Privacy statement

Privacy statement

Effective date 07.02.2023

GENERAL

The controller handling your personal data is Saaren Taika / Topaz Oy (hereinafter "Topaz"). Our company is committed to protecting the rights of individuals and keeping your personal information safe. This Privacy Policy helps you understand what information about you Topaz collects and why, how personal information is stored and disclosed, and what your privacy rights are.

Topaz processes personal data for several reasons. In this statement, "you" refers to customers, potential customers or employees of our customers. It may also refer to other interested parties such as beneficial owners, authorized representatives and directors, shareholders and officers. In this statement, "we" or "the company" refers to Topaz and all possible companies that are directly or indirectly owned or controlled by Topaz Oy.

WHAT PERSONAL INFORMATION DOES TOPAZ COLLECT?

Personal data is mostly collected directly from you or obtained from the use of Topaze products, services and channels. We sometimes need additional information to keep the information up to date or to ensure the accuracy of the information we receive.

For example, when you buy something from our online store, as part of the purchase and sale transaction, we collect information such as your name, phone number, address and email address. On the other hand, when you browse our online store, we automatically receive the IP address of the device you use for the browser, the internet browser you use and the operating system of the device you use.

Topaz also collects and processes personal data of people in your close circle in some cases. Such persons are, for example, employees, beneficial owners, representatives, payers and other persons with whom we are connected and with whom we cooperate.

The personal data groups to which we collect and use data are listed below. Examples of personal data belonging to each group are given. Note that the examples do not cover all situations. The type of personal data we collect from you depends on the service or product we offer you as a customer.

Data types of personal data:

  • Identification information: for example personal identification number and full name
  • Contact information: for example, address, phone number and email address
  • Customer-related information: for example, your customer history
  • Information related to statutory requirements and taxation: country of taxation or foreign tax registration number and any information related to the duty to know the customer and prevention of money laundering

Sources of Personal Information We Collect

From you

We receive some of the personal data collected by Topaze directly from you. For example, we collect personal data from new customers such as name and social security number, email address and phone number. In billing situations, we may also have to collect credit information so that we can offer the customer the product or service in question on the invoice. We also collect information about the messages you send us through our digital channels, such as feedback or requests.

From third parties

We also collect personal data from third parties, such as publicly available data and data from other external sources, in order to be able to offer you our products and services and to meet legal requirements. For example, when you request the option to pay by invoice, we may collect information related to invoicing from other sources, such as centralized credit information registers that contain information about your payment behavior.

Examples of third-party data sources:

  • Registers maintained by authorities (for example tax administration registers, company registers and enforcement authority registers)
  • Lists of economic sanctions (for example, lists maintained by international organizations such as the EU and the UN, as well as national organizations)
  • Credit data registers and other commercial data brokers that provide information on, for example, payment default entries
  • Information related to payment orders from money transfer service providers, shops, banks, payment service providers and other similar parties
  • Social media (for example, publicly available information from social media or search engines. Social media may also disclose information to us in accordance with the privacy settings you use on the relevant channels/media.

Email marketing

If we receive your permission, we may send you e-mails regarding our online store, new products for sale, and other store-related updates or feedback surveys. The feedback you leave may be used in our marketing. You can unsubscribe from our mailing list at any time. You can do this in connection with e-mails received from us or by contacting our customer service.

Recording calls, online meetings and chat services

Calls and chat conversations can be recorded for documentation purposes of customer requests, to confirm assignments, to ensure security, to prevent fraud and to meet legal requirements. For example, online meetings, phone calls and chat conversations can be recorded so that we know what happened and what was said in the conversation, as well as what agreements were made.

Video surveillance

For security reasons and to prevent crimes, we may have surveillance cameras in our offices, stores and warehouses.

Storage of collected data

We offer an online shopping platform on which we sell products and services to you. The information collected from our customers is stored in the information system connected to the online store, databases and the storage space of the platform. Your data is safe, because it is stored behind a firewall and its protection has been taken care of with appropriate technical means.

HOW DOES TOPAZ USE YOUR PERSONAL DATA AND ON WHICH LEGAL BASIS?

Implementation of the contract

One purpose of processing personal data is to collect and verify personal data before making an offer and contract or transaction. We also process personal data so that we can document and fulfill our contractual obligations towards you, e.g. to offer you our products and services and to administer them.

Examples of processing operations required for the execution of the contract with you:

  • collecting your contact information so that we can deliver your order and provide you with customer service, including customer support and customer relationship management and communicating with you
  • collection of your financial information to issue an invoice

Legal Obligations

In addition to the implementation of the agreement, compliance with the obligations defined in the law, regulations and official decisions requires us to process personal data.

Examples of statutory obligations that require the processing of personal data:

  • know-your-customer obligation (KYC)
  • prevention of money laundering and terrorist financing
  • forcing checks
  • accounting regulations
  • reporting to tax, police, enforcement and supervisory authorities

Legitimate interest

If necessary, we use your personal data to fulfill our legitimate interests, if your interests or fundamental rights and freedoms do not override such interests.

Examples of processing personal data based on a legitimate interest:

  • Marketing, product and customer analyses. Marketing activities, development of processes, business and systems, including testing, are based on the processing of personal data. This way we can improve our product range and optimize the services offered to customers.
  • Profiling, for example, for customer analyzes performed for marketing purposes
  • Anonymization of financial and demographic data so that we can compile statistics for testing and development of products and services. Anonymized and aggregated statistics cannot be linked to a single person.
  • Analyzing the use of social media so that we can offer better and more targeted marketing and communication as well as services and advice, respond to comments and provide customer service.
  • Possible preparation, presentation or defense of a legal claim and collection procedure.

Consent

When you give us your personal data when doing business in the online store (for example, verifying your credit card, placing an order, choosing a delivery method or returning a product you ordered), you agree to the collection of your personal data.

If we need personal information for something other than the aforementioned activities, such as for example marketing, we will ask your permission either directly or give you the option to refuse to provide information.

If Topaz requests your consent, the request contains information about the purpose of the data processing, the processing, the type of personal data and your right to withdraw your consent. If you have given your consent to the processing of personal data, you also always have the right to withdraw your consent at any time.

HOW DO WE USE AUTOMATED DECISION MAKING?

We may use automated decision-making in some cases, if the legislation allows it or if you have given your separate consent to it, or if it is necessary for the execution of the contract. An example of such a case is the credit granting process in payment transactions concerning the invoice option.

If we make use of automated decision-making, we will give you more information about the logic of the automatic processing and its meaning and possible consequences for you.

You can always express your opinion about a decision based solely on automated processing, such as profiling, if the decision in question has legal effects on you (e.g. termination of the contract) or if the decision affects you in a similar way significantly (e.g. rejection of the invoice payment option).

WHO DOES TOPAZ PROVIDE PERSONAL INFORMATION TO?

We can hand over your personal data to others to the extent required by law and the provision of services and compliance with contracts.

We may disclose your personal data to other parties, such as authorities, companies belonging to the group, suppliers of goods and services, payment service providers and business partners. Before handing over information, we always ensure that we comply with applicable confidentiality obligations.

When can your personal data be shared?

We hand over the information necessary to verify your identity and to execute the order or contract to the companies we cooperate with in order to offer our services. These services include, for example, secure payment method solutions.

For example, we can hand over information in partial payment situations to a financial company or online store payment method service provider. We may also share anonymized information for social and economic research or statistical purposes if we consider it to be in the public interest.

We transfer personal data to the following recipients

  • Authorities: We hand over personal data to authorities to the extent required by law. These authorities include, for example, tax, police, enforcement and supervisory authorities.
  • Companies belonging to the Topaz group: We hand over personal data within the group with your consent or in accordance with legislation.
  • External business partners: We transfer personal data to external business partners with your consent or in accordance with legislation. External business partners are, for example, providers of payment method solutions and partners who sell financing.
  • Suppliers of goods and services: We have entered into agreements with selected suppliers of goods and services, which include the processing of personal data on behalf of Topaz. Such agreements have been made, for example, with suppliers offering software development, maintenance, server and IT support services.

Data transfers to third countries

Topaz does not, in principle, transfer personal data to organizations outside the European Economic Area, i.e. so-called third countries, or to organizations operating in them.

In special situations, an exception can be made if, for example, the implementation of the contract requires it or you have given your consent to the transfer of the data in question. Even in special situations, such data transfers can only be carried out if one of the following conditions is fulfilled:

  • The EU Commission has decided that the level of data protection in that country is sufficient.
  • Other appropriate protective measures have been put in place, for example by following model contract clauses approved by the EU Commission or by ensuring that the company processing the data has valid binding rules for the company. You can get a copy of the EU Model Contractual Clauses used by Topaz for data transfer at www.eur-lex.europa.eu.

HOW DOES TOPAZ PROTECT PERSONAL DATA?

Protecting personal data is at the core of our entire business.

We have appropriate technical, organizational and administrative security procedures in place to protect all information in our possession against loss, misuse, unauthorized use, disclosure, modification and destruction.

For example, when you give us your credit card information in connection with a payment transaction, the data transfer is encrypted using secure SSL protocol technology. We also comply with PCI-DSS requirements and use other generally accepted standards in the industry.

What are your privacy rights?

You have the following rights in relation to your personal data held by Topaz:

  • The right to request access to your personal data
  • You have the right to access your personal data in our possession.
  • The right to request correction of incorrect or incomplete information
  • If your personal data in our possession is incorrect or incomplete, you have the right to request that the data be corrected, unless restricted by legislation.
  • The right to request data deletion

You have the right to request the deletion of your data in the following cases:

  • You withdraw your consent to data processing and there is no other justified reason for the processing
  • You oppose the processing of the data and there is no justified reason for continuing the processing
  • You object to data processing for direct marketing purposes
  • Data processing is against the law
  • This is the personal data of a minor, which has been collected in connection with the provision of information society services
  • Due to the legislation, in some cases we are obliged to keep your personal data during the customer relationship and even after, when data processing is necessary, for example, to comply with legal obligations or to process legal claims.

The right to restrict the processing of personal data

If you dispute the correctness of the data we have registered or the legality of data processing, or if you have objected to data processing in accordance with your rights, you can ask us to limit the processing of your personal data. In this case, data processing is limited to only storing the data until the correctness of the data has been verified or it has been possible to check whether our legitimate interests take precedence over your interests.

If you are entitled to delete the data we have registered, but you need it to defend a legal claim, you can ask Topaz to limit the processing of the data to the retention of the data. Even if the processing of your data is restricted as described above, Topaz may still process your data in other ways if it is necessary to enforce a legal claim or if you have given your consent.

The right to object to the processing of personal data that is fundamental to our legitimate interest

You always have the right to object to the processing of your personal data if it is based on a legitimate interest of Topaz, including processing for direct marketing purposes or profiling related to direct marketing.

Right to withdraw consent

When the legal basis for data processing is your consent, you have the right to withdraw your consent at any time. When Topaz asks for your consent, the request includes information about the right to withdraw your consent.

Right to data portability

You have the right to receive the personal data you give us in a machine-readable format. This right applies to personal data that has been processed only automatically and on the basis of consent or the execution of a contract. The data can also be transferred from us to another data controller, if it is safe and technically possible.

If you want to use your rights listed above, requests will be evaluated on a case-by-case basis. Please note that we may also retain and use your information if it is necessary to comply with legal obligations, resolve disputes or enforce agreements.

How long does Topaz keep personal data?

We keep your data as long as it is needed for the purpose for which it was collected and processed, or as long as required by law and regulations.

Reasons why we keep your personal data

We will keep your data as long as it is needed to implement the contract and as long as the data retention requirements according to laws and regulations require it. If we store your data for purposes other than the execution of the contract, such as accounting, we only store data if it is necessary for the purpose in question and/or the law and regulations require it.

Examples of retention periods

  • Accounting regulations: information required by law is stored for up to 10 years. Information about the implementation of the agreement: Information related to the agreement you made with Topaz will be stored for up to 10 years after the end of the customer relationship.

Cookies

Topaz uses cookies. However, performance and activity cookies and marketing cookies are not used unless you have given your consent to the use of these cookies. You have the right to block the use of cookies completely. However, please note that restricting cookies may affect the functionality of the website.

What are cookies?

Cookies are small text files that contain letters and numbers and are located on your computer or device. Cookies are set when you visit a website that uses cookies and they can be used to track the pages you have visited, to help you continue where you left off, and to remember your preferences such as language settings.

When you use our website, you accept the use of cookies. Below is an explanation of how not accepting cookies affects.

Why do we use cookies?

We use cookies and other similar technology so that we can:

  • Deliver products and services to our customers and website users
  • Provide a secure online environment, including prevention of fraud and unauthorized access
  • Implements marketing activities, enables a better customer experience online,
  • Track the use of our website
  • Follow our website analytics
  • Provide you with content that is as interesting as possible.

The information is not used to identify individuals.

What types of cookies does Topaz use?

Topaz uses both session cookies, which are stored on the computer only while you are using the website, and persistent cookies, which store the file on the computer for a certain period of time.

The information provided by cookies has been made so transparent that you can see which cookies are being used to improve your visiting experience. This way you can make an informed decision about wearing them. If you want to manage and delete cookies, you can do so from the settings of your web browser.

In some cases, the use of cookies may include the processing of personal data. We have appropriate technical, organizational and administrative security measures in place to protect all data.

We can use cookies belonging to the following groups:

Essentials

Essential cookies are crucial to the functionality of the Topaz website. These cookies are needed, for example, for security purposes and to support certain functions, for example to remember the visitor's preferences, such as language. This ensures that Topaz's website works as intended.

Statistics

Statistics cookies are used to collect information about the use of the Topaz website at a general level. With the help of these cookies, websites can be optimized based on how visitors use the services, for example, which pages are visited the most or which products are viewed by most visitors.

Marketing

Marketing cookies help us improve the user experience of our site. These cookies enable third-party functionality such as videos, podcasts and social media features. In addition, Topaz can use these cookies to use customized advertising in third-party media.

Third Party Content:

Topaz may display content from third parties on its website so that we can provide various features such as YouTube videos, SoundCloud podcasts and Twitter posts. These third parties often use cookies and thus receive and process information about how you use their services. Topaz does not control the information collected by third parties in such cases. You can read more about how they use cookies and process personal data on the websites of these third parties.

How can you contact Topaz or the data protection officer?

If you have any questions about the privacy policy or are dissatisfied with the way we process your personal data or want to exercise your rights described above, you can contact Topaz either by e-mail asiakaspalvelu@saarentaika.com tai by letter:

Saarentaika / Topaz Oy

Kaukassalontie 70

25630 Särkisalo

Notification to the data protection officer

You can also file a complaint or contact the data protection commissioner's office. You can find contact information on the office's website.

Changes to the data protection statement

We are constantly improving and developing our services, products and websites, so changes may be made to the privacy statements from time to time. If significant changes are made to the data protection statement, we will notify you when the applicable law requires it.