Optishake Ltd PRIVACY POLICY

1) DATA CONTROLLER

Name: Optishake Oy
Business ID: 2988291-6
Address: Läkkisepäntie 11, 00620 Helsinki, Finland

2) CONTACT PERSON FOR DATA MATTERS

Name: Joonas Kiminki
Email: joonas.kiminki@optishake.fi

3) CATEGORIES OF DATA SUBJECTS

Optishake’s privacy policy applies to the following categories of data subjects:

3.1) individuals who contact Optishake via email or website;
3.2) individuals who work for or apply to work at Optishake;
3.3) individuals who have consented to receive marketing communications from Optishake;
3.4) individuals who use Optishake’s machines and services (e.g. drink vending machine).

4) CATEGORIES OF PERSONAL DATA

Data concerning the data subjects may include the following categories of personal data:

For section 3.4 (machine users), the collected data is usually limited to technical usage data and transaction data. Registration is not required, and no audio or video monitoring is used.

5) PURPOSE OF PROCESSING PERSONAL DATA

Personal data is processed for the following purposes:

6) LEGAL BASIS FOR PROCESSING

The processing of personal data is based on the following legal grounds:

7) REGULAR SOURCES OF PERSONAL DATA

Personal data is collected regularly from the following sources:

8) RETENTION PERIOD OF PERSONAL DATA

Personal data is stored only as long as necessary for the purposes for which it was collected. The data controller regularly reviews the need for storage and deletes unnecessary data securely. Data of job applicants is stored with consent for a maximum of six (6) months after the recruitment process. User account data is stored for a maximum of five (5) years from the last account usage.

9) CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personal data may be disclosed to the following categories of recipients:

10) TRANSFER AND STORAGE OF DATA OUTSIDE THE EU OR EEA

Personal data may be transferred and stored outside the EU or EEA if necessary for providing the service, in accordance with applicable data protection laws.

11) DATA SUBJECT’S RIGHTS

The data subject has the right to access their data, request correction or deletion, restrict or object to processing, request data portability, and withdraw consent. The data subject also has the right to lodge a complaint with a supervisory authority.

12) RIGHT TO LODGE A COMPLAINT

The data subject has the right to lodge a complaint with the supervisory authority if they consider that the processing of their personal data violates applicable data protection laws. Complaints can be filed in the member state where the data subject resides or works, or where the alleged violation occurred.

13) MERGERS AND ACQUISITIONS

If Optishake’s business is merged, sold, or transferred in whole or in part, the new owner and its business partners may gain access to Optishake’s data, which may include personal data. In such cases, the third parties will be bound by a confidentiality agreement covering the potential transfer of personal data.

14) DATA PROTECTION PRINCIPLES

Optishake uses reasonable physical, technical, and administrative measures to protect personal data from unauthorized access and improper processing. However, the internet is not always a secure communication channel. Access to personal data is restricted to Optishake employees who need it for their work tasks, such as responding to inquiries or requests from data subjects.