Privacy Policy
This statement describes how we process the personal data of our customers and website users. Updated: December 10, 2024
PRIVACY POLICY
Register and data privacy policy in accordance with the EU General Data Protection Regulation (EU 2016/679)
1. Data Controller
NOVITA OY
Tehtaankatu 27–29 A
00150 Helsinki
Business ID: 0112428-3
2. Contact Information
For inquiries or requests regarding personal data processing, you can contact our customer service via:
- Email: support (@) novita.fi
- Customer service contact form
3. How Does Novita Use Your Personal Data?
We process your data to market our products and services. We may carry out electronic direct marketing if you have given your consent. Additionally, we analyze your interests to market the most relevant products and services to you. We may optimize our website, product recommendations, and product selection based on your preferences.
To achieve this, we may create a user profile based on the information you provide and the data collected in accordance with this privacy statement. This profile can include information such as whether you opened our emails and clicked on links within them.
Personal data may be processed within the limits allowed by the EU General Data Protection Regulation and Finnish personal data legislation for purposes including managing, developing, analyzing (e.g., targeted services, communication, marketing, surveys, statistics), authentication, security measures, and fulfilling legal obligations. Additionally, Novita may use personal data for targeted sales and marketing, including:
- Direct marketing via post or phone, including text messages
- Electronic marketing, such as email and other digital messages
- Digital advertising (e.g., display ads and search engine marketing), which may result in seeing our ads on other websites
If you are registered in our loyalty program or have created a user account on our website, we may process your personal data to provide benefits and services associated with the loyalty program and to inform you of changes.
Our customer service may process your personal data based on your inquiry. Customer service calls may be recorded, with prior notice provided. Personal data collected by customer service may be combined with other collected data, such as purchase history, to offer the most efficient and personalized service.
Processing personal data is based on the user's (data subject's) consent. If consent has not been provided, processing is legitimate because the user voluntarily entered their personal data to use Novita's services. Otherwise, data processing is based on the data controller's legitimate interest.
4. How Long Is Your Personal Data Stored?
We retain your data as long as necessary to fulfill legal obligations, such as defending against legal claims or complying with accounting requirements. If you have given marketing consent, your data will be stored until the consent is withdrawn. Data collected through browser or server-based tracking will be retained according to our cookie policy.
5. Contents of the Register
The register contains information about customer activities on the website, such as purchase history, participation in competitions and surveys, customer service interactions, loyalty program usage, and other information directly provided by the data subject.
Note that we do not collect payment information. Payment details are securely handled by authorized third-party payment providers.
The system assigns user-specific identifiers and records consent for personal data processing. It may also link to social media accounts at the user's request.
All processed data, the basis for processing, storage location, retention period, distribution, processing rights, and consents are detailed in an appendix available upon request from Novita (contact details in section 2).
6. Regular Data Transfers
Data may be transferred to service providers and partners, such as payment, analytics, and marketing service providers. For SMS marketing, data is processed with the user's specific consent. Data may also be disclosed to authorities to comply with legal obligations.
To improve or maintain the service, authorized experts bound by confidentiality agreements may access customer data if necessary. Copies of the service, including user data, may be created for quality assurance in development and maintenance.
7. Data Transfers Outside the EU or EEA
Data is not transferred outside the EU or EEA. However, if services such as Facebook Pixel or Google Fonts are used, data may be sent to third countries. In such cases, Novita refers to the GDPR Articles 45, 47, 46.2, and 49. More information can be found here https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.
8. Principles of Data Security
The register is not stored as paper copies but as electronic records on Novita's or its service providers' servers. Access to the register is restricted to Novita employees and subcontractors under confidentiality agreements who require access for their duties.
The register is securely protected using firewalls and other technical and organizational measures. However, no internet-based service is entirely secure.
9. Rights of Data Subjects
Data subjects have the right to:
- Access their data
- Request corrections
- Request data deletion (right to be forgotten)
- Restrict data processing
- Transfer data
However, the right to deletion is not absolute. Novita may retain data if processing is necessary to comply with legal obligations, validate contractual obligations, address security risks, or for other justified purposes.
To exercise these rights, data subjects must prove their identity and submit a written request to Novita (contact details in section 1).
10. Data Retention Period
Customer data is retained as long as the customer relationship exists. Data is deleted if the user has not logged into the service for three years. For legal obligations (e.g., accounting), data is retained for up to 10 years. Alternatively, data may be anonymized, removing all links to the individual.
11. Changes to the Privacy Policy
Novita regularly reviews data usage and may update this privacy policy. Changes will be communicated in an appropriate manner, such as during login or data entry, and may require user consent.
12. Tracking Services and Cookies
This website uses cookies to personalize content and ads, support social media features, and analyze traffic. Information is shared with social media, advertising, and analytics partners who may combine it with other data.
Cookies are small text files used to enhance user experience. We only store cookies essential for website functionality without user consent.
We collaborate with services like Microsoft Clarity and Microsoft Advertising to collect behavioral metrics, heatmaps, and session recordings to improve and market our products/services. Read more about Microsoft data policies.