Siirry sisältöön

Privacy Policy

We update this Privacy Policy as necessary. We encourage you to regularly check the latest version of the statement on our website. 

Fida Customer Registry Privacy Policy 

Updated: 9 December 2024 

1 DATA CONTROLLER 

Fida International ry, Company Registration Number (Y-tunnus) 0280613-9, Tulppatie 20, 00880 Helsinki, Finland. 

2 CONTACT PERSON FOR DATA PROTECTION MATTERS

Anna Eronen, switchboard 010 505 7777. 

3 NAME OF THE REGISTER 

Fida Customer Registry  

4 PURPOSE AND BASIS OF PERSONAL DATA PROCESSING 

The primary basis for processing personal data is the customer relationship between Fida International ry (Fida) and the individual, such as a donor, supporter, regular customer, or member, based on the person’s consent, instructions provided by the person, contract, or other relevant connection. The customer relationship may begin, for example, from a donation, joining as a member or regular customer, subscribing to a newsletter or materials, or participating in a competition, prize draw, training, or Fida Short internship.  

Personal data may be processed for the following purposes:  

  • Managing, implementing, developing, and monitoring customer relationships, customer service, communication, and marketing. 
  • Analysing, grouping, and reporting on customer relationships, implementing loyalty programmes, and other purposes related to the development of customer relationships and Fida’s operations. 
  • Collecting and processing customer feedback and satisfaction data. 
  • Conducting market research and surveys. 

Fida may also use personal data for profiling purposes as part of the processing actions in the customer registry. Profiling involves creating a customer identifier to combine data from various services used, which can then be compared with profiles of other registered individuals. The purpose of profiling is to understand service demand and customer behaviour, and to group and target marketing to different customer segments. 

Processing tasks may be outsourced to third-party service providers in compliance with data protection legislation and its limitations. 

5 CONTENT OF THE REGISTER 

The customer registry consists of the following groups: 

  • Donors and supporters 
  • Subscription holders (subscribers to Fida magazine, newsletter subscribers, material orders) 
  • Regular customers of Fida Secondhand Shops chain and goods donors via pick-up service 
  • Fida’s supporting members and regular association members 

The following types of information may be recorded about the registered individual: 

  • Name, customer number, postal address, phone number, email address, and other necessary contact information. 
  • Service usage and purchase data, donation information, loyalty programme status, and marketing and communication details across various interaction channels, such as online services. 
  • Content produced by the registered individual, such as customer feedback and any additional information provided by the individual, such as preferences related to their membership, satisfaction data, areas of interest, or other similar data. 
  • Services ordered and used by the registered individual, including payment details. 
  • Restrictions, consents, and other choices. 
  • Other customer-related information, such as data collected from website usage, including IP address, time of visit, visited pages, browser type, referring web address, and server information. For more information about the technologies and practices used in website data collection.
  • Information related to the processing of data, such as storage date and data source. 

6 RETENTION PERIOD OF PERSONAL DATA 

Fida retains personal data in the customer registry until the customer relationship or other relevant connection between the registered individual and Fida is considered to have ended. 

Accounting records, including payment data, are retained in accordance with accounting law. 

Fida has the right to terminate a customer’s Fida Secondhand Shops loyalty programme membership without further action if no purchases have been registered on the loyalty card within two years (24 months). 

7 REGULAR SOURCES OF INFORMATION

Data is primarily collected from the following sources: 

  • Information provided by the registered individual (electronic and paper forms, emails, social media, agreements) and events related to their customer relationship, use of services, and interactions or donations. 
  • Parties providing identification, verification, address, update, credit, or other similar services, such as systems from the Digital and Population Data Services Agency and other known systems. 
  • Information provided by other Fida partners, such as members of the association or churches. 

8 REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA 

Data may be disclosed for the purposes described in section 4 of this privacy policy and to other Fida personal data registries, always in accordance with data protection legislation and its limitations. 

Customer data will not be disclosed outside of Fida for the production, development, or maintenance of services and communication, except in accordance with an agreement, separate consent, and/or specific regulations. 

Regular service providers include Salesforce Inc., Arena Interactive Oy, Elisa Oyj, Posti Oy, Laine Direct, Keuruun Laatupaino, Solteq Oyj, Sunduka Oy and Zoined Oy.   

Customer data may be transferred outside the European Union or European Economic Area in accordance with data protection legislation and its limitations. Such transfers are carried out in accordance with the agreement between the customer and Fida. 

9 DESCRIPTION OF THE PRINCIPLES OF REGISTER PROTECTION 

Any physical materials are stored in a locked space accessible only to authorised personnel. Digital data is accessible only to authorised employees or partners with personal usernames and passwords. Access rights are granted based on the tasks to be performed, ensuring access is as limited as possible. 

10 THE REGISTERED INDIVIDUAL’S RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA AND DIRECT MARKETING (OPT-OUT RIGHT) 

The registered individual has the right to object to profiling and other processing actions performed by Fida on their personal data when the basis for processing is the customer relationship between Fida and the registered individual. The registered individual may submit their objection according to the instructions in section 12 of this privacy policy. 

In the objection, the registered individual must specify the particular situation in which they are opposing the processing. Fida may refuse to implement the objection request based on legal grounds. 

The registered individual may provide consents or opt-out preferences for direct marketing on a channel-specific basis, including profiling for marketing purposes. 

11 OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA  

11.1 Right to Access Data (Right of Inspection) 

The registered individual has the right to inspect what information about them has been stored in Fida’s customer registry. The request for inspection should be made according to section 12 of this privacy policy. The right to inspection may be denied based on legal grounds. The right to access data is generally free of charge. 

11.2 Right to Request Rectification, Deletion, or Restriction of Processing 

If the registered individual notices or is informed of an error, they must promptly correct, delete, or complete the incorrect, unnecessary, incomplete, or outdated information in the registry. 

The data controller must promptly rectify, delete, or complete any incorrect, incomplete, or outdated data when the registered individual requests it. Correction requests should be made according to the instructions in section 12 of this privacy policy. 

The registered individual also has the right to request the restriction of processing their personal data, for example, while awaiting a response to a request to rectify or delete their information.  

11.3 Right to Data Portability

If the registered individual has provided information to the customer registry that is processed based on the individual’s consent or instructions, they have the right to receive such data in a machine-readable format and to transfer it to another data controller. 

11.4 Right to Lodge a Complaint with a Supervisory Authority

The registered individual has the right to lodge a complaint with the relevant supervisory authority (the Data Protection Ombudsman) if the data controller does not comply with applicable data protection regulations. 

11.5 Other Rights 

If personal data is processed based on the registered individual’s consent, they have the right to withdraw their consent by notifying Fida as described in section 12 of this privacy policy. 

12 CONTACT

For all matters related to the processing of personal data and exercising your rights, the registered individual should contact Fida’s customer service at phone number 010 505 7777, email fida@fida.fi, or by post: Fida International ry / Customer Service, Tulppatie 20, 00880 Helsinki, Finland. 

Fida may request the registered individual to clarify their request in writing, and their identity may be verified before taking further action.