Privacy Policy
This Privacy Policy is valid for users registering on or after 11.01.2025.
This privacy notice for Oy Lokala Ab ('we, 'us', or 'our'), describes how and why we might collect, store, use, and/or share ('process') your information when you use our services ('Online Services'), such as when you visit our website at https://lokala.fi/ .
This Privacy Statement applies to all personal data processed by us in connection with our Online Services, including the personal data of visitors to our website and the personnel of our partners.
1. Contact Information
Oy Lokala Ab (Finnish business ID: 3434778-2)
Address: Universitetsgatan 11a A 4, 20100 Turku, Finland
Email: [email protected]
Website: lokala.fi
2. Data Protection Officer
Lokala has appointed a Data Protection Officer (DPO) to oversee our data protection practices and ensure compliance with data protection laws and regulations. If you have any questions or concerns about how we handle your personal data, including requests to exercise your data protection rights, you can contact our DPO via email at [email protected].
3. What type of data do we collect?
We collect personal data that you voluntarily provide to us when you sign up for and use our Online Services or when you contact us. The data we collect includes (i) the data that you provide us with or that we obtain directly from you, (ii) the data that we collect automatically.
3.1 Data You Provide to Us
We collect the following personal data directly from you:
- Basic Information: Such as your name, email address, company ID, company name, address, and other information you provide to us.
Legal Basis: Contract necessity (to provide you with our services) and legitimate interests (to ensure the smooth operation of our services). - Access Data and Transaction Data: Such as your email and password for signing in to our Online Services and data on purchase transactions completed through us.
Legal Basis: Contract necessity (to manage your account and process transactions). - Payment Data: Necessary to process your payment if you choose to make purchases. All payment data is handled and stored by Stripe.
Legal Basis: Contract necessity (to process payments).
3.2 Data We Collect Automatically
We automatically collect the following usage data when you visit or interact with the Online Services:
- Location Information: Data about the geographic location of your device, which may be precise (such as GPS data) or approximate (such as IP-based location or Wi-Fi triangulation).
Legal Basis: Legitimate interests (to provide location-based services and enhance user experience). - Cookies and Similar Technologies: Information collected through cookies, web beacons, and other tracking technologies, such as session information, preferences and settings, analytics data, and advertising data.
Legal Basis: Legitimate interests (to analyze usage patterns, improve services, and for marketing purposes). Where required by law, we obtain your consent before collecting this data.
3.3 Ensuring Data Accuracy
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
4. Purposes of data collection
We process personal data only to the extent necessary and appropriate for the specific processing purposes. We use your personal data for the following purposes:
- Processing your orders and managing your personal account.
- User identification and login.
- Product development.
We also collect and process data from companies that sign up for our marketplace. This includes but is not limited to:
- Company Registration and Verification: To register companies and verify their legitimacy and compliance with our marketplace standards.
- Service Provision: To provide services and support to the companies listed on our marketplace.
- Marketing and Communication: To send important updates, offers, and information relevant to companies.
5. How do we store your data?
We primarily store your personal data on servers located within the European Union (EU). This ensures that your data is protected under the stringent data protection laws of the EU. Our Service is hosted on secure servers situated within Finland. This helps us maintain high standards of data security. We utilize third-party service providers to enhance our services, such as for image storage and other functionalities. Some of these providers may store or process your personal data outside the EU. When this occurs, we ensure that appropriate safeguards are in place.
We do not store your personal data longer than is legally permitted and necessary for the purposes of providing our service. The storage period depends on the nature of the information and the purposes of processing. Therefore, the maximum period may vary depending on the specific use case.
After you delete your user account, we may retain personal data only as long as required by law or as reasonably necessary to fulfill our legal obligations or legitimate interests. These interests include, but are not limited to:
- Claims handling
- Bookkeeping
- Internal reporting
- Reconciliation purposes
Once the retention period ends, or the data is no longer needed for these purposes, we will securely delete or anonymize your personal data. If you have any questions about our data retention practices, please contact us at the email address provided in chapter 2 (Data Protection Officer).
6. Your Rights
We want to ensure you are fully aware of all your data protection rights. You have the following rights:
- The right to access: You have the right to request copies of your personal data. This includes information on:
- The purposes of data processing.
- The categories of personal data processed.
- The recipients of your personal data.
- The estimated period your data will be stored.
- The right to lodge a complaint with a supervisory authority.
- The right to rectification: You have the right to request that we correct any information you believe is inaccurate and to complete information you believe is incomplete without undue delay.
- The right to withdraw consent: The User has the right to withdraw the consent at any time free of charge. Withdrawing a consent may lead to fewer possibilities to use the Service.
- The right to erasure: You have the right to request that we erase your personal data under certain conditions, such as:
- The data is no longer necessary for the purposes it was collected.
- Your data has been unlawfully processed.
- You withdraw your consent to data processing as per GDPR Article 6(1)(a) or GDPR Article 9(1)(a).
- The right to restrict processing: You have the right to request that we restrict the processing of your personal data if:
- You contest the accuracy of your data.
- The processing is unlawful, and you oppose erasure.
- You have objected to processing under GDPR Article 21(1) and the verification of legitimate grounds is pending.
- The right to object to processing: You have the right to object to our processing of your personal data, particularly if it is based on GDPR Article 6(1)(e) or (f), or if the data is being processed for direct marketing purposes.
- The right to data portability: You have the right to request that we transfer the data we have collected to you or another organization. This includes the right to receive your data in a readable format and transmit it from one controller to another, where technically feasible.
7. Changes to the Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated date at the top of this Privacy Policy. We will notify you of significant changes by posting a notice on our website or by other appropriate means. These changes will be effective immediately upon posting unless otherwise stated.