Privacy Policy of Ifolor Oy, Kerava (Finland)

Privacy Policy of Ifolor Oy, Kerava (Finland)

The ifolor team is delighted to be the chosen one to process your photos. Your satisfaction is our top priority. You can be assured that your photos and personal data will be handled according to data protection acts. This document explains what personal data (i.e., information related to identified or identifiable persons) will be collected from your orders, and how these are processed and used.

1. Collection of personal data

The collection and processing of  data will insofar only be performed when serving the professional processing of your order and the maintenance of the customer relationship. Your data is only used for the purpose for which it was collected and to protect our own legitimate business interests, in accordance with the relevant valid data protection regulations. 

The order software contacts our servers for various reasons. This is necessary, for example, for requesting and updating price information or if an order is placed. Access data is then temporarily saved on our servers, such as current IP address of your access and date and duration of  your visit. This data is deleted no later than in 30 days.

Use and transfer of personal data
We handle your data confidentially as a matter of principle and do not pass them on to third party processors. However, we reserve the possibility to have the data processed by third parties in Switzerland or in EU countries, if so required for the operational processing of orders. In such case, data protection will be ensured by compliance with the privacy protection laws applicable in Switzerland, the EU and in each such country, and by corresponding contracts with our suppliers. Your image data will be automatically deleted no later than 30 days from completion of your orders.

Payment
The electronic payment process is handled by a certified payment service provider Datatrans AG Zürich. Payment information is transmitted directly to the payment service provider and stored there for a limited amount of time for payment processing and for possible complaints or credits. This does not apply to payment by invoice.

To improve what we offer, particular events, such as cancellations of order processes, are included in our order software. The events which are recorded are pseudonymised and transferred to Webtrekk GmbH Robert-Koch-Platz 4, 10115 Berlin, Germany for a statistical analysis (see also: https://www.ifolor.fi/en/gtc/webanalyticpolicy).
The legal basis is our legitimate interest, Art. 6 (1) point f GDPR, to provide you with a smooth order process and to make our website more user-friendly and effective overall.
The applicable Webtrekk Privacy Policy can be found at  https://www.webtrekk.com/privacy-notice.html
You can deactivate the counting and transfer of events at any time.

There is also a campaign evaluation in the order software, using which we can recognise how customers were won. All campaign evaluation data is pseudonymised and statistically evaluated by Adjust GmbH. You can deactivate this at any time. Naturally, we also take the global settings on your device into account.

Ifolor seeks to design the order software process as user friendly and efficient as possible. To this end, the order software requests access to the customer's address book so that personal contacts easily can be used as shipping addresses. This information is not used for any other purposes.

You can transfer image files to us from third-party online services such as Google Photos, not just from your own devices. You do not give us access to your log-in data for these services or to any other data on these services. The application is only granted access to the approved data and images. Images you choose to use within your project will be copied and stored within the app.
To access external third-party online services, you need to link to the respective service from within the app. The app then receives an access permission that is limited to the app and your account with the service provider. The access permission is stored in the app until you log out of the respective service in the app. Alternatively, you can usually terminate the access permission on the website of the respective third-party online service.

Ifolor's customer records only store customer information that the person concerned has provided to Ifolor at the time of order or later. For example, as a subscriber of our newsletter, our technical service provider is Selligent. Information may be disclosed for legitimate use, such as direct marketing. You may prohibit processing and transfer of your information for marketing purposes, as well as inspect your information at any time.

Safety of data and communication
Our database containing your personal data is protected at all times by appropriate technical and organisational measures to prevent its loss and abuse. It is stored in a safe operational environment which is not accessible to the public.

While your personal data are being transmitted under certain circumstances, e. g. during log-in and payment processes, they are encrypted by use of Secure Socket Layer (SSL) technology. This means that a state-of-the-art encryption method applies to the communication between your computer and Ifolor’s servers, provided that your browser supports the SSL (https) technology.

2. Information and Rectification

Ifolor is the data controller of the collected personal data. Upon written request, we will provide you with information on what personal data we have recorded relating to your person.

If we have doubts about the accuracy of the data made available to us, we will verify its accuracy. Should you notice that the data we have processed is inaccurate or no longer up to date, you are entitled to ask us to rectify your data immediately and at no cost.

You have the right to notify us in writing at any time that you do not wish us to process your personal data any longer; provided that we must reserve our right to process data where necessary (e. g. invoicing data).

We reserve to require an appropriate means of identification from you, prior to processing your requests as mentioned above.

Please address such requests exclusively to the following address – this will facilitate our processing thereof:

Via e-mail:
dataprotectionofficer@ifolor.fi
(tietosuojavastaava)

Via postal service:
Ifolor Oy 
Data Protection Officer
Posliinitehtaankatu 1, 
04260 Kerava, Finland

3. Legal bases for our data processing: 

The legal bases of data processing are made up of the regulations within Art. 6 of GDPR, whereby our data processing is predominantly conducted 
- on the basis of consent, Art. 6 No. 1 S. 1 lit. a GDPR 
- for the fulfilment of a contract, Art. 6 No. 1 S. 1 lit. b GDPR 
- for the fulfilment of legal obligations Art. 6 No. 1 lit. c. GDPR and 
- for the protection of legitimate interests, Art. 6 No. 1 lit. f. GDPR. 

4. Your rights as a data subject 

(1) You have the following rights with respect to us regarding your personal data pursuant to GDPR: 
- The right to information, Art. 15 GDPR 
- The right to rectification, Art. 16 GDPR 
- The right to deletion (‘the right to be forgotten’), Art. 17 GDPR 
- The right to restriction of processing, Art. 18 GDPR 
- The right to data portability, Art. 20 GDPR 
- The right to object to processing, Art. 21 GDPR (also see point 5 hereafter). 

(2) In line with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or has an otherwise detrimental effect on you, insofar as the decision 
- is not necessary for entering into, or the performance of, a contract between you as an affected person and us as a data controller, 
- is authorised by a Union or Member State law to which we as the controller are subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests as an affected person, or 
- is based on your explicit consent. 

(3) If you believe that the processing of your data violates data protection regulations, you have the right to register a complaint with a supervisory authority in line with Art. 77 GDPR. The right of appeal may be exercised in particular before a supervisory authority in the Member State where you are staying, or where the suspected violation took place. 

5. Your right to revocation and objection 

Your right to revocation of consent
You have to right to revoke consent that has been granted at any time without this affecting the legality of the previous processing. If the consent is revoked, we will stop the corresponding data processing. 

Your right to revocation in the case of legitimate interests 
Pursuant to Art. 21 GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which are collected on the basis of Art. 6 S. 1 lit. f GDPR. We will then no longer process the personal data unless there are demonstrably compelling reasons for processing which are in need of protection and which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. 

Your right to revocation in the case of direct advertising 
Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data for the purpose of direct advertising, the execution of which leads to the termination of processing for the purpose of direct advertising or safeguarding legitimate interests.

10/2021