1. Lawful basis of processing
We may process your data based on one of three main legal grounds: (1) your consent; (2) any contract between you and us; and (3) our legitimate interests.
We collect your personal data based on one or many of the following legal bases:
• we have obtained your prior express consent (written, verbal or online) to the processing of your personal data (this legal basis is only used in relation to processing that is entirely voluntary - it is not used for processing that is necessary or obligatory in any way);
• the processing is necessary in connection with any contract between Fiskars and you ("contractual necessity"); or
• we have a legitimate interest in carrying out the processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms ("legitimate interests").
You have a right to withdraw your consent to the processing of your personal data, at any time, by contacting Customer Service. Please read more here.
2. Personal data we collect
We collect the following information:
• Information provided directly by you
• Information collected when our websites or interactive products or services are used
• Information related to the purchases and other business with us by you
• Information collected from other sources which may be combined with the user account details
Please note that we do not collect any payment information. All payment data are processed by authorized third party payment services providers.
We may collect personal data either directly from you, automatically from your devices that interact with our services, or from third party sources as described below.
Information collected directly from you:
• Contact details: your name, email address(es), telephone number, postal address;
• Demographic information: gender, date of birth or age, language, title or degree;
• Information related to your account: payment type or method, username, encrypted password, account picture;
• Any consents, communications and feedback that you provide to us;
• Personal interests notified by you;
• Work-related information provided by you: company/employer's name and contact details;
• Gift purchase information: the recipient's name, contact address, delivery address(es), telephone number and email address(es); and
• Other information collected on the basis of your prior, express, voluntary consent (including public social media profiles).
Information collected when our websites or interactive products or services are used:
• Your user account identity and registration date (if you are logged in);
• Your browser, operating system, device model, IP-address, time of access and duration of access;
• Location data (including details of your WiFi-connection point, GPS coordinates or similar measure (read more: use of location data));
• Web pages through which our website was accessed, the pages browsed by you, all other actions with our website during your website visit (e.g., interactions, referral sites, search key words);
• Cookies and other identification tags;
• Marketing information: the benefits, campaigns and services directed or offered to the customer and your usage of them; and
• Other information collected based on your consent.
Information related to your purchases:
• Information on orders, deliveries, payment methods, billing address(es), delivery address(es), and other information related to any business you may do with Fiskars;
• Your contacts with Customer Service and communication with you;
• Your participation in our promotions and contests; and
• Your contact information.
Information collected from other sources which may be combined with your user account:
• If you have connected to any Fiskars website, service or social media channel using your social media profile(s), we may collect the public information available on your social media profile(s);
• We may purchase information from third parties to complement the data collected by us;
• We may collect information from public registers maintained by authorities, if such registers are available in your country; and
• Updated delivery and contact information from delivery agents.
We may use third party service providers for payment processing, in which case you will be directed to the relevant third party service provider's website which is subject to that third party service provider's terms and conditions. Fiskars does not store credit card information.
3. How Fiskars uses your personal data
We collect your personal data in order to offer you our products and services in the best possible way; to create a smooth shopping experience; and to operate and maintain our websites and services effectively. We use the collected information for the following purposes:
• Offering products, marketing and personalizing
• Customer loyalty programs and other user accounts
• Customer service
• Product and services development and anonymized reporting
• Detection, investigation and prevention of unlawful activities
• Identifying users
We may process your personal data for the following purposes:
I. Offering products, marketing and personalizing
We want to offer you the most interesting products and services and therefore we may analyze your interests, preferences and needs.
We may process your personal data to manage our relationship with you, in the context of marketing and sales purposes as follows: managing the customer relationship lifecycle, customer segmentation and improving effectiveness.
Your personal data may be processed for the purposes of informing you about our products and services, announcing any new product or service launches or benefits available to you, and concluding market surveys, provided that we have first obtained any necessary consent, where required for such use, in accordance with the applicable law. Such marketing may be carried out as follows:
• Direct marketing through mail or telephone, including text messages;
• Electronic messaging: emails and other electronic messages; and
• Digital online marketing (e.g., displays, search engine marketing)
II. Customer loyalty programs and other user accounts
If you have registered with a customer loyalty program, or created a user account to any of our websites, we may process your personal data for the purpose of providing you with the benefits and services available under our customer loyalty program and informing you of any changes.
III. Customer service
We may process your personal data for the purpose of providing personal and customized services when you contact our Customer Service team.
Our Customer Service team may process your personal data if you contact them. Your calls to the Customer Service team may be recorded, in which case you will be informed of such recording beforehand. We may connect the personal data collected by the Customer Service team with other personal data, such as your purchase history, which enables us to provide you with as efficient and personal service as possible.
Your personal data may also be processed for warranty-related activities, such as activating the warranty, claims related to warranties and registering additional warranties for certain items.
IV. Product and services development and anonymized reporting
Product and services development is essential to us and enables us to provide our customers with ever better, more innovative and user-friendly products and services.
We may process your personal data and account details to both improve our existing products and services, and to develop new ones. We may connect any feedback and communication received from you with your account.
• Surveys/research conducted via our websites: We may use questionnaire tools on our websites to improve our customer experience from time to time.
• Loyal customer community: To improve our service and our program to meet our customers' needs we may provide you with surveys or research questions concerning our products and services (whether in hard copy or online).
We use anonymized data for reporting purposes. Such data have been anonymized and cannot be used to identify you. We use such data to analyze the realization of our commercial objectives, such as effectiveness of our product campaigns. Such anonymized data may contain:
• Aggregate visitor numbers of our websites;
• Aggregate visitor numbers of our stores;
• Average visit duration;
• Typical visitors path on our site or our store; and
• Certain measurements related to our product sales.
If you have ordered products or services from any of our web stores or physical stores, we may process your personal data for the purposes of processing your order(s).
Payment details are not stored in our systems. Instead, payment data are provided by you directly to our third party payment services providers.
VI. Detection, investigation and prevention of unlawful activities
We may process your personal data for the purposes of detecting, investigating and preventing unlawful activities. We may provide your information to law enforcement authorities based on their request, or based on a legal basis defined in any applicable law for prevention and investigation of fraud and other unlawful activities. We may disclose your personal data to any party in response to an order from a court of competent jurisdiction.
VII. Identifying users
We may identify you for the purposes of providing you with more personalized and customized services, and a better experience.
We may identify your online activities based on cookies. Read more on cookies we use. In mobile applications and web stores, we may identify you based on your log-in details.
Identifying you in any of our physical stores requires your name and postal address and possibly ID verification.
4. Use of the location data
We may collect location data concerning your physical location in our stores. The location data are based on an individual identifier of the device (through WiFi or Bluetooth signals), which is anonymized immediately and irreversibly upon collection of the data. You cannot be identified from the anonymized data and the anonymized data cannot be restored to identifiable data.
We may also use location data to help you search for our stores nearby you, in which case we locate you based on GPS data. Such data are not stored by us.
5. How long is your data stored
• Your data are stored as long as your online account is valid, plus the applicable period for limitation of legal claims, and any additional periods required or permitted under applicable law.
• Remember to update your information if any material changes occur.
If you have created an account to any of our webstores or loyalty programs, your personal data will be retained until such time as you either terminate the account, or request that your data be deleted. To ensure that you receive news, offers and other information you are interested in, you may be asked to update your data once in twelve (12) months when you use your webstore account or when you purchase products in any of our local stores.
6. How we disclose your personal data to other parties
We do not disclose your data to third parties, except for processors and approved third parties, in accordance with applicable law. We do not sell, lease or rent your data. Your data are adequately protected if transferred internationally. We may provide your data if needed for lawful requests, fraud combating, mergers or acquisitions or protection of our interests.
We disclose your personal data only to the parties indicated below and for the following reasons only:
• International transfers. Our services may be provided using resources and servers located in various countries, partly located outside of EU/EEA. Therefore your personal data may be transferred across international borders outside the country in which you use our services. In the event that your personal data are transferred outside of EU/EEA, we will ensure that any such transfer is covered by appropriate contractual measures (e.g., using European Commissions Standard Contractual Clauses), that the transfer has an appropriate legal basis, and that the data processing and confidentiality fulfills the requirements in relevant laws. You may obtain a copy of the relevant Standard Contractual Clauses (where applicable) by contacting us using the details set out in Section 13 below.
• Lawful requests. We may be required by the binding requirements of applicable law, or for the purposes of responding to legal proceedings or other lawful requests to disclose your personal data to authorities or third parties.
• Protection of our interests and combating fraud. We may also disclose or otherwise process your personal data, in accordance with applicable law, to defend our legitimate interests (for example, in civil or criminal legal proceedings) and when combating fraud.
• Mergers and acquisitions. In the event of any sale, consolidation or reorganization of our businesses (for example mergers and acquisitions), we may disclose your personal data to prospective or actual purchasers or their advisers, where appropriate.
7. Personal data of children
Product orders will only be accepted by us if the consumer is 18 years old or more. Therefore we do not seek to collect personal data of children.
8. Steps taken to safeguard the personal data
We have created appropriate safeguards to protect your personal data. We have implemented both technical and organizational safety measures, and only certain restricted personnel are permitted to access your data. However, you should always be careful when transmitting your data via internet, as the transmission of data to our website will be at your risk.
We have implemented appropriate technical and organizational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing, in accordance with applicable law.
We maintain a variety of physical, electronic, and procedural safeguards to guard your personally identifiable information. Specifically, we use commercially accepted procedures and systems to protect against unauthorized access to our systems. Only our appointed personnel and third party companies operating on behalf of us or on our assignment (referred to as "Authorized Third Parties") are entitled to access or process your personal data.
All persons processing such data must receive individual accreditation. Different levels of access have been created based on the type of data a person needs to access or process according to his/her job description. Our systems are fire-wall protected. Manually stored and processed documents which may contain your personal data are stored in locked and fireproof premises. Only specifically authorized personnel of ours or Authorized Third Parties are entitled to access such premises or process such data. All Fiskars personnel or personnel from Authorized Third Parties who are granted access to your personal data are required to keep such data confidential.
Unfortunately, the transmission of information via the internet is never completely secure. Although we will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
9. Actions you can take in regard to the processing
Subject to applicable law, you may have the following rights with respect to the processing of your personal data:
• Choosing not to provide your personal data
• Accessing, or obtaining a copy of, your personal data
• Checking and editing your data in your user account
• Unsubscribing from direct marketing
• Checking and editing your personal data
• Blocking and deleting the cookies
• Permitting or refusing processing of your location data
• Erasure, or restriction of our processing, of your data
• Objecting to the processing of your personal data
• Withdrawing your consent
• Porting your data to another controller
• Lodging a claim at the supervisory authority
Please note that upon exercising any of the rights listed below, you may be requested to provide additional information for identification purposes. Such additional information shall not be used for any other purpose and will be removed after successful identification.
• Providing your data: You may choose not to provide your personal data to us. It should be noted that some features of our websites and other services may not be fully available to you if you choose not to provide us with your personal data (e.g., we may not be able to process your orders without the necessary details).
• Right of access: You may have the right to request access to, or copies of, your personal data, together with information regarding the nature, processing and disclosure of those data.
• Unsubscribing: We include an unsubscribe link in all electronic marketing messages we send to you. You may withdraw your consent to direct marketing at any time. If you do so, we will promptly update our databases, and will not send you further direct marketing, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.
• Checking and editing your personal data: Should you have an online user account, you may edit and complete your personal data directly yourself. If you do not have an online user account, you may contact our Customer Service team using the details provided in Section 13 below, who will upon your request as soon as possible rectify, remove or complete the information which is incorrect, unnecessary, lacking or outdated.
• Blocking and deleting cookies: You may block the cookies using your browser settings. Please note that blocking the cookies may affect the usability of our websites. You may also delete the cookies from your browser via its settings, in which case the information collected by the previous cookie will not affect the account created based on the information collected after such deletion.
• Allowing use of location data: You may give your consent to the use of location data in the options of the device or the application. You may also withdraw such consent at any time from the options menu in your account, or by contacting our Customer Service team.
• Erasure, or restriction of our processing, of your data: Should you believe that we process your data which is not accurate; the processing is illegal; we are not processing your data in accordance with the processing purpose or you want to oppose the processing, you may contact our Customer Service team to request the erasure, or restrictions on the processing, of your data. Please note that we will investigate your request reasonably promptly, before deciding what action to take.
• Right to object: You may have the right to object, on legitimate grounds, to the processing of your personal data.
• Withdrawing your consent. You may at any time decide to withdraw your consent to the processing of your personal data. If your consent is withdrawn, it does not prevent us from processing your personal data based on other legal bases, such as fulfilling your orders and storing your order data as required by applicable law. However, it should be noted that your user account(s) will be removed, and advantages granted to you via your account will be reset. Please note that withdrawal of consent does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal.
• Right to data portability: You may have the right to have your personal data transferred to another controller, in a structured, commonly used and machine-readable format, to the extent applicable.
• Lodging a claim with a supervisory authority: Should you believe that our processing of your personal data infringes your legal rights, you may lodge a claim with your local supervisory authority. Please do see a list for supervisory authorities' websites here.
11. Third party websites
Please note that certain features on our website are offered by third parties and the third party privacy policies apply.
Our websites and services use options which enable you to share content on social media, such as Facebook's "share" button. Such options are provided directly by the third-party service providers (e.g., Facebook, Twitter, Instagram, Google+, etc.). Each such third-party service provider may collect personal data regarding your visits and interaction with its services, based on its own policies and rules concerning data privacy.
Fiskars cannot be held liable for any privacy policies or terms and conditions concerning data privacy of such third parties.
13. Our contact point
In general privacy issues, in issues relating to your account or to opt out from marketing messages, please contact our Customer Service:
Tel. +358 204 3910
14. Defined terms
• "controller" means the entity that decides how and why personal data are processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws.
• "personal data" means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
• "process", "processing" or "processed" means anything that is done with any personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• "processor" means any person or entity that processes personal data on behalf of the Controller (other than employees of the Controller).