PRIVACY STATEMENT

Pendola Oy (hereinafter “Pendola”) processes personal data related to the users of and visitors to www.hemmakoti.com (hereinafter the “Platform”). “Users” refers to the persons (either service providers or customers) that have created user accounts on the Platform.

We only process personal data in accordance with the applicable legislation. This privacy statement describes how we collect, use, and store your personal data and how you can exercise your rights as a data subject.

This privacy statement only applies to the processing of personal data when Pendola is the controller. The service providers operating on the Platform are independent controllers when they offer services, and this privacy statement does not apply to the processing carried out by service providers.

Controller

Pendola Oy
Business ID: 3101984-7
Rautatienkatu 20 (Dooroom), 15110 Lahti
info@hemmakoti.com

Personal data to be processed and categories of data subjects

On the Platform, Pendola processes the personal data of users who have created a user account on the Platform (whether in the role of service providers or customers), as well as the personal data of persons who visit the Platform without a user account and, for example, subscribe to the newsletter.

Pendola processes the following personal data:

User and visitor information

Pendola collects the following data directly from users (depending on the case): name, phone number, email address, address, language, account number, information required to identify the user (such as the information required under money laundering laws and other legislation), information provided in connection with feedback, and any other information that the user provides to Pendola through the Platform or its customer service function (including the chatbot), such as any personal data included in the user’s feedback or questions, as well as the user’s choices regarding marketing. In addition, email addresses are collected from visitors to the site who subscribe to the newsletter. If a user connects or logs in to a user account via a third-party service (such as Facebook or Google), the third party provides us with the user’s personal data, such as the profile picture, a sample of the contact list, and the ID used in the service. The aforementioned information related to identification required by law may be collected from the user directly, as well as from public registers.

Analytics data

Pendola automatically collects the following data from users and visitors to the Platform: IP address, browser and browser version, operating system, country, device advertising ID, and internet service provider.

The analytics data is collected using cookies.

Cookies are small text files that are used on the Platform to improve the user experience. The Platform requires certain mandatory cookies in order to function. According to the law, Pendola may store cookies on your device if it is essential for the functionality of the website. All other cookies are only used with the consent of the Platform’s users and/or visitors. Click here for further information on the cookies used by the Platform and to manage your cookie settings. Note that some parts of the Platform may not function correctly if you limit the use of cookies.

Purpose and legal basis for processing personal data

Pendola processes personal data on users and visitors for the purpose of carrying out its business and providing the Platform. Pendola may also process data to improve and develop the Platform and its business. Data on the visitors to the Platform website is also processed to ensure the functionality of the website and develop the site.

The processing of personal data is based on Pendola’s legitimate interests and, with regard to users, the fulfilment of obligations based on contractual relationships. In this context, Pendola’s legitimate interests are carrying out, maintaining, and developing its business, marketing and sales promotion, managing customer relationships, and processing any claims presented against it. In addition, Pendola may process personal data to comply with statutory obligations (such as bookkeeping obligations and taxation).

If you do not want to provide Pendola with the information requested when using the Platform, Pendola may not be able to offer all the services of the Platform to you in full.

Disclosure of personal data and transfer to third countries

In principle, personal data is not disclosed to any parties outside Pendola’s organisation other than Pendola’s subcontractors/service providers. Pendola is responsible for the actions of its subcontractors as if they were its own, and Pendola ensures that subcontractors process personal data only for the purposes specified in this privacy statement and in accordance with Pendola’s instructions and the applicable legislation.

Personal data may be disclosed to other third parties only if required under legislation or if necessary in order to handle legal claims and safeguard Pendola’s interests.

In addition, personal data may be disclosed to a third party if Pendola is a party to a corporate transaction (such as a merger or acquisition). In such situations, Pendola shall ensure that the personal data remains confidential.

In principle, personal data is not transferred to third countries. If data is transferred outside the European Economic Area, Pendola shall take all the measures necessitated by legislation to ensure that the standard of protection afforded to personal data is also adequate in the location to which the personal data is transferred.

Data retention period

Data is only retained for as long as it is needed to provide the Platform or for the foregoing purposes or when Pendola is obliged to retain the data in accordance with legislation. We may store personal data for longer periods to the extent that is necessary for a response to and defence against legal claims. The retention period depends on the type of personal data.

Technical and organisational security precautions

Technical security precautions

Pendola’s information security solutions are generally approved in the information security sector, and they are regularly monitored to ensure they are up to date.

The hardware used by Pendola and the subcontractors involved in processing is protected by appropriate firewalls, and computer hard drives are encrypted. In addition, files are regularly backed up to ensure the integrity, accuracy, and retention of the data.

Organisational security precautions

Personal data can only be accessed by the employees of Pendola and Pendola’s subcontractors whose job descriptions include processing the said personal data.

Rights of data subjects

Data subjects are entitled to request a copy of their personal data, the correction of incorrect personal data, and, under certain conditions, the erasure of their personal data. Under certain circumstances, data subjects may also ask for the processing of their personal data to be restricted and oppose the processing of their personal data. In some cases, data subjects are entitled to request the transfer of their personal data. This means that data subjects are entitled to receive their personal data in a widely used, machine-readable form, and data subjects may ask for their data to be transferred to a different controller if it is technically possible.

Data subjects may exercise the foregoing rights by sending a letter or email to the addresses given above or by contacting Pendola by phone on +358 29 1700775.

If you think your rights have been violated, you can submit a complaint to the supervisory authority (for further information, see www.tietosuoja.fi/en).