Privacy policy

This is a privacy policy in accordance with the European Union General Data Protection regulation (EU 2016/679). This privacy policy describes the rights of the registered individual and the processing of personal data collected by CoReorient Oy and its online services and websites, physical services and research and development work.

CoReorient Oy is a Finnish company developing and providing fair circular and sharing economy services that aim at making the society more sustainable and efficient. Our services are www.coreorient.com, Liiteri.net , piggybaggy.com , kiertoasuomesta.fi , Lähiapaja.fi  , Digikylä.fi

Registrar, VAT ID and Contact information:

CoReorient Oy
Y-tunnus FI23884881
Vanha Talvitie 10 G
00580 Helsinki

Contact in issues related to your personal data:

Harri Paloheimo
registry@coreorient.com

Why are we processing your data?

We collect and process your personal data in order to develop and provide services, monitor the use of online and physical services, respond to contact requests, newsletter orders and event registrations.

The purpose of the processing can also be research and development work by CoReorient and its partners, business or other planning and development and marketing, including direct marketing, surveys and market research, and tailored customer service.

The processing of personal data is based on customership, contract, the explicit permission of the registered individual, or other legitimate reason such as the legitimate right to collect information on potential customers. We will process your personal data in compliance with data protection regulations and good data management and processing principles.

What are your data used for?

We use your personal data to offer products and services, answer your requests and questions, execute contracts, process orders and fulfill other similar functions. Your data is also used to perform obligations that are based on regulations and official orders and guidelines, such as user identification, risk management, data protection and the prevention and investigation of abuses.

We use your data also for customer communications. For example, we can send you notifications or change notices regarding our products and services. We can use your personal data for the marketing and market research of products and services on your permission or when it is otherwise allowed. We can also use your personal data to target our products and services for you, for example by recommending or showing targeted content in our service. We can combine data collected in the context of one of our products and/or services with data collected in the context of our other products and services and/or data collected by our potential partners.

What data do we collect?

The data we process can be divided into data provided by the user, data observed through the use of our services, and data derived through analytics.

User provided data
User provided or individually identifiable data in online services

• Contact information, such as name, address, phone number, email address
• registration data required by the digital account, such as user identifier, handle, password and potential other personal identifier
• language
• customership data, such as billing and payment information, product and order information, customer feedback and contacts, draw and competition response information, and cancellation information
• user provided profile and preference information
• permissions and approvals
• survey and research responses
• other data collected with user permission

Stripe

The Stripe payment provider software we use facilitates the transmission of collection of phone number and installed application information. Our application does not upload this information, but Stripe may ask it e.g. as part of ID verification or other functionality as required by a regulator or bank.

Contact request

Data collected with a contact request on one of our websites can be, for example, name, the organization you represent and contact information, such as a phone number or an email address.

Newsletter

Data collected in the context of ordering a newsletter can be, for example, email address, name and place of residence.For marketing purposes we can monitor the opening of newsletters and links that they contain, online behavior and IP addresses collected on our websites.

Event registrations

Data collected in the context of event registrations can be, for example, name and contact information, such as phone number or email address. We need this data to contact you, for example, regarding event arrangements.

Data observed through the use of our services

Our services can store identification, authorization, address, update, credit, video surveillance, email marketing, salary, payment and other similar information. We can have subcontractors that provide services and process information. There is a written contract with each of the subcontractors that specifies the processed personal data and its target, purpose and duration. The subcontractors are committed to compliance with the current data protection regulations.

Data derived through analytics

We can utilize machine learning or artificial intelligence to analyze and deduce information from the use of our services and other data provided by you and produce data to develop and provide services, and for research purposes. The processing of data complies with data protection regulations and good data management and processing principles.

How do we process and protect your personal data?

All personal data are protected against unauthorized access and accidental or illegal destruction, modification, delivery or transfer of data or other unauthorized processing. All access to personal data is monitored according to good practices. The servers containing the data are protected against data breaches and denial of service attacks. The data are not transferred outside the European Union or the European Economic Area.

Cookies and other technical monitoring

Google Analytics

We also use third party services and their cookies in our services, the use of which may change due to the continuous development of online technologies. The use of our online services and websites is monitored through the use of cookies and Google Analytics.

Your browser uses cookies to send automatically to Google data, such as the webpage address and IP address. Google Analytics uses this data to produce reports that do not directly identify individual users. The reports show us the number of visitors to our websites, the website from which user arrived to our website, the duration of the visit to the website, whether the user has visited on our website earlier, and which pages on our website the user visits. Though this monitoring of traffic we develop our website to be even better, and can provide a better website experience. You can prevent Google Analytics from collecting data about you and find more information on the topic in the Google website.

Google

We use Google remarketing cookies to show targeted banner advertisements to website visitors when they are browsing other websites. With remarketing cookies we can manage settings so that the visitor is not shown too many of our advertisements.

YouTube

We have embedded YouTube videos on certain pages on our website. YouTube (owned by Google) stores cookies when the visitor clicks the YouTube button in the video player.

Social media

Our websites can contain links and connections to third party websites and so called social media plugins (e.g. Facebook, Twitter, Instagram, LinkedIn). The use of social media plugins can send identifiable information to these social media service providers. When you open the plugin, you may permit the storing of the service provider’s cookies in your computer, allowing it to monitor your use of the webpage if you are logged to its social media. Third party privacy policies, terms of use and other conditions are applied to these third party provided services and third party mediated applications in our websites and services. We have no authority over these third party websites and are not liable for any material published in them or their use.

You have always the option to deny, manage and remove cookies through the settings of your browser or mobile device.

Data protection and principles on registry protection

We use appropriate technical and organizational data protection methods to protect personal data against unauthorized access, delivery, destruction or other unauthorized processing. The access to the registry is only with specific persons who require the data in their tasks. The data is collected in databases that require a user identifier and a password and, and are protected with a firewall. We use TLS protected HTTPS connection in the transfer of data so that all personal data is protected when in electronic form. If data is stored in a printed form, they are stored in a space protected from outsiders, and are destroyed in data protection compliant manner when the purpose of their use has ended.

The data received through the traffic monitoring by Google Analytics of our website is stored and processed in the Google Analytics service. Login in the Google Analytics account associated with our website requires login credentials that are only in the possession of specific individuals. The data transfer is protected with a TLS protected HTTPS connection.

You can influence the collection and processing of your data in several ways:

• You can check your stored personal data. We will correct, remove or complement on your request data that is erroneous, unnecessary, deficient or obsolete considering the purpose of the processing.
• You can transfer the personal data you have provided yourself and the data processed based on an approval or contract to yourself or another registrar.
• You can deny the delivery and processing of your data for direct marketing purposes by pressing the link at the end of a newsletter (”peruuta tilaus” tai ”unsubscribe”).
• You can oppose the processing with a reason related to your personal situation that is based on a legitimate interest. If your personal data are invalid, you can restrict the processing until we have confirmed their validity.
• You can cancel your approval if the data processing is based on approval. The cancellation of approval does not affect data processing that is required to comply with the law.
• You can complain to a public authority if your data has been processed in violation of this privacy policy and the current legislation.

If you want to make a claim, send it to the address listed in the beginning of the privacy policy in a document that is personally signed or otherwise similarly verified, or come to make the request personally. Clearly express in your claim your name and contact information so that we can contact you in relation to the processing of the claim if necessary.

To whom do we deliver your data?

We can deliver your data to third parties e.g. in the following cases:

• We can deliver your data in a manner that is based on claims required by authorized public authorities or other entities and is in accordance with the current regulations. We can for example deliver your payment and account data to the tax authority.
• We can deliver your data to partners that support the purposes or functionality of our services.
• We can deliver your data to scientific or historical research.
• We can deliver your data to third parties if it is necessary to execute a contract, investigate potential violations or prepare, present or defend a legal claim.
• We can deliver your data to direct marketing purposes or surveys or market research unless you have declined it. We can deliver your data to other third parties if you have given your approval.

We can use subcontractors and partners in the data processing. We have written contracts with the subcontractors and partners where the target, purpose and duration of the personal data processing as well as the personal data are specified. The subcontractors and partners are following good data processing principles and comply with the requirements of the European Union General Data Protection Regulation.

How long do we store your data?

We store your data as long as necessary to perform the purposes described above, within the current law. Upon termination of the customer relationship the storage duration depends on the data and its purpose of use. We aim at keeping the data in our possession correct and valid by removing unnecessary data and updating obsolete data.

Data stored for marketing purposes is typically stored as long as an approval has not been cancelled. We can store the information on the cancellation of approval and contacts in order to confirm the compliance with the cancellation.

We may be obligated to store some data in order to comply with accounting or other regulations also after the termination of customership or other reason for data processing. After the termination of customership we store data required for preparing research, statistics or studies.

Data Deletion

You can influence the collection and processing of your data in several ways:

• You can check your stored personal data. We will correct, remove or complement on your request (received at registry@coreorient.com or the company address in the beginning of this document)  data that is erroneous, unnecessary, deficient or obsolete considering the purpose of the processing.
• You can also delete your account with all data from profile in the mobile app or from web.

Changing the privacy policy

We are continuously improving our operations and therefore withhold the right to change this privacy policy by informing about it in our services. The changes can be also based on changing regulations. We recommend to frequently familiarize with the contents of the privacy policy.

Contacts
Inquiries can be sent to the address listed in the beginning of the privacy policy.
Contact information for the relevant public authority:
Office of the data ombudsman
Address: Ratapihantie 9, 6. krs. 00520 Helsinki
Postal code: PL 800 00521 Helsinki
Telephone: 029 56 66700
email: tietosuoja@om.fi