Privacy Statement

Privacy Statement
Personal Data Act (523/1999) Sections 10 and 24

Name of the Register
Shirute Customer and Stakeholder Register

Controller
Shirute Oy (hereinafter “Shirute”)
Business ID 2366105-5
Opastinsilta 6A
00520 Helsinki
FINLAND

Contact Person in Matters Concerning the Register
Sirte Pihlaja
privacy [at] shirute.com

Purpose of the Register
The personal data contained in the register may be processed and used, in accordance with applicable legislation, based on customer relationship or other relevant connection, for the production, offering, delivery, invoicing, and development of services provided by Shirute and its owned or affiliated brands; for customer and stakeholder communications, correspondence, marketing, advertising, direct marketing, addressable mailings and their targeting; for organizing competitions and prize draws; for managing, developing and maintaining customer and stakeholder relationships; as well as for statistics, profiling, and analysis of our websites and registered individuals, and for other similar purposes. Marketing may also be carried out electronically, for example via email and mobile phone. Profiles may also be used for targeting content and marketing on our websites, electronic messages, mobile channels, and applications.

Consent of the Data Subject to Processing
The data subject accepts the contents of this Privacy Statement by using the services provided by Shirute and its owned or affiliated brands or by registering as their user. In such cases, the processing of personal data for the above-mentioned purposes is based on legitimate interest. Legitimate interest also applies when individuals are included in the register on the basis of a relevant connection.

Data Content of the Register
The user-specific content of the register may vary depending on the actions taken by the user. We may collect the following categories of information relating to natural persons included in the register as well as stakeholders working with customer experience:

Personal Data

  • First and last name of the data subject

  • Date of joining the register or start of relevant connection

  • Preferences (e.g. language, interests, or other information provided by the data subject or collected with their consent)

  • Basic and contact details, such as email, phone number, and address

  • Public social media profile information, such as Twitter or Instagram username

Employment-related Data

  • Job titles/roles and job descriptions

  • Employer organization/company, contact details and business ID

  • Work email, phone number, and address

Event-related Data

  • Information on registration and participation in Shirute and its brands’ events with dates

  • Photos and videos from events

  • Dietary information (used for catering orders)

Orders, Services, and Usage Information

  • Information related to customer relationship and/or other relevant connection and contractual relationship, such as purchased products and services, including start and end dates

  • Information on subscribed/activated services, such as newsletters, online services, and direct marketing preferences

  • Billing and collection information

  • Information about communication, marketing, invitations, identifiable feedback or other surveys targeted to the data subject and related responses (only if not anonymous)

  • Technical information sent by the data subject’s browser to the controller’s server (e.g. IP address, browser, browser version, referring page)

  • Data concerning web behavior on the controller’s websites and services (e.g. link clicks, browsed pages, entry and exit sites)

  • Data relating to use of our websites and services and the customer relationship, such as payment details, card details or bank account information, feedback, and order details

  • Data on direct marketing consents or prohibitions

Regular Sources of Data
All data in the register has been obtained from the following sources:

  • Information provided by the data subject

  • Data generated in Shirute’s information systems during the use of its online services

  • Surveys and research conducted by Shirute and its brands, or when a person participates in product and service development

  • Event participation

  • Other possible marketing communications

  • Information provided/made available by organizations themselves

  • Publicly available information

It is possible to join the register via Shirute’s and its affiliated brands' services online services. In addition, a direct link to register may be provided through Shirute’s social media pages or other marketing communications.

Personal data may also be collected and updated from other registers used or to be used by Shirute or its affiliated brands, or from carefully selected partners of Shirute. Data has not been purchased from third parties.

Retention Periods
The register is updated in connection with each event we organize.

At the request of the data subject, their data will be deleted from the register within one month of the request.

Data Transfer and Disclosure
The controller may disclose personal data contained in the register within the limits permitted or required by applicable legislation.

As a rule, data is not disclosed or transferred outside the EU or EEA unless necessary for the technical implementation of a service. All partners outside the EU or EEA are required to comply with the applicable EU data protection practices and personal data legislation to ensure adequate data protection.

The controller may conclude agreements with selected suppliers of goods and services involving the processing of personal data on its behalf. Such agreements may cover, for example, software development, maintenance, server, and IT support services. The controller may also transfer personal data when outsourcing processing to, for example, accounting firms or companies providing marketing and invoicing services. In such cases, partners process personal data on behalf of the controller without independent rights to processing.

The controller may disclose data to service providers participating in the implementation of its websites and services, such as online advertising, analytics, and payment providers.

The controller may disclose personal data for direct marketing purposes to its partners and client companies unless the data subject has prohibited such processing or disclosure.

Data Security
Personal data in the register is processed with appropriate security in accordance with the controller’s instructions. The register is password protected, and only the controller and authorized persons, bound by confidentiality and permitted by their job duties, have access.

All of the controller’s IT systems and register data are protected by generally used technical security methods to prevent unlawful processing or unauthorized access.

Rights of the Data Subject
Each individual in the register has the right to check the data concerning themselves. The information provided upon a request will be sent by email to the address given in the request.

Each individual in the register has the right to demand the correction of incorrect, unnecessary, incomplete, or outdated data.

Each individual in the register has the right to prohibit the controller from processing their personal data for direct advertising, other direct marketing, distance selling, and market or opinion research.

All requests and prohibitions must be sent in writing, signed by hand in electronic form, to the contact person responsible for the register.

Cookie Policy
Our websites may use cookies. Cookies enable us to recognize your browser and use the collected information, for example, for statistical monitoring and analysis of website usage. Our aim is to develop our websites and services to better serve users.

Our websites may also contain cookies from third parties, such as measurement and tracking services; these third parties may set cookies on your device when you visit our site. In addition to cookies used on our website, cookies may be used to target our own advertising on third-party websites.

You may block the use of cookies by changing your browser settings.

Changes to the Privacy Statement
We continuously improve and develop the services, products, and online services we provide, which may result in changes to this Privacy Statement. If significant changes are made, we will clearly inform you whenever required by applicable law. You can stay informed about possible changes by reviewing our Privacy Statement from time to time.