that we respect relevant financial industry secrecy obligations.
The reasons your personal data may be disclosed
To provide our services to you, we disclose data about your data that is necessary to identify you and perform an assignment or agreement with companies that we cooperate with. These services include, but are not limited to, secure payment solutions.
For example, we can disclose data in partial payment situations to a financial company or online store payment method service provider. We may also share anonymized data for social and economic research or statistical purposes, where we believe it is in the public interest.
We disclose your personal data to
- Authorities: we disclose personal data to authorities to the extent we are under statutory obligation to do so. Such authorities include tax authorities, police authorities, enforcements authorities and supervisory authorities in relevant countries.
- PTVLABS Group Companies: we disclose personal data internally in the PTVLABS Group with your consent or if this is permitted pursuant to legislation.
- External business partners: we disclose personal data to external business partners with your consent or if this is permitted pursuant to legislation. External business partners include for example vendor partners of finance companies.
- Suppliers: we have entered into agreements with selected suppliers, which include processing of personal data on behalf of us. This can be suppliers of IT development, maintenance, hosting and support.
Third country transfers
In some cases, we may transfer personal data to organizations in so-called third countries (countries outside of the European Economic Area). Such transfers can be made if any of the following conditions apply.
- the EU Commission has decided that there is an adequate level of protection in the country in question, or
- other appropriate safeguards have been taken, for example the use of the standard contractual clauses (EU model-clauses) approved by the EU Commission, or the data processor has valid Binding Corporate Rules (BCR) in place, or
If necessary, we may outsource the processing of personal data to companies outside the company, which can also be located in countries outside the European Union and the European Economic Area, such as the United States. These companies can process personal data to offer, for example, infrastructure and IT services, or other services such as sending newsletters. In such cases, sufficient information security and processing of the register is taken care of by the EU-U.S. - Privacy Shield - by arrangement, or by agreement using model clauses approved by the EU Commission. The personal data to be handed over can be name, address, email address and phone number.
You can access a copy of the relevant EU model-clauses used by us for transfers by going to www.eur-lex.europa.eu.
HOW DO WE PROTECT YOUR PERSONAL DATA?
Keeping your personal data safe and secure is at the center of how we do business.
We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
WHAT ARE YOUR PRIVACY RIGHTS?
You have the following rights in respect of the personal data we hold on you:
Right to request access to your personal data
You have a right to access the personal data we are keeping about you. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for our business concept and business practices.
Right to request correction of incorrect or incomplete data
If the data we are keeping about you is incorrect or incomplete, you are entitled to have the data corrected, with the restrictions that follow from legislation.
Right to request erasure
You have the right to request erasure of your data in the following cases.
- you withdraw your consent to the processing and there is no other justified reason for processing,
- you object to the processing and there is no justified reason for continuing the processing,
- you object to processing for direct marketing,
- processing is unlawful, or
- when processing personal data on minors, if the data was collected in connection with the provision of information society services.
Due to the legislation, we are in many cases obliged to retain personal data on you during your customer relationship, and even after that, e.g., to comply with a statutory obligation or where processing is carried out to manage legal claims.
Right to limitation of processing of personal data
If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data. The processing will be restricted to storage only, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.
If you are entitled to erasure of the data which we have registered about you but the data is necessary for you to defend a legal claim, you may request that we restrict the processing to storage only if you want to keep the data.
Even when processing of your data has been restricted as described above, we may process your data in other ways if this is necessary to enforce a legal claim or you have given your consent.
Right to object to processing based on our legitimate interest
You can always object to the processing of your personal data if the processing is based on our legitimate interest, including direct marketing and profiling in connection to such marketing.
Right to withdraw consent
When the lawful basis for a specific processing activity is your consent, you have a right to withdraw your consent at any given time. Information about your right to withdraw it is provided when you are asked to give us your consent.
Right to data portability
You have a right to receive personal data that you have provided to us electronically or in a machine-readable format. This right applies to personal data processed only by automated means and on the lawful basis consent or of fulfilling a contract. Where secure and technically feasible the data can also be transmitted to another data controller by us.
Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
HOW LONG DO WE PROCESS YOUR PERSONAL DATA?
We will keep your data for as long as they are needed for the purposes for which your data was collected and processed or required by laws and regulations.
The reasons we store your personal data
We keep your data for as long as necessary for the performance of a contract and as required by retention requirements in laws and regulations. Where we keep your data for other purposes than those of the performance of a contract, such as for bookkeeping, we keep the data only if necessary and/or mandated by laws and regulations for the respective purpose.
The data retention obligations will differ within the PTVLABS Group subject to local law.
Example of storage times
Bookkeeping regulations: storing legally required information for up to ten years
Details on performance of an agreement: storing information related to your agreement with us for up to ten years after end of customer relationship.
What are cookies?
- Deliver products and services to our customers and page visitors
- Provide a secure online environment
- Manage our marketing and provide a better online experience
- Monitor the use of our website
- Track our website performance
- Make our website content more relevant to you
The data will not be used to identify individual visitors.
What type of cookies do we use?
We use both session cookies, which are only stored temporarily during the time you visit a site, as well as persistent cookies, which stores a file on your hard disk for a certain period of time. We use different types of cookies on each country-specific website.
These cookies are crucial to the operation of this website. These cookies are for instance needed for security and for supporting functionality such as remembering the visitor’s preferences (that is, language or currency) to ensure that this site performs as intended.
These cookies are used to collect aggregated visit behavior on this website. These cookies enable us to optimize websites based on how visitors use our services, for instance which pages visitors go to most often or which products most visitors engage with. The companies setting these cookies have data processing and contractual agreements in place with us.
These cookies are used to enable functionality from third parties, such as video players, podcasts, and social media features. In addition, these cookies enable us to present tailored advertising in third party media.
Content from third-party providers:
HOW CAN YOU CONTACT US OR THE DATA PROTECTION AUHTORITY?
Albert Edelfeltin rantatie 25
You can also lodge a complaint with or contact the data protection authority in any of the countries where we provide services or products to you.