Privacy statement

Privacy Policy

Effective date 07.02.2023

GENERAL

The controller of your personal data is Saaren Taika / Topaz Oy (hereinafter referred to as “Topaz”). Our company is committed to protecting the rights of individuals and keeping your personal data secure. This privacy policy helps you understand what information Topaz collects about you and why, how personal data is stored and disclosed, and what your rights are regarding privacy.

Topaz processes personal data for a number of reasons. In this statement, “you” refers to customers, potential customers or employees of our customers. It may also refer to other interested parties, such as beneficial owners, authorized representatives and directors, shareholders and officers. In this statement, “we” or “company” refers to Topaz and any companies that are directly or indirectly owned or controlled by Topaz Oy.

WHAT PERSONAL DATA DOES TOPAZ COLLECT?

Personal data is most often collected directly from you or obtained through your use of Topaze products, services and channels. We sometimes need additional information to keep the information up to date or to verify the accuracy of the information we have received.

For example, when you purchase something from our online store, as part of the purchase and sale transaction, we collect information such as your name, phone number, address, and email address. When you browse our online store, we automatically receive the IP address of the device you are using to browse, the internet browser you are using, and the operating system of the device you are using.

Topaz also collects and processes personal data of persons who are closely associated with you, in some cases. Such persons include employees, beneficial owners, representatives, payers and other persons with whom we are in contact and with whom we cooperate.

Below are listed the categories of personal data that we collect and use. Examples of personal data that fall into each category are provided. Please note that the examples do not cover all situations. The type of personal data we collect from you depends on the service or product we provide to you as a customer.

Types of personal data:

  • Identification information: for example, personal identification number and full name
  • Contact information: for example, address, phone number and email address
  • Customer-related information: for example, your customer history
  • Information related to legal requirements and taxation: country of taxation or foreign tax registration number and any information related to customer due diligence and anti-money laundering

Sources of personal information we collect

From you

Some of the personal information that Topaze collects comes directly from you. For example, we collect personal information from new customers, such as name and social security number, email address and telephone number. In billing situations, we may also need to collect credit information so that we can provide the customer with the relevant product or service on invoice. We also collect information from messages you send to us through our digital channels, such as feedback or requests.

From third parties

We also collect personal data from third parties, such as publicly available information and information from other external sources, to enable us to provide you with our products and services and to comply with legal requirements. For example, when you request the option to pay by invoice, we may collect billing-related information from other sources, such as central credit registers that contain information about your payment behavior.

Examples of third-party data sources:

  • Registers maintained by authorities (for example, tax administration registers, business registers and registers of enforcement authorities)
  • Lists of economic sanctions (for example, lists maintained by international organizations such as the EU and the UN, as well as national organizations)
  • Credit registers and other commercial data providers that provide information on, for example, payment default records
  • Information related to payment orders from money transfer service providers, shops, banks, payment service providers and other similar entities
  • Social media (for example, information publicly available from social media or through search engines. Social media may also disclose information to us in accordance with the privacy settings you use on the relevant channels/media.

Email marketing

If we receive your permission, we may send you emails regarding our online store, new products for sale, and other store-related updates or feedback surveys. Your feedback may be used for our marketing purposes. You can unsubscribe from our mailing list at any time. You can do this in the emails you receive from us or by contacting our customer service.

Recording calls, online meetings and chat services

Calls and chat conversations may be recorded for the purposes of documenting customer requests, confirming orders, ensuring security, preventing fraud, and meeting legal requirements. For example, online meetings, calls, and chat conversations may be recorded so that we know what happened and what was said in the conversation, and any agreements that may have been made.

Video surveillance

For security reasons and to prevent crime, we may have surveillance cameras in our office, store and warehouse facilities.

Storage of collected data

We offer an online store platform to sell products and services to you. The information collected from our customers is stored in the information system, databases and storage space of the platform connected to the online store. Your information is safe, as it is stored behind a firewall and its protection is ensured by appropriate technical means.

HOW DOES TOPAZ USE YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS?

Implementation of the agreement

One of the purposes of processing personal data is to collect and verify personal data before making an offer and entering into a contract or transaction. We also process personal data so that we can document and fulfill our contractual obligations towards you, e.g. to provide you with and administer our products and services.

Examples of processing activities required to perform a contract with you:

  • collecting your contact information so that we can deliver your order and provide you with customer service, including customer support and customer relationship management, and communicating with you
  • collecting your financial information to issue an invoice payment method

Legal obligations

In addition to the implementation of the agreement, compliance with obligations defined in law, regulations and decisions of authorities requires us to process personal data.

Examples of legal obligations that require the processing of personal data:

  • Know your customer (KYC)
  • preventing money laundering and terrorist financing
  • sanctions reviews
  • accounting regulations
  • reporting to tax, police, enforcement and supervisory authorities

Legitimate interest

We will use your personal data where necessary to pursue our legitimate interests, unless such interests are overridden by your interests or fundamental rights and freedoms.

Examples of processing of personal data based on legitimate interest:

  • Marketing, product and customer analyses. Marketing activities, process, business and system development, including testing, are based on the processing of personal data. This allows us to improve our product range and optimize the services we offer to our customers.
  • Profiling, for example for customer analyses for marketing purposes
  • Anonymization of financial and demographic information so that we can compile statistics for testing and developing products and services. Anonymized and aggregated statistics cannot be linked to an individual person.
  • Analyzing social media usage so that we can provide better and more targeted marketing and communications, as well as services and advice, respond to comments and provide customer service.
  • The possible preparation, presentation or defense of a legal claim and the collection procedure.

Consent

By providing us with your personal information when you shop in the online store (for example, when verifying your credit card, placing an order, choosing a delivery method, or returning a product you ordered), you consent to the collection of your personal information.

If we need personal information for any activities other than those mentioned above, such as marketing, we will ask you for permission either directly or give you the opportunity to refuse to provide the information.

If Topaz requests your consent, the request will include information about the purpose of the data processing, the processing, the type of personal data and your right to withdraw your consent. If you have given your consent to the processing of personal data, you also always have the right to withdraw your consent at any time.

HOW DO WE USE AUTOMATED DECISION-MAKING?

We may use automated decision-making in some cases where permitted by law or where you have given your explicit consent or where it is necessary for the performance of a contract. An example of such a case is the credit granting process in payment transactions involving an invoice option.

If we use automated decision-making, we will provide you with additional information about the logic of the automated processing, its significance and possible consequences for you.

You can always express your opinion about a decision based solely on automated processing, such as profiling, if that decision produces legal effects concerning you (e.g. termination of a contract) or if the decision otherwise significantly affects you in a similar way (e.g. rejection of an invoice payment option).

TO WHOM DOES TOPAZ PROVIDE PERSONAL DATA?

We may disclose your personal data to others to the extent required by law and to provide services and comply with agreements.

We may disclose your personal data to other parties, such as authorities, group companies, suppliers of goods and services, payment service providers and business partners. Before disclosing information, we always ensure that we comply with applicable confidentiality obligations.

When may your personal information be shared?

We share information necessary to verify your identity and execute an order or contract with companies we work with in order to provide our services. These services include, for example, secure payment solutions.

For example, we may disclose information to a finance company or an online store payment method service provider in the event of an installment payment. We may also share anonymized information for social and economic research or statistical purposes if we consider it to be in the public interest.

We disclose personal data to the following recipients:

  • Authorities: We disclose personal data to authorities to the extent required by law. These authorities include, for example, tax, police, enforcement and supervisory authorities.
  • Topaz Group companies: We share personal data within the group with your consent or in accordance with the law.
  • External business partners: We share personal data with external business partners with your consent or in accordance with the law. External business partners include, for example, payment solution providers and financing vendor partners.
  • Suppliers: We have entered into agreements with selected suppliers that involve the processing of personal data on behalf of Topaz. Such agreements have been concluded, for example, with suppliers providing software development, maintenance, server and IT support services.

Data transfers to third countries

Topaz does not transfer personal data to so-called third countries or to organizations operating in countries outside the European Economic Area.

In special situations, an exception may be made if, for example, the performance of a contract requires it or you have given your consent to the transfer of the data in question. Even in special situations, such data transfers can only be carried out if one of the following conditions is met:

  • The EU Commission has decided that the level of data protection in that country is adequate.
  • Other appropriate safeguards have been put in place, for example by following the model contractual clauses approved by the EU Commission or by ensuring that the company processing the data has binding corporate rules in place. A copy of the EU model contractual clauses used by Topaz for data transfers can be found at www.eur-lex.europa.eu.

HOW DOES TOPAZ PROTECT PERSONAL DATA?

Protecting personal data is at the core of our entire business.

We have appropriate technical, organizational and administrative security procedures in place to protect all information in our possession against loss, misuse, unauthorized access, disclosure, alteration and destruction.

For example, when you provide us with your credit card information during a payment transaction, the data transmission is encrypted using secure SSL protocol technology. We also comply with PCI-DSS requirements and other generally accepted industry standards.

What are your privacy rights?

You have the following rights in relation to your personal data held by Topaz:

  • The right to request access to your personal data
  • You have the right to access the personal data we hold about you.
  • The right to request correction of incorrect or incomplete information
  • If your personal data in our possession is incorrect or incomplete, you have the right to request correction of the data, unless otherwise restricted by law.
  • Right to request deletion of data

You have the right to request the deletion of your data in the following cases:

  • You withdraw your consent to the processing of the data and there is no other legitimate reason for the processing
  • You object to the processing of your data and there is no legitimate reason for continuing the processing.
  • You object to the processing of your data for direct marketing purposes
  • The processing of the data is unlawful
  • This concerns personal data of a minor collected in connection with the provision of information society services.
  • Due to legislation, we are in some cases obliged to retain your personal data for the duration of the customer relationship and even after it, when processing the data is necessary, for example, to comply with legal obligations or to handle legal claims.

Right to restrict the processing of personal data

If you dispute the accuracy of the data we have registered or the lawfulness of the data processing, or if you have objected to the processing of your data in accordance with your rights, you can ask us to restrict the processing of your personal data. In this case, the processing of the data will be limited to storing the data until the accuracy of the data has been verified or it has been possible to verify whether our legitimate interests override your interests.

If you are entitled to have your data erased but you need it to defend a legal claim, you can ask Topaz to restrict the processing of your data to the retention of the data. Even if the processing of your data has been restricted as described above, Topaz may still process your data in other ways if this is necessary for the exercise of a legal claim or if you have given your consent.

The right to object to processing of personal data based on our legitimate interests

You always have the right to object to the processing of your personal data if it is based on Topaz's legitimate interest, including processing for direct marketing purposes or profiling related to direct marketing.

Right to withdraw consent

When the legal basis for processing your data is your consent, you have the right to withdraw your consent at any time. When Topaz asks for your consent, the request will include information about your right to withdraw your consent.

Right to data portability

You have the right to receive the personal data you have provided to us in a machine-readable format. This right applies to personal data that has been processed solely by automated means and based on consent or the performance of a contract. The data may also be transferred from us to another controller, provided that this is secure and technically feasible.

If you wish to exercise your rights listed above, requests will be assessed on a case-by-case basis. Please note that we may also retain and use your information if necessary to comply with legal obligations, resolve disputes or enforce contracts.

How long does Topaz retain personal data?

We will retain your information for as long as it is needed for the purpose for which it was collected and processed, or as long as required by law and regulations.

Reasons why we retain your personal data

We will retain your data for as long as it is necessary to perform the contract and for as long as required by law and regulations. If we retain your data for purposes other than performance of the contract, such as accounting, we will only retain the data if it is necessary for that purpose and/or required by law and regulations.

Examples of retention periods

  • Accounting regulations: information required by law will be retained for up to 10 years. Information related to the execution of the contract: information related to your contract with Topaz will be retained for up to 10 years after the end of the customer relationship.

Cookies

Topaz uses cookies. However, performance and functional cookies and marketing cookies are not used unless you have consented to the use of these cookies. You have the right to block the use of cookies completely. However, please note that restricting cookies may affect the functionality of the website.

What are cookies?

Cookies are small text files containing letters and numbers that are placed on your computer or device. Cookies are set when you visit a website that uses cookies and can be used to track the pages you visit, help you continue where you left off, and remember your preferences, such as your language settings.

By using our website, you agree to the use of cookies. Below we explain how not accepting cookies will affect your experience.

Why do we use cookies?

We use cookies and other similar technologies to enable us to:

  • To deliver products and services to our customers and website users
  • Provide a safe online environment, including prevention of fraud and unauthorized use
  • Implement marketing activities, enable a better customer experience online,
  • To monitor the use of our websites
  • To track our website analytics
  • To provide you with the most interesting content possible.

The information is not used to identify individual persons.

What types of cookies does Topaz use?

Topaz uses both session cookies, which are stored on your computer only for the duration of your visit to the website, and persistent cookies, which store a file on your computer for a specific period of time.

The information provided by cookies is made transparent so that you can see which cookies are used to improve your browsing experience. This way, you can make an informed decision about whether to accept them. If you want to manage and delete cookies, you can do so in your web browser settings.

In some cases, the use of cookies may involve the processing of personal data. We have appropriate technical, organizational and administrative security measures in place to protect all data.

We may use cookies belonging to the following categories:

Essentials

Strictly necessary cookies are essential for the functioning of the Topaz website. These cookies are required for security purposes and to support certain features, such as remembering visitor preferences, such as language. This ensures that the Topaz website works as intended.

Statistics

Statistics cookies are used to collect information about the use of the Topaz website in general. These cookies can be used to optimize the website based on how visitors use the services, for example, which pages are visited most often or which products are viewed by most visitors.

Marketing

Marketing cookies help us improve the user experience on our website. These cookies enable third-party features such as videos, podcasts and social media features. These cookies also allow Topaz to use tailored advertising on third-party media.

Third-party content:

Topaz may display third-party content on its websites to enable us to provide various features, such as YouTube videos, SoundCloud podcasts, and Twitter posts. These third parties often use cookies and thus receive and process information about how you use their services. Topaz does not control the information collected by third parties in such cases. You can read more about how they use cookies and process personal data on the websites of these third parties.

How can you contact Topaz or the Data Protection Commissioner?

If you have any questions about this privacy policy or are dissatisfied with the way we process your personal data, or would like to exercise your rights described above, you can contact Topaz either by email at asiakaspalvelu@saarentaika.com or by letter:

Island Time / Topaz Oy

Kaukassalontie 70

25630 Särkisalo

Notification to the Data Protection Commissioner

You can also file a complaint or contact the Office of the Data Protection Ombudsman. Contact information can be found on the Office's website.

Changes to the privacy policy

We are constantly improving and developing our services, products and websites, so changes may be made to our privacy statements from time to time. If there are significant changes to our privacy statements, we will provide notice where required by applicable law.