Privacy policy
From this leaflet
Kevyesti.fi Oy (“Kevyesti.fi” or “me” and similar expressions) provides a billing service and is
additional services related to. When a user of our services (”you” and similar expressions) is registered and
use our services, we collect, use and share your personal information in this notice.
as described. By personal data, we mean any information relating to an identified or identifiable person.
a natural person, hereinafter also referred to as ”registered at”, related information. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number or one or more factors specific to him or her.
1. Data controller and contact details
Kevyesti.fi Oy (business ID: 3265482-6)
Bells and whistles 4
01300 Vantaa
If you have any questions about this leaflet, including about your rights to.
to register, you can contact our customer service email address:
asiakaspalvelu@kevyesti.fi.
2. Amendments to the report
We may update this statement from time to time to reflect changes in legal, technical or regulatory requirements.
on matters relating to our business. When we update this statement, we will endeavour to inform you in a manner appropriate to the significance of the changes.
3. The personal data we process
We may collect, use, retain and transfer or otherwise process the following types of information.
your personal data:
Contact us: Your contact details, such as name, email address and postal address.
Account details: Information related to your user account, such as when you register.
the information provided, as well as various settings and service options.
Financial information: the compensation paid to you through the billing service
the information necessary for payment, such as your account number, and
other information relating to payments, assets and taxation which
we need to provide our services and the related
to meet our legal obligations.
Identifying and identifying information: Your name and address, date of birth, place of residence, social security number and other information and documentation obtained about you which are
necessary to meet our customers' identification and
knowledge requirements, including, inter alia, any information on,
whether you are a politically influential person or belong to one of the following
on an international sanctions list or if you are subject to enhanced controls.
Transaction data: Details of transactions made as part of the payment to you
payment and ancillary services, such as, inter alia, the provision of such
the time, number and date of transactions.
Technical specifications: Technical information related to the use of the Service and your equipment that.
your system sends to us when you use the Services, such as
IP address, browser type and version, time zone setting,
your operating system and any other changes to your hardware.
tags and properties.
Usage data: Information about how you use our website and services, such as.
The URLs of the pages you visit and the information about your use of the site.
ways and times, such as the date and exact time,
frequency, characteristics used, patterns of use and other
information about your interaction with our services.
Profiling information: Information about your interests, preferences and more
the information that you provide to us that makes up your user profile or that.
we infer from your use of our services.
Contact details: Your communication with our customer service and other communication
between us, including notices that we may from time to time
sent to you by email or through our service interface.
Loan information: Information on the loans granted to the light entrepreneur, such as
the principal amount of the loan, the date of repayment of the loan.
the due date and the delayed repayment of the loan claim.
Marketing information: Information about your choices and preferences regarding our or
marketing by our partners.
We may also collect, use and disclose anonymised aggregated data whatever
for the intended use. Such information, such as demographic and statistical data, may be
derived from your and our other customers' personal data, but can no longer be combined or
back to identifiable persons and is therefore no longer considered personal data.
4. How we collect personal data
We collect your personal information in the following ways:
● The personal data you provide: Information you provide or submit to us, for example.
via our website or by e-mail or telephone. You may provide
information, for example, when you register and create your user account, when you contact us.
to our customer service or when sharing information by adjusting the service settings.
● Automated technologies: We can automatically collect transaction, usage and
technical information and certain account information based on our website and services.
for your use. We may also use account, transaction and usage information to lead you to.
profiling information.
● Third parties and public sources of information: We can receive information about you
information from the following third parties:
o Transactional and technical information on technical and payment services
from our partners.
o Technical information from our web analytics and advertising service providers
Please note that where we are required to collect certain information by law or between us, we may.
contract and you do not agree to provide that information at our request, we may not be able to.
are unable to provide you with the services you request.
5. How we process personal data
Below we set out the purposes for which we may process your personal data and the purposes for which we may process it.
the legal grounds on which our processing is based. As a general rule, our processing is based on the following
legal bases:
1) Consent: The law allows us to process personal data that is necessary to.
to provide payment services to you, only with your explicit consent.
Your separate consent is also required, for example, to set certain cookies.
for your device.
2) Contract: Subject to the above, we will process your personal data on this basis,
where processing is necessary for the purposes of the agreement between us, in particular our terms of service.
to implement.
3) Legitimate interests: We process your personal data on this basis, unless the processing is based on.
any other ground set out in this paragraph and is necessary for us or a third party to.
the legitimate interests of a party, except where the protection of personal data is.
your interests or your fundamental rights and freedoms override such interests.
4) A legal obligation: We process your personal data on this basis when the processing is
necessary to comply with our legal obligation.
We may base the processing of your personal data on more than one or more of the following.
an alternative legal basis, depending on the specific circumstances, the data processed and the purpose for which we process your data. If you would like details of the legal grounds on which we base our processing in certain circumstances and/or for certain data, you can contact us as set out above.
| Purpose of processing | Data group | Legal basis |
| Providing our services, including payment and related services, and customer service | Contact details, account information, financial data, transaction data, technical data, usage data, profiling data, contact data | (a) Consent (when required by law is required) (b) Agreement |
| Provision of a loan to a light entrepreneur, including processing of the loan application and assessment of the repayment conditions of the loan prior to the loan decision based on the billing history related to the use of the service by the light entrepreneur, granting/refusal of the loan, payment of the principal and recovery of the loan. | Contact information, account information, financial information, transaction information, identification and knowledge information, loan information | (a) Agreement |
| Analysing and improving the usability of our websites and services (including, for example, maintenance, troubleshooting and problem solving, logging, testing, analytics) and ensuring security. | Account details, financial information, transaction data, technical specifications, operating data, contact details | (a) Agreement (b) Legitimate interests (developing our services, ensuring data security) |
| Maintaining our relationship with our customers, contacting you and storing related data | Contact details, account information, profiling data, contact data, marketing data | (a) Eligible benefits (customer relationship management) |
| Relevant products and the provision of services and marketing to you, presenting relevant content and marketing, measuring the effectiveness of marketing and advertising | Contact details, account information, profiling data, marketing data | (a) Eligible benefits (marketing our services) (b) Consent (when required by law subject to |
| Identifying and knowing our customers; preventing, detecting and investigating money laundering and terrorist financing; and investigating money laundering and terrorist financing and the offence by which the property or proceeds of crime are obtained; identifying, preventing and investigating criminal use or misuse of our services. | Contact details, account information, financial data, identification and knowledge data, transaction data, technical data, usage data, profiling data, contact data | (a) Eligible benefits (services combating abuse) (b) Statutory obligations |
| Our business in general management and administration (e.g. debt collection, accounting and tax obligations) | Contact details, account information, financial data, identification and knowledge data, transaction data, contact details | (a) Eligible benefits (doing business) (b) Statutory obligations |
In addition to the above, we may process your personal data where necessary for legal claims.
drafting, presenting, proving and defending. Such proceedings are based on
our or any other party's legitimate interests, in particular our, your or third parties' (e.g.
safeguarding the rights of other users of the services). If necessary, we may process
your personal data also for risk management purposes and to obtain professional advice.
In this respect, the applicable legal basis is our legitimate interest in protecting our business from various
risks.
6. Disclosure and international transfers
To the extent and only to the extent necessary for the purposes of the processing set out above.
your personal data may be disclosed to the following recipients, and
for the recipient groups:
● Payment and related services to our partners who assist us
in the delivery of our services.
● Accounting, financial management, ICT, legal and other similar services for our service providers.
to provide the usual services to us.
● Buyers and prospective buyers (and their representatives and agents), and
advisers) regarding any (potential) business acquisition involving us,
a share transaction, merger or similar business arrangement, provided that the information
used in accordance with this document and only to the extent that it is necessary for such use.
necessary in connection with the scheme.
● To the competent courts and authorities and third parties in accordance with the law
and where we consider it necessary to disclose your personal data to you.
or other vital interests or to comply with the law, or
to protect, defend or secure our rights, including when we.
apply or enforce the terms of our services or other agreements
between us, or to investigate and prevent the possible misuse of our services.
misuse or to protect our rights, the rights of our users or the rights of third parties,
property or safety. This includes the possible exchange of information with other
with organisations to fight fraud and other criminal activities.
● To other persons - but only with your consent, unless otherwise required by law.
We store your personal data in secure locations and on servers mainly in Europe.
in the economic territory. Your personal data may be transferred within the European Union and the European Economic Area to.
cases where the European Commission has considered that the country in question is safeguarding the
an adequate level of data protection, or where we have put in place appropriate safeguards, and
guarantees that your personal data will be protected in accordance with applicable law, such as.
by applying the European Commission's rules on international data flows model contract clauses and
any additional safeguard measures that may be necessary on a case-by-case basis. In individual cases
the international transfer may also be based on your explicit consent, or
between us for the purpose of implementing the agreement or for the purposes of pre-contractual
to take measures at your request or at any other request under the EU General Data Protection Regulation.
the transfer basis. You can contact us for more information on each of the following.
the transfer criteria and safeguards we apply.
7. Data retention
We will only keep your personal data for as long as and to the extent that we have an appropriate
a business reason to keep them for the above purposes.
To determine the appropriate retention period, we will consider and weigh the data we process against the
the scope, nature and sensitivity of the personal data, the unauthorised use or
the potential risk of harm or damage from disclosure, the purposes for which the data are processed
and applicable legal requirements. We also regularly assess the data we keep
personal data, and to the extent that we consider it unnecessary to retain it, we will either delete or
anonymise that personal data, or where this is not possible - for example, to the extent that.
than data stored in backups - we keep your data safe and prevent it from being
more processing until it is possible to delete the data.
As a general rule, we only retain personal data relating to an individual customer relationship for the following purposes.
for the duration of the customer relationship and for a reasonable period after the end of the customer relationship, so that we can.
for example, answering customer queries, resolving open questions about the customer relationship
or prepare for possible legal issues related to the customer relationship. This retention period
is normally three (3) years from the end of the customer relationship, unless there is reason to continue during this period.
the retention of certain information, for example to resolve an outstanding claim.
However, we will retain some information beyond the above period as we see fit,
that storage is necessary to comply with the laws and regulations in force; or
to protect our rights, those of our customers or partners. Certain information
for example, in the context of accounting and tax retention obligations, must generally be kept for.
six (6) years after the end of the relevant financial year. For example, in the case of money laundering and terrorism
customer knowledge and transactions in accordance with the legislation on prevention of financing
documents and information and on possible suspicious transactions.
data obtained for the purpose of complying with the reporting obligation must, as a general rule, be kept
for five (5) years after the end of the customer relationship. If you need more detailed information
about retention periods in specific circumstances and/or for specific personal data, you can contact us.
contact us as above.
Data retention in enforcement and suspension of payments situations
If the user account is subject to a payment ban from a public authority (e.g. a bailiff) or other legal order for payment mediation, we will retain the user's personal data even after the user has requested the deletion of his or her account.
This is because we are required by law to ensure compliance with the injunction and other official orders, and to ensure that the funds are correctly accounted for to the authorities and creditors.
In such cases, the user account will be closed and the data will no longer be used for any other purpose, but we will keep the following information in the archive:
- User identification data (name, personal identification number, contact details)
- Information about a payment ban or enforcement order imposed by a public authority
- Any related transactions and accounting information
This information will be kept only for as long as necessary to fulfil official obligations or to process legal claims. Once the legal ground for retention expires, the data will be permanently deleted.
The re-registration of a user may be blocked as long as the administrative order is in force, in order to prevent evasion of the ban or incorrect billing.
8. Safety and security
We take measures to ensure a level of security commensurate with the risk in protecting your personal data
appropriate technical and organisational measures, including, as appropriate.
appropriate, including the encryption of personal data, procedures to ensure the ability to
ensure the continued confidentiality, integrity, availability and availability of processing systems and services.
fault tolerance and the ability to quickly restore data availability and access to data from physical or
in the event of a technical failure, and procedures for regular testing, examination and evaluation of
the effectiveness of technical and organisational measures for data processing security
Ensure. In assessing the appropriate level of security, we pay particular attention to.
the risks inherent in the processing, in particular of the data transmitted, stored or otherwise processed.
accidental or unlawful destruction, loss, alteration of personal data,
unauthorised disclosure or access to personal data.
We also seek to ensure that any person working for or on behalf of us who
has access to personal data, will only process it in accordance with our instructions. We will ensure that.
only those employees and employees of the service providers who work for us have access to
to the information necessary for the performance of their tasks.
9. Rights of the data subject
Unless otherwise indicated below, you can exercise your rights by contacting.
our customer service as described above.
Verification, correction and deletion of data: You have the right to inspect the data stored about you.
personal data. In order to exercise your right of access, you must, in principle, provide proof of your identity.
However, the right of inspection may be limited by law, the privacy of other persons
protection and protection of business secrets. We will correct, supplement or delete
inaccurate, incomplete or outdated in relation to the purposes for which the personal data are processed
personal data at your request.
Transferring data: If you wish, you can have access to a structured, commonly used and
in machine-readable form, the personal data you have provided to us that we process.
automatically on the basis of consent or agreement.
The right to prohibit direct marketing: You can object to the processing of your data for direct marketing purposes
by clicking on the link at the end of the marketing email or by contacting us
our customer service.
Rights of objection and restriction: You can object on the basis of your personal situation
processing of personal data on the basis of a legitimate interest. In such
in this situation, processing may be limited while we assess your grounds for objecting.
processing. Processing may also be restricted if, for example, you object to your personal data being processed.
accuracy, in which case processing is limited to a period of time during which we can verify
the accuracy of the information.
Withdrawal of consent: You can withdraw your consent to the processing of your personal data
consent at any time by contacting our customer service or, in some cases, by contacting.
by other means offered separately. Please note that only part of the processing of your personal data is based on.
your consent.
The right to complain: If you consider that your personal data has been processed in accordance with the legislation in force.
and you cannot find a satisfactory solution in dialogue with us,
you can refer the matter to the competent authority (www.tietosuoja.fi) admissibility
