Optishake Ltd PRIVACY POLICY

1) DATA CONTROLLER

Name: Optishake Oy
Business ID: 2988291-6
Address: Läkkisepäntie 11, 00620 Helsinki, Finland

2) CONTACT PERSON FOR DATA MATTERS

Name: Joonas Kiminki
Email: joonas.kiminki@optishake.fi

3) CATEGORIES OF DATA SUBJECTS

Optishake’s privacy policy applies to the following categories of data subjects:

3.1) individuals who contact Optishake via email or website;
3.2) individuals who work for or apply to work at Optishake;
3.3) individuals who have consented to receive marketing communications from Optishake;
3.4) individuals who use Optishake’s machines and services (e.g. drink vending machine).

4) CATEGORIES OF PERSONAL DATA

Data concerning the data subjects may include the following categories of personal data:

• contact details, such as name, address, phone number, and email address (if applicable);
• device information, such as device type, browser, IP address, and other technical data;
• payment transaction data (payment details are handled by Stripe; Optishake does not store payment details);
• other data collected with the data subject’s consent.

For section 3.4 (machine users), the collected data is usually limited to technical usage data and transaction data. Registration is not required, and no audio or video monitoring is used.

5) PURPOSE OF PROCESSING PERSONAL DATA

Personal data is processed for the following purposes:

• customer service and improving the user experience;
• enabling and maintaining the operation of the service (e.g. technical operation of the machine);
• analytics and statistics;
• processing payment transactions via Stripe (Optishake does not store payment details);
• managing customer relationships and necessary technical communication.

6) LEGAL BASIS FOR PROCESSING

The processing of personal data is based on the following legal grounds:

• the data subject’s consent;
• the legitimate interest of the data controller in providing and developing the service, unless this is overridden by the data subject’s rights.

7) REGULAR SOURCES OF PERSONAL DATA

Personal data is collected regularly from the following sources:

• data provided by the user during registration;
• data provided by the user via website forms (e.g. HubSpot, Gravity Forms);
• data on user behavior at Optishake machines;
• data collected through cookies and similar technologies.

8) RETENTION PERIOD OF PERSONAL DATA

Personal data is stored only as long as necessary for the purposes for which it was collected. The data controller regularly reviews the need for storage and deletes unnecessary data securely. Data of job applicants is stored with consent for a maximum of six (6) months after the recruitment process. User account data is stored for a maximum of five (5) years from the last account usage.

9) CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personal data may be disclosed to the following categories of recipients:

• Optishake’s Finnish business partners;
• cloud service providers;
• audit, marketing, and auditing service providers;
• third parties assisting Optishake in fulfilling legal obligations.

10) TRANSFER AND STORAGE OF DATA OUTSIDE THE EU OR EEA

Personal data may be transferred and stored outside the EU or EEA if necessary for providing the service, in accordance with applicable data protection laws.

11) DATA SUBJECT’S RIGHTS

The data subject has the right to access their data, request correction or deletion, restrict or object to processing, request data portability, and withdraw consent. The data subject also has the right to lodge a complaint with a supervisory authority.

12) RIGHT TO LODGE A COMPLAINT

The data subject has the right to lodge a complaint with the supervisory authority if they consider that the processing of their personal data violates applicable data protection laws. Complaints can be filed in the member state where the data subject resides or works, or where the alleged violation occurred.

13) MERGERS AND ACQUISITIONS

If Optishake’s business is merged, sold, or transferred in whole or in part, the new owner and its business partners may gain access to Optishake’s data, which may include personal data. In such cases, the third parties will be bound by a confidentiality agreement covering the potential transfer of personal data.

14) DATA PROTECTION PRINCIPLES

Optishake uses reasonable physical, technical, and administrative measures to protect personal data from unauthorized access and improper processing. However, the internet is not always a secure communication channel. Access to personal data is restricted to Optishake employees who need it for their work tasks, such as responding to inquiries or requests from data subjects.