This Privacy Policy describes how Luckiefun Suomi Oy (Business ID 0948582-5) processes personal data, what personal data the company collects, for what purposes the data is used, to whom the data may be disclosed, and how the data subject may influence the processing. This Privacy Policy has been prepared in accordance with the EU General Data Protection Regulation (GDPR). We reserve the right to amend and update this Privacy Policy.

 

1. Contact Details

Data Controller
Luckiefun Suomi Oy (Business ID 0948582-5)
Contact Person or Data Protection Officer
Luckiefun Suomi Oy (Business ID 0948582-5)
Luckie Bao
info@luckiefun.com

 

2. Processing of Personal Data and Purpose

2.1. Legal Basis for Processing Personal Data

We process your personal data in a lawful, fair, and transparent manner at all times. We collect and process personal data relating to you only where we have a lawful basis for doing so. The processing of personal data is based on statutory obligations. We collect and use your personal data only where:

– you have given us your consent to use the data for a specific purpose.
– the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
– the processing is necessary for the purposes of legitimate interests pursued by us (which are not overridden by your data protection interests), such as investigating misuse, statistical and research activities, or protecting our legal rights or interests.
– the processing is necessary for compliance with a legal obligation to which we are subject.

 

3. Purpose and Legal Basis for the Processing of Personal Data

3.1. We collect and process personal data for the following purposes:

– recruitment;
– employment relationships;
– customer relationships;
– customer service;
– customer communications;
– maintenance of customer and partner relationships;
– contractual relationships;
– marketing purposes;
– targeting of marketing to customers and potential customers;
– reservations and orders of products and/or services;
– production, maintenance, development, and quality assurance of services and/or products;
– ensuring security and preventing and investigating misuse;
– risk management and prevention of misuse;
– compliance with statutory obligations;
– business planning and product development;
– monitoring of use; or
– processing of product warranty information.

3.2. Sources of Personal data
Personal data is collected from:

– the individual or company that provides the data;
– the Population Information System (Population Register Centre);
– the Trade Register;
– credit information registers.

3.3. Categories of Personal Data Processed by the Company
The Company processes the following types of data:

– personal or company information;
– contact details;
– billing or payment information;
– data related to customer relationships;
– contract data;
– product and order information;
– customer feedback;
– enquiries and correspondence;
– complaints;
– marketing-related consents;
– data related to online behaviour.

 

4. Regular Disclosures of Data and Data Transfers

4.1. We exercise due care in the storage and processing of data and ensure data security through firewalls, passwords, and various generally accepted technical measures. Manually maintained materials are stored in locked facilities to which unauthorized access is prevented. Data storage and processing are carried out through service providers recognized as secure. Data is protected by strictly limited access rights and is processed only for the purpose for which it has been collected. All personal data is processed confidentially.

4.2. As a general rule, we do not disclose or transfer data to third parties unless explicit consent has been given. An exception may apply where disclosure is required by legislation or by an obligation imposed by a public authority, the lawfulness of which is always assessed on a case-by-case basis. Data may also be disclosed based on a contractual relationship with service providers or subcontractors who may process data for the purpose of providing the service. In such cases, the appropriate and lawful processing of personal data is ensured through agreements and, where necessary, confidentiality agreements.

4.3. Data may also be transferred, where necessary, outside the European Union or the European Economic Area.

 

5. Retention of Personal Data

5.1. Personal data is retained for the duration of the customer relationship and for two (2) years thereafter. After the end of the retention period, the data will be deleted or anonymized without undue delay. Data may also be deleted at the customer’s request after the termination of the relationship. We reserve the right to notify separately of a shorter or longer retention period, as applicable.

5.2. Personal data is not used for profiling or automated decision-making.

 

6. Rights of the Data Subject

6.1 Right of Access
The data subject has the right to obtain access to their personal data and to inspect such data. The data subject may request that the data be provided in written or electronic form.

6.2 Rectification and Erasure of Data
The data subject has the right to request the rectification of inaccurate or incorrect data and to request the erasure of their personal data.

6.3 Verification and Accuracy of Data
The data controller actively ensures the deletion, rectification, and completion of inaccurate, unnecessary, incomplete, or outdated personal data in relation to the purposes of processing.

6.4 Data Portability and Restriction of Processing
The data subject has the right to request the transfer of their personal data to another data controller. The data subject may also request the restriction of the processing of their personal data in certain situations.

6.5 Right to Object
The data subject has the right to object to the processing of their personal data for certain purposes. The data subject may prohibit the disclosure and processing of their personal data for direct marketing purposes.

6.6 Withdrawal of Consent
Where the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time. This shall not affect the lawfulness of processing carried out prior to the withdrawal.

6.7 Right to Lodge a Complaint
If the data subject considers that the processing of personal data relating to them infringes the EU General Data Protection Regulation or applicable national data protection laws and regulations, the data subject has the right to lodge a complaint with a supervisory authority.

6.8 Requests Concerning Data Subject Rights
All requests concerning data subject rights must be submitted electronically and addressed to the Data Protection Officer. The identity of the data subject will be verified before personal data is disclosed. Requests will be handled within a reasonable time and as soon as possible after the request has been submitted and the identity has been verified. If a request cannot be complied with, the data subject will be informed in writing.