The Register Holder
The register holder decides on the purpose and method of processing personal data.
Knokkon Textiles Company
Business ID: 3003023-5
VAT Number: FI30030235
Data Processor and Contact Person of the Registry
The data processor retains and processes the information on behalf of the register holder and acts as a contact person.
Phone: + 358 (0) 40 513 8709
Purpose of Processing Personal Data
Information is used:
- To maintain the customerships
- Delivering the orders, processing and archiving of orders
- The development of e-commerce activities and services
- Customer communication and improvement and development of customer experience
- Improving and developing the quality of services and products
- User management for authentication
- For analytics and statistical purposes
- To produce more personalized targeted content and marketing
- Prevent abuse and to ensure better security
- Better customer service.
Contents of the Register
The register contains information relevant to the purpose of its use in the following categories.
The information is collected and used as follows.
- Information provided by the customer or identifiable by the person:
- Identification information, such as
- First and last name,
- Identification of the customer for identifying the credit agreement
- Passport information or equivalent duty required when ordering products or services from outside Finland,
- Contact information, such as addresses, phone numbers, email addresses, gender and age,
- Payment information, including credit agreements and other billing information,
- Customer contacts and related correspondence and postings on the rights of data subjects
- Customer’s consent to the location information used to assess the delivery time.
- Identification information, such as
- Information on the use of services and derived from analytics:
- shopping history, including ordered products and their price data
- delivery information, such as the selected delivery method and delivery address
- Product Reviews
- information on the use and browsing of the e-shop and the identification of the terminal
- Product recommendation and other information and identifiers used for the targeted content
- Information related to the use of the digital service as an identified user:
- Username and encrypted password,
- Other information relating to identification,
- log data on the use of the service,
- IP address, device, ID and type information,
- The operating system, applications and application settings used,
- Information relating to the payment and invoicing of notifications and
- Use of the services and derived information, such as by means of cookies
- Behavioural data based on the data collected. Please refer to “cookies” for details.
Regular Data Sources
Customer data may be collected in different ways. As a rule, we collect, and process data as follows:
- The customer has provided the information to us ourselves when he or she has been in contact with us or business with us, such as by purchasing our services or registering with the service, subscribing to our newsletter or contacting us to request an offer or information,
- Customer uses our services or products,
- Customer uses our website or
- Customer data is obtained from other third-party data sources such as the trade register, the demographics system, the corporate and community information system, the postal address information system, or other data sources.
The customer is not obliged to provide information to Knokkon, but if he decides to do so, we may not be able to provide all our services to the customer.
We do not collect or process the following special categories of data:
- Racial or ethnic origin,
- Sexual orientation,
- Political Opinions,
- Religious or philosophical beliefs,
- Trade union membership,
- Genetic, biometric or health data or
- Information on criminal convictions and offences.
Regular Data Transfers
As a general rule, we do not disclose the customer’s information to a third party unless required by law or by the competent authority, such as requests for information or access to legal proceedings.
With your consent, we may disclose information to a third party that is subject to your consent.
For communication, service or marketing purposes, information is disclosed to trusted service providers for data processing. We have ensured that all data processing providers comply with data protection law.
We regularly use the tools provided by the following service providers to process data:
- Finnish browser-based newsletter and Survey tool.
- Used to send newsletters, customer messages and event newsletters, as well as to collect electronic feedback queries and e-registrations.
- The statistics include the opening of newsletter messages and clicks on links.
- See also: www.creamailer.fi/tietotilinpaatos
- An American analytics tool to analyse the effectiveness of advertising by understanding the functionality that users make on the website.
- See also: fi-fi.facebook.com/legal/terms
- American website visitor tracking software used by the browser.
- Data collected from visitors is stored on a Google server, from which aggregated statistics can be explored using Google Analytics.
- See also: support.google.com/analytics/ans-wer/3379636?hl=fi
We strive to keep all information within the EU. However, data may in some cases be transferred outside the EU if the service provider’s cloud service servers to which the data are stored are located outside the Eu or otherwise necessary to carry out the ordered service.
In this case, we will ensure that the security level is adequate in the country of processing, such as the providers included in the U.S. Privacy Shield.
Principles of Registry Protection
All personal data is protected from unauthorized access and accidental or unlawful destruction, alteration, disclosure, transfer or other unlawful processing.
Manually maintained materials are located in areas where unauthorized access is denied.
Electronically processed data is located on strictly guarded servers and in a strictly guarded server room. The server has powerful and smart firewalls that prevent attacks on both the server and individual accounts.
Access control and other security measures are used to help you use your data. Access to data requires enough privileges and multi-stage authentication. Only designated persons have the right to process and maintain the data in the register. Users are bound by confidentiality. The registry information is backed up securely and recoverable when necessary.
In the processing of personal data and technical solutions, we adhere to good privacy practices. Our server rooms meet the following ISO certifications and standards:
- ISO 9001:2015
- OHSAS 18001
- SOC 1 Type II
- SOC 2 Type II
- ISO 14001:2015
- ISO 27001
- PCI DSS
- ISO 50001
The server collects log data from Web site visitors that contain IP addresses. The raakalogs are retained for one month.
In addition, the server has an Awstats program that collects website visitors including the following information:
- Visits and visitor counts
- Visitor’s operating system and browser
- Visitor countries
- Logged in users
- Keywords used in search engines
- File Types
- HTTP Errors
We will only retain your personal information for the necessary time to fulfil the purposes described in this leaflet. In addition, some data may be retained to the extent necessary for the execution of statutory obligations, such as accounting and consumer trade exposures, and to demonstrate their proper execution.
At the customer’s request, personal data about him may be deleted or anonymize from the website. The deletion and anonymization action are irreversible and we cannot recover deleted customer accounts.
For some information, the legislation imposes obligations on longer-term recording of information, including the following purposes:
- Accounting law defines longer retention periods for data, irrespective of whether the material contains personal data or not,
- The fulfilment of consumer trade responsibilities.
- Systems log data is collected and stored as required by law to provide a lawful and secure online store for our customers and
- Taking adequate backups of trade databases and systems to safeguard data, fix error situations and verify security and continuity.
Implementing the rights of the data subject
As a customer, you have the right:
- Access to personal data concerning you, including the right to receive a copy of personal data about you,
- Request rectification or erasure of personal data concerning yourself and
- Under certain conditions, request restriction of processing or oppose processing of personal data.
In addition, if the processing is based on separate consent, you have the right to withdraw your consent at any time. Please note that this does not affect the lawfulness of data processing prior to withdrawing consent. You can change your settings via the Login page.
You can request access to your rights by contacting our customer service. The request must be adequately identified so that our customer service can verify your identity. We will notify you if, in some respects, we are unable to fulfill your request, such as deleting any information that we have a statutory obligation to store (for example, credit information) or a right.
If you find that there are deficiencies in the processing or that it is unlawful, you have the right to lodge a complaint with the Data protection authority.
The information we collect about the customer can be used to tell you about new features of our company service or to market and sell other services.
Consent to data processing
Data processing is based on consent. Our company ensures that the customer understands where he agrees. This means that consent must be given voluntarily, individually, knowingly and unequivocally in response to a request made in clear and plain language. Consent shall be given by an act indicating the consent, such as by tick the box on the website or by signing the form.
When the customer agrees to the processing of their data, the data may only be processed for the purposes for which consent is given. The customer is also able to withdraw consent.
Change your privacy Statement