1. Controller
The party responsible for the processing of personal data:
- Company Name: ID of Life Ltd.
- Business ID: 3593234-2
- Address: Keilaranta 1, 02150 Espoo, Finland
- Email: info@idof.life
2. Name of the Register
Customer and Marketing Register of ID of Life Ltd.
3. Purpose and Legal Basis for Processing
We collect personal data for the following purposes and based on the following legal grounds:
- Customer Relationship Management: To process orders, deliver services, and handle invoicing. (Legal basis: Performance of a contract (GDPR Art 6.1.b).)
- Marketing: To send newsletters, offers, and updates. (Legal basis: Consent (GDPR Art 6.1.a) or Legitimate Interest (GDPR Art 6.1.f) for existing customer relationships.)
- Statutory Obligations: To comply with accounting and tax legislation. (Legal basis: Legal obligation (GDPR Art 6.1.c).)
4. Data Content
- Basic info: Name, email address, phone number, mailing address.
- Customer info: Order history, billing details, correspondence.
- Marketing info: Newsletter subscription status, open/click statistics (via Mailchimp).
5. Regular Sources of Information
Information is primarily collected directly from:
- The customer when making a purchase or contacting us.
- The customer when subscribing to our newsletter via our website.
6. Data Transfers and Disclosures
We do not sell your data to third parties. However, we use trusted service providers to run our business (e.g., IT support, accounting firms, payment processors). These parties process data on our behalf under strict data processing agreements.
Transfers Outside the EU/EEA (Mailchimp): We use Mailchimp (The Rocket Science Group LLC, a subsidiary of Intuit Inc.) for marketing automation. Consequently, names and email addresses are transferred to and processed in the United States.
- Legal Basis for Transfer: The transfer is protected under the EU-U.S. Data Privacy Framework (DPF), to which Intuit Inc. is certified. This framework ensures an adequate level of data protection comparable to EU law.
- Alternatively, where the DPF does not apply, we rely on the European Commission's Standard Contractual Clauses (SCCs) to ensure data security.
- You can view Mailchimp's Privacy Statement here: https://www.intuit.com/privacy/statement/
7. Data Retention
We store personal data only as long as necessary:
- Customer data: Stored for the duration of the customer relationship.
- Accounting data: Stored for six (6) years as required by the Finnish Accounting Act.
- Marketing data: Stored until you unsubscribe from the mailing list.
8. Rights of the Data Subject
Under the GDPR, you have the following rights:
- Right to access: You have the right to inspect the data we hold about you.
- Right to rectification: You can request correction of inaccurate or incomplete data.
- Right to erasure: You can request the deletion of your data ("right to be forgotten"), provided there are no legal obligations (e.g., accounting laws) requiring us to keep it.
- Right to withdraw consent: If processing is based on consent (e.g., newsletter), you can withdraw it at any time by clicking the "Unsubscribe" link in our emails.
- Right to lodge a complaint: If you believe our processing violates data protection laws, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu).
9. Security Principles
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction.
- Digital data: Protected by firewalls, encryption, and secure passwords. Access is restricted to authorized personnel only.
- Physical data: Stored in locked premises with restricted access.
10. Cookies
Our website uses cookies to improve user experience and analyze site traffic. You can manage your cookie preferences via the cookie banner on our website.
