Privacy Policy

This is a Privacy Policy in accordance with the European Union General Data Protection regulation (EU 2016/679). This Privacy Policy describes the rights of the registered individual and the processing of personal data collected by CoReorient Oy and its online services and websites, physical services and research and development work.

CoReorient Oy is a Finnish company developing and providing fair circular and sharing economy services that aim at making the society more sustainable and efficient. Services provided by CoReorient include Coreorient.com, Liiteri.net, Tavaralainaamo.fi, Kimppakyydit.com and Naapuritori.fi

Registrar, VAT ID and Contact information:

CoReorient Oy

Business ID 2388488-1

Vanha Talvitie 10 G

00580 Helsinki

Contact in issues related to your personal data:

Heikki Waris

registry@coreorient.com

Why are we processing your data?

We collect and process your personal data in order to develop and provide services, monitor the use of online and physical services, respond to contact requests, newsletter orders and event registrations.

The purpose of the processing can also be research and development work by CoReorient and its partners, business or other planning and development and marketing, including direct marketing, surveys and market research, and tailored customer service.

The processing of personal data is based on customership, contract, the explicit permission of the registered individual, or other legitimate reason such as the legitimate right to collect information on potential customers. We will process your personal data in compliance with data protection regulations and good data management and processing principles.

What are your data used for?

We use your personal data to offer products and services, answer your requests and questions, execute contracts, process orders and fulfill other similar functions. Your data is also used to perform obligations that are based on regulations and official orders and guidelines, such as user identification, risk management, data protection and the prevention and investigation of abuses.

We use your personal data to offer products and services, answer your requests and questions, execute contracts, process orders and fulfill other similar functions. Your data is also used to perform obligations that are based on regulations and official orders and guidelines, such as user identification, risk management, data protection and the prevention and investigation of abuses.

What data do we collect?

The data we process can be divided into data provided by the user, data observed through the use of Services, and data derived through analytics.

User provided or individually identifiable data in online services

• Contact information, such as name, address, phone number, email address

• Registration data required by the digital account, such as user identifier, username, password and potential other personal identifier

• Language

• Customership data, such as billing and payment information, product and order information, posting and transaction information, customer feedback and contacts, benefit and competition information, and account activity information

• User provided profile and preference information

• Permissions and approvals

• Survey and research responses

• Other data collected with user permission

Stripe

The Stripe payment provider software we use facilitates the transmission of collection of phone number and installed application information. Our application does not upload this information, but Stripe may ask it e.g. as part of ID verification or other functionality as required by a regulator or bank.

Contact request or Service order

Data collected with a contact request or service order on one of our websites can be, for example, name, the organization you represent and contact information, such as a phone number or an email address.

Newsletter

Data collected in the context of ordering a newsletter can be, for example, email address, name and place of residence.For marketing purposes we can monitor the opening of newsletters and links that they contain, online behavior and IP addresses collected on our websites.

Event registrations

Data collected in the context of event registrations can be, for example, name and contact information, such as phone number or email address. We need this data to contact you, for example, regarding event arrangements.

Data observed through the use of Services

Services can store identification, authorization, address, update, credit, video surveillance, email marketing, salary, payment and other similar information. We can have subcontractors that provide services and process information. There is a written contract with each of the subcontractors that specifies the processed personal data and its target, purpose and duration. The subcontractors are committed to compliance with the current data protection regulations.

Data derived through analytics

We can utilize machine learning or artificial intelligence to analyze and deduce information from the use of Services and other data provided by you and produce data to develop and provide services, and for research purposes. The processing of data complies with data protection regulations and good data management and processing principles.

How do we process and protect your personal data?

All personal data are protected against unauthorized access and accidental or illegal destruction, modification, delivery or transfer of data or other unauthorized processing. All access to personal data is monitored according to good practices. The servers containing the data are protected against data breaches and denial of service attacks. 

Cookies and other technical monitoring

Google Analytics

We also use third party services and their cookies in Services, the use of which may change due to the continuous development of online technologies. The use of our online services and websites is monitored through the use of cookies and Google Analytics.

Your browser uses cookies to send automatically to Google data, such as the webpage address and IP address. Google Analytics uses this data to produce reports that do not directly identify individual users. The reports show us the number of visitors to our websites, the website from which user arrived to our website, the duration of the visit to the website, whether the user has visited on our website earlier, and which pages on our website the user visits. Though this monitoring of traffic we develop our website to be even better, and can provide a better website experience. You can prevent Google Analytics from collecting data about you and find more information on the topic in the Google website.

Google

We may use Google remarketing cookies to show targeted banner advertisements to website visitors when they are browsing other websites. With remarketing cookies we can manage settings so that the visitor is not shown too many of our advertisements.

YouTube

We may embed YouTube videos on certain pages on our website. YouTube (owned by Google) stores cookies when the visitor clicks the YouTube button in the video player.

Social media

Our websites can contain links and connections to third party websites and so called social media plugins (e.g. Facebook, Twitter, Instagram, LinkedIn). The use of social media plugins can send identifiable information to these social media service providers. When you open the plugin, you may permit the storing of the service provider’s cookies in your computer, allowing it to monitor your use of the webpage if you are logged to its social media. Third party Privacy policies, terms of use and other conditions are applied to these third party provided services and third party mediated applications in our websites and services. We have no authority over these third party websites and are not liable for any material published in them or their use.

You have always the option to deny, manage and remove cookies through the settings of your browser or mobile device.

Data protection and principles on registry protection

We use appropriate technical and organizational data protection methods to protect personal data against unauthorized access, delivery, destruction or other unauthorized processing. The access to the registry is only with specific persons who require the data in their tasks. The data is collected in databases that require a user identifier and a password and, and are protected with a firewall. We use TLS protected HTTPS connection in the transfer of data so that all personal data is protected when in electronic form. If data is stored in a printed form, they are stored in a space protected from outsiders, and are destroyed in data protection compliant manner when the purpose of their use has ended.

The data received through the traffic monitoring by Google Analytics of our website is stored and processed in the Google Analytics service. Login in the Google Analytics account associated with our website requires login credentials that are only in the possession of specific individuals. The data transfer is protected with a TLS protected HTTPS connection.

You can influence the collection and processing of your data in several ways:

• You can check your stored personal data. We will correct, remove or complement on your request data that is erroneous, unnecessary, deficient or obsolete considering the purpose of the processing.

• You can transfer the personal data you have provided yourself and the data processed based on an approval or contract to yourself or another registrar.

• You can deny the delivery and processing of your data for direct marketing purposes by pressing the link at the end of a newsletter (”peruuta tilaus” or 'avsluta prenumeration' or ”unsubscribe”).

• You can oppose the processing with a reason related to your personal situation that is based on a legitimate interest. If your personal data are invalid, you can restrict the processing until we have confirmed their validity.

• You can cancel your approval if the data processing is based on approval. The cancellation of approval does not affect data processing that is required to comply with the law.

• You can complain to a public authority if your data has been processed in violation of this Privacy Policy and the current legislation.

To whom do we deliver your data?

We can deliver your data to third parties e.g. in the following cases:

• We can deliver your data in a manner that is based on claims required by authorized public authorities or other entities and is in accordance with the current regulations. We can for example deliver your payment and account data to the tax authority.

• We can deliver your data to partners that support the purposes or functionality of Services.

• We can deliver your data to scientific or historical research.

• We can deliver your data to third parties if it is necessary to execute a contract, investigate potential violations or prepare, present or defend a legal claim.

• We can use your data to direct marketing purposes or surveys or market research unless you have declined it. We can deliver your data to third parties if you have given your approval.

We can use subcontractors and partners in the data processing. We have written contracts with the subcontractors and partners where the target, purpose and duration of the personal data processing as well as the personal data are specified. The subcontractors and partners are following good data processing principles and comply with the requirements of the European Union General Data Protection Regulation.

How long do we store your data?

We store your data as long as necessary to perform the purposes described above, within the current law. Upon termination of the customer relationship the storage duration depends on the data and its purpose of use. We aim at keeping the data in our possession correct and valid by removing unnecessary data and updating obsolete data.

Data stored for marketing purposes is typically stored as long as an approval has not been cancelled. We can store the information on the cancellation of approval and contacts in order to confirm the compliance with the cancellation.

We may be obligated to store some data in order to comply with accounting or other regulations also after the termination of customership or other reason for data processing. After the termination of customership we store data required for preparing research, statistics or studies.

Data deletion

You can influence the collection and processing of your data in several ways:

• You can check your stored personal data. We will correct, remove or complement on your request (received at registry@coreorient.com or the company address in the beginning of this document) data that is erroneous, unnecessary, deficient or obsolete considering the purpose of the processing.

• You can also delete your account with all data from profile in the mobile app or from web.

Changing the Privacy Policy

We are continuously improving our operations and therefore withhold the right to change this Privacy Policy by informing about it in Services. The changes can be also based on changing regulations. We recommend to frequently familiarize with the contents of the Privacy Policy.

Contacts

Inquiries can be sent to the address listed in the beginning of the Privacy Policy.

Contact information for the data ombudsman:

Office of the data ombudsman

Postal code: PL 800 00521 Helsinki

Telephone: 029 56 66700

email: tietosuoja@om.fi

Address: Ratapihantie 9, 6. krs. 00520 Helsinki