Privacy Policy
We at Wonderworking Icon Inc. are committed to processing personal information with due care and in accordance with applicable data protection law.
This privacy policy determines the manner in which Wonderworking Icon Inc. (the ”Company”) collects and processes personal data (the ”Personal Data”), including while the Company is providing services (the ”Services”) to the client (the ”Client”).
The Company undertakes to protect Personal Data. The Company shall follow procedures and processes that serve to protect Personal Data in accordance with the requirements of the data protection legislation.
The legal basis for the processing of personal data is the carrying out of functions pertaining to the agreement, as well as the legitimate interest to develop the Company’s business operations to the extent the matter pertains to the development of the Services, customer communications and marketing. We may also be compelled to utilise the data we have collected to prevent and investigate any malfeasance and/or to present or defend against legal claims. In this respect, the processing is either based upon our legitimate interest or the management of statutory obligations (such as, for instance, the identification of clients).
Processing pursuant to statutory obligations is based upon the necessity of the processing for the purposes of complying with the data controller’s statutory obligation.
Purposes of and legal basis for personal data processing
The purposes of personal data processing shall comprise
1. Customer service, provision and development of services, including client communications and marketing
2. Fulfilment of our agreements and contractual covenants as well as other obligations
3. Prevention and investigation of malfeasance and protection of our rights
4. Management of statutory obligations
What information does the Company collect?
The personal data collected by the Company may be categorised as follows:
1. Basic details of the data subject, such as their name
2. Data subject’s contact details, such as their email address and telephone address
3. Information concerning the company and the contact persons of the company, such as the Business ID and the names of the contact persons
4. Information concerning customership, contractual partners and agreements, such as information regarding former and valid agreements and orders, correspondence with the contractual partner as well as other contacts, contractual partner’s payment details and information submitted into our systems by the contractual partner of their own volition.
5. Any other information collected upon the consent of the data subject.
Where does the Company obtain information?
We primarily obtain information from the data subjects themselves, from the authorities, credit rating agencies, contact information services providers and from other comparable reliable instances.
For how long are user data retained?
The Company retains data subjects’ Personal Data only for as long as they are necessary for the purpose for which they were collected or for the maximum duration permitted by law. Consequently, the duration of the personal data retention period differs depending upon the data in question. This also entails that we may retain your Personal Data even if your contractual relationship with us has ended, but only for as long as we have a reason to do so.
Transfer and disclosure of personal data
For the purposes of providing the service
We only transfer Personal Data in the extent third parties require access to the Personal Data processed by us for providing the Service or for the fulfilment of our contractual obligations for the purposes set forth in this Privacy Policy.
Your consent
In case the user has granted their consent, we may share the user’s data with selected third parties, in order for them to be able to contact the user.
Corporate transactions
In conjunction with any sale, assignment or other reorganisation of its business operations, the Company may forward Personal Data processed by it to the parties of the transaction and their advisors.
Authorities
Personal data may be disclosed in accordance with demands presented by competent authorities and statutory requirements.
Legal claims and debt collection
We may process and disclose your personal data to third parties, if this is necessary for protecting the interests of the Company, its employees or for protecting or defending other rights or interests or investigating crimes targeting the Company. Furthermore, we may disclose your personal data to a third party, in case this is necessary for the enforcement of an agreement, collecting of receivables, investigating potential offences or for drafting, presenting or protecting against a legal claim.
Transfer of personal data outside of the EEA
The Company seeks to carry out the Services and to fulfil its contractual obligations and to process Personal Data taking advantage of operators and services located within the EU or EEA area.
Some of our subcontractors, distributors and partners are located outside of the European Economic Area. In such circumstances, Personal Data may be transferred between different countries. Such transfers may include transfers of Personal Data outside of the EU or EEA area to countries whose legislation governing the processing of Personal Data deviates from the requirements of Finnish law. In such cases, the Company shall ensure an adequate level of Personal Data protection, for instance, by agreeing upon the matter with the Personal Data processor using model contract clauses or other methods provided for under the data protection legislation in relation to the transfer of Personal Data to third countries.
Protection of Personal Data
The Company employs up-to-date procedures to protect Personal Data, including Secure Sockets Layer (“SSL”) or other comparable encryption software.
Amendments to the Privacy Policy
The Company may amend this Privacy Policy. We primarily announce amendments to the Privacy Policy on our website, so that the data subjects are at all times aware of how their Personal Data is being processed.
Your rights
Right of access
You have the right to inspect which of your Personal Data has been recorded in the register.
Right to rectification
You have the right to require the rectification of inaccurate and erroneous information.
Right to erasure
You may request us to erase your Personal Data from our systems. We shall carry out the procedures you require, provided we have no legitimate reason to abstain from removing such information.
Right to restrict processing of Personal Data
In certain statutory cases, we may restrict the processing of personal data.
The right to object to data processing
You may request restrictions to the processing of your Personal Data, if your Personal Data is processed for purposes other than the carrying out of our Service or for the fulfilment of a statutory obligation. Objecting to personal data processing may result in more limited possibilities to utilise our Service. You have the right to decline electronic direct marketing by following instructions included in all marketing messages we send.
Right to data portability
You have the right to obtain your Personal Data from us in a structured and commonly used form so that you are able to forward such data to another data controller, when the processing of your Personal Data is based upon consent or an agreement concluded between us.
Right to withdraw consent
If the processing of your Personal Data is based upon consent, you have the right to withdraw such consent at any time.
Exercising your rights
The Company shall implement the rights mentioned above in the content defined under the General Data Protection Regulation. The scope of the rights is contingent upon the basis for the processing of your Personal Data.
You may exercise your rights by sending a letter or email containing your name, address, telephone number and a copy of your valid identification certificate. We have the right to reject requests that are reiterated with unreasonable frequency, are excessive or unfounded.
Should you feel that the processing of your Personal Data is in conflict with the valid legislation, you may lodge a complaint with the local data protection authority.
Who is the data controller and whom may I contact?
The data controller is Wonderworking Icon Inc. In matters concerning the register, you may contact: markku.maenpaa@ikoni.fi.