Privacy Policy

Privacy Policy

KEIKI CUSTOMER PRIVACY POLICY

August 11, 2023

In this privacy policy, we explain how we collect and process your personal data. By continuing to use our website and services, you agree to this Privacy Policy.

Data Controller

The data controller for the register is Keiki Concept Oy (business ID: 3225935-9). The contact person for register matters is: Selman Yildiz / Founder

Keiki Concept Oy Address: Holperinkuja 38, 04680 Hirvihaara

Phone: +358440388303 Email: hello@keikiwood.com

Contact Information for Register Matters

Keiki Customer Service hello@keikwood.com Phone: +358440388303

Purpose and Legal Basis for Processing Personal Data

Personal data is processed for purposes related to managing, administering, and developing the customer relationship, providing and delivering services, as well as for the development and billing of services. Personal data is also processed for handling possible complaints and other claims. Additionally, personal data is processed for customer communication, such as informing and news reporting, and marketing, including direct marketing and electronic direct marketing. The customer has the right to prohibit direct marketing directed at them. The data controller processes the data itself and utilizes subcontractors acting on behalf of and for the account of the data controller. The legal bases for processing personal data are as follows according to the EU General Data Protection Regulation (GDPR):

  • the data subject has given consent to the processing of their personal data for one or more specific purposes (GDPR Article 6(1)(a));
  • processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract (GDPR Article 6(1)(b));
  • processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party (GDPR Article 6(1)(f)). The aforementioned legitimate interest of the data controller is based on a relevant and appropriate relationship between the data subject and the data controller, which arises from the fact that the data subject is a customer of the data controller, and when the processing takes place for purposes that the data subject could reasonably expect at the time of the collection of personal data and in the context of the relevant relationship.

Register Data Content (Processed Personal Data Groups)

The register contains the following personal data from all registered persons:

  • Basic and contact information: first name, last name, address, phone number, email address;
  • Information related to the person's company or other organization and the person's position or job title in the respective company or organization;
  • Direct marketing permissions and prohibitions.

Regular Data Sources

Personal data is collected from the data subject themselves. Personal data is also collected and updated from publicly available sources within the limits of applicable legislation, which relate to the implementation of the customer relationship between the data controller and the data subject and through which the data controller fulfills its obligations related to maintaining customer relationships.

Retention Period of Personal Data

Data collected in the register is retained only as long and to the extent necessary in relation to the original or compatible purposes for which the personal data was collected. The need for data retention is reviewed every five years; in any case, data related to a data subject is deleted from the register six years after the customer relationship with the data controller has ended and the obligations and actions related to the customer relationship have been completed. For example, accounting records are retained for six years from the end of the financial year. The data controller regularly reviews the need for data retention according to its internal policies. In addition, the data controller takes all reasonable steps to ensure that inaccurate, incorrect, or outdated personal data in relation to the purposes of processing are deleted or corrected without delay.

Disclosure of Personal Data to Others

Your personal data may be disclosed within the limits allowed by law to Keiki Concept Oy's partners, to the extent necessary for the customer's given assignment. When using subcontractors or third parties, we ensure that they process personal data in accordance with privacy regulations. This privacy policy covers the use of your data only by Keiki. Please also review our partners' privacy statements:

  • Postal services: Posti
  • Payment services: PayTrail, Klarna
  • Social media: Facebook, Instagram, Google

Data Subject's Rights

The data subject has the following rights under the EU General Data Protection Regulation:

  • The right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where the personal data are not collected from the data subject, any available information as to their source (GDPR Article 15). These basic details (i)-(vii) are provided to the data subject on this form;
  • The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (GDPR Article 7);
  • The right to require the data controller to rectify without undue delay any inaccurate and incorrect personal data concerning the data subject and the right to have incomplete personal data completed, including by means of providing a supplementary statement considering the purposes of the processing (GDPR Article 16);
  • The right to obtain from the data controller the erasure of personal data concerning them without undue delay, provided that (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing; (iii) the data subject objects to the processing based on their particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes; (iv) the personal data have been unlawfully processed; or (v) the personal data must be erased for compliance with a legal obligation in Union or national law to which the data controller is subject (GDPR Article 17);
  • The right to obtain from the data controller restriction of processing where (i) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (iii) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or (iv) the data subject has objected to processing pending the verification of whether the legitimate grounds of the data controller override those of the data subject (GDPR Article 18);
  • The right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, if the processing is based on consent and the processing is carried out by automated means (GDPR Article 20);
  • The right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to them infringes the GDPR (GDPR Article 77). Requests regarding the exercise of the data subject's rights should be addressed to the contact person mentioned in section 1.

Changes to the Privacy Policy

Keiki reserves the right to amend this privacy statement. The latest version of the privacy policy is always available on this page with the publication date. If the changes to the updated statement are significant, we will notify you in a prominent manner at the beginning of the statement and on the keiki.fi homepage.