SUPERPARK OY’S PRIVACY POLICY
GDPR-compliant privacy policy. By using SuperPark Oy’s services, you agree to the terms and conditions of this privacy policy. If you do not agree to this privacy policy, you are not authorised to use SuperPark Oy’s services.
1. Data controller
SuperPark Oy (hereinafter “SuperPark” or “We”)
Business ID: 2481737-3
Linturinteenkatu 1
88610 VUOKATTI, Finland
Tel. +358 44 488 6211
2. How can I get in touch with you?
By email:
tietosuoja[at]superpark.fi
By post:
SuperPark Oy
Linturinteenkatu 1
88610 VUOKATTI, Finland
3. To what does this privacy policy apply?
This privacy policy applies to practices that SuperPark Oy adheres to when collecting and processing personal data from its consumers and business customers (a personal data file based on SuperPark Oy’s customer relationship and other relevant connection).
4. For what purposes is my personal data processed?
We process your personal data for the following purposes:
- to manage and analyse customer relationships and other relationships based on a relevant connection
- to produce and customise our services
- to develop and plan business operations
- marketing, distance selling, surveys and market research as well as customer communications, which can also be implemented electronically and targeted at a specific group
Your personal data may be processed in accordance with the applicable legislation for the marketing purposes of our carefully selected partners, including direct marketing, distance selling and surveys and market research. As a rule, we only disclose data to our partners for purposes that support the objective of the data file and in cases in which the intended use of the data is not incompatible with SuperPark’s intended use.
5. What data is collected about me?
The data file may contain the following information about all data subjects:
- first and last name
- contact details (address, phone number, email)
- contact person’s contact details for business customers (address, phone and fax numbers, email)
- occupation, title or other details of a business customer’s contact person regarding the data subject’s responsibilities and position in the business or public office
- the start and end date of the customer relationship and/or relevant connection and how this started
- direct marketing opt-in/opt-out selections
- information about the use of our services and content (e.g. using the online service, visits to SuperPark sites, user account, newsletter subscription)
- technical information (e.g. IP address, browser, browser version, page from which the data subject reached our website) sent by the data subject’s browser to the controller’s server and cookies sent to the data subject’s browser and related information if the cookies contain personal information
- information related to marketing and promotions, such as marketing activities targeted at and participated in by the data subject (e.g. participation in prize draws, competitions and events)
- information related to the maintenance of the relationship (e.g. purchase and cancellation details for products and services, delivery details, feedback, complaints and customer service event recordings such as calls, emails, chats and text messages)
- interests indicated by the data subject
- gender
- date of birth
- language
- the data subject’s location details if the data subject has consented to the processing of location data
In addition to the information listed above, the data file may contain the following information about the buyers of products/services:
- customer number
- personal identity code
- billing and debt collection details
In addition to the information listed above, the data file may contain the following information about persons who have a customer account:
- user name
- password
- pseudonym/nickname
- information related to the identity of an identifiable user, such as the details of the service usage and visits to the online service and SuperPark sites
- first and last name and contact details of a minor’s named guardian (address, phone number, email)
Changes to all information listed above
6. From what sources is my personal data collected?
Personal data relating to a data subject is collected from the data subject, from various services that the data subject uses (e.g. SuperPark’s online services, including online/mobile applications and the online store, and SuperParks and activities at them) and from different marketing activities such as marketing-related prize draws, competitions and events.
Personal data can also be collected and updated from SuperPark’s partners’ data files as well as from authorities and companies that provide information on personal data and, in terms of business customers, from the trade register and the companies’ online services and applications.
7. Will my personal data be disclosed to third parties or transferred outside the EU/EEA?
The data may be transferred, at the controller’s discretion and within the scope of applicable legislation, to organisations such as SuperPark’s partners, provided that you have not objected to the transfer of your data. As a rule, we only disclose data for purposes that support the objective of SuperPark’s data file and in cases in which the intended use of the data is not incompatible with SuperPark’s intended use.
Data may also be disclosed as required by claims from competent authorities or other parties, in accordance with the applicable law, and for the purposes of historical or scientific research, provided that the data is anonymised in such a way that data subjects cannot be identified.
Data may be disclosed to buyers in the event of a merger or acquisition if SuperPark sells or otherwise arranges its business operations.
Data may be transferred to partners, selected by the controller, that process data on behalf of the controller on the basis of a cooperation agreement between the parties. In this case, the data processor is not entitled to process the transferred data for its own purposes or in its own data file.
Data will not be transferred outside the EU or the EEA unless it is necessary for the processing of the personal data or due to technical implementation of the processing, in which case the transfer is done in accordance with the applicable legislation.
SuperPark may transfer the data contained in the data file to its own direct marketing registers after the end of the customer relationship.
8. How is my personal data protected?
The electronically processed data contained in the data file is protected by generally accepted technical means, e.g. firewalls, passwords and other measures. Material maintained manually is located in places with no access by unauthorised persons.
Only the controller’s employees and employees working on behalf of the controller and appointed by the controller have access to the data contained in the data file.
9. How long is my personal data kept for?
Order information is stored by default for 10 years after the order is processed and longer with the customer’s consent.
If the customer account is not logged in for 6 years, the customer account will be closed and all data associated with it, including order history, will be deleted or anonymized.
Deleted addresses that have not been used for orders will be deleted from the system within 30 days. Other deleted addresses will be deleted when orders are deleted or 7 years after the address is deleted, whichever occurs first.
10. Right to access, object and rectify
You have the right to request access to your personal data. The request for access must be emailed to the person responsible for the data file. The request will be dealt with according to SuperPark Oy’s internal data protection process. The request can also be made in person by visiting the controller, in which case you must be able to verify your identity.
You have the right to object to the processing and disclosure of your personal data for the purposes of direct marketing, distance selling, surveys and market research; this is done by contacting the controller.
You have the right to request rectification of incorrect information; this is done by contacting the controller.
11. Can this privacy policy be amended?
SuperPark continually develops its business and therefore reserves the right to amend this privacy policy by notifying of the changes through its services. The changes may also be based on changes in legislation. We recommend that you regularly review the content of this privacy policy.