FIBOX PRIVACY NOTICE
Privacy notice
This Privacy Notices describes the personal data processing practices of Fibox Oy Ab and its affiliates (“Fibox” or “we”). In this privacy notice you will find information on what personal data we process, how we process it and what rights you have regarding your personal data.
We at Fibox respect your privacy and process your personal data in accordance with the principles set out in the EU General Data Protection Regulation (Regulation 2016/679 EU, the “GDPR”).
To find information relevant to your situation, please select what your relation to Fibox is:
- Customer representative
- Supplier representative
- Website visitor
- You have been contacted by our marketing or sales units
- Job applicants
CUSTOMER DATA
- Where do we receive your data from?
We receive our customer data from our customers themselves when they place an order with us and when they make a contract with us. Typically, you would contact us and specify your personal details via email but you can also contact us and provide us with your personal data via our website’s contact form or by calling our customer service.
- What do we collect?
We process only B2B customer data. This means that the personal data we process is related to you as a representative of your company, not as a private person. Unless you choose to provide us with your personal contact details, we will not process such information.
For processing your order, we need to collect your name, phone number, email, invoicing and delivery address, company name, as well as company ID and contact details (if different than delivery address), and of course, details of the products you have ordered. We need this information to process your order internally and delivering the ordered products to your location. We also need this information for invoicing and after that, bookkeeping and other mandatory administrative duties.
If you contact our customer service, we will process your above-mentioned customer details, as well as your message and our replies to you. If you are already our customer, we will link your inquiry with your existing customer profile. We do not record phone inquiries, but our customer support may write down a memo on the discussion or direct it internally to a suitable person to make sure your request is handled properly.
Sometimes we also receive feedback, complaints or claims from our customers. In such cases we need to collect the necessary customer details in order to link your complaint with your order, as well as a description of the defect or detriment in question and other details related to the complaint.
- For what purposes do we process this data?
We need to process our customers’ personal data for:
- processing orders
- delivering purchased goods
- managing contracts with our customers
- invoicing
- providing customer service
- processing customer feedback, complaints and claims
- bookkeeping and accounting, and
- fulfilling other mandatory administrative tasks and safeguarding our legal rights.
- What are the legal bases for processing this data?
We mostly rely on our legitimate interest for providing services to our customers for the purposes described above, as well as safeguarding our legal rights in the event of complaints, claims or disputes.
There are also legal obligations we need to observe, e.g. with respect to bookkeeping and taxation for example, which may require us to process personal data to some extent.
- How long do we store it?
We store orders placed by our customers for 3 years and the referrals to delivery partners for 1 year.
Contacts to our customer support and the following correspondence are stored for 3 years or for the duration of the customer relationship to us, whichever is longer. Customer claims and complaints, as well as all customer information and documents related to the claim or complaint, are stored for the period of the claim’s expiry defined by law and for the time required to process them.
Personal data entered into customer contracts are stored up to 10 years, unless the contract period is longer, in which case they will be stored until the end of the contract period and 3 years after the end of the contract period.
Invoices and other bookkeeping materials which may include personal data are held for 6-10 years in accordance with the relevant bookkeeping obligations.
SUPPLIER DATA
- Where do we receive your data from?
We receive some personal data of our suppliers’ representatives directly from our suppliers when we enter into an agreement with them. The personal data content of our supplier relations is mostly limited to the contact person’s details of our suppliers. This can be entered into the supplier agreement or e.g. email correspondence between Fibox and its suppliers.
- What do we collect?
We collect the supplier contact person’s name, email, company/office details and address.
Should you as a supplier’s representative contact our customer service or our offices otherwise, we will process your above-mentioned details, as well as your message and our replies to you. We may also link your inquiry with your existing details. We do not record phone inquiries, but our customer support may write down a memo on the discussion or direct it internally to a suitable person to be better able to make sure your request is handled properly.
- For what purposes do we process this data?
We need to process our supplier representatives’ personal data for
- Managing supplier deliveries to Fibox,
- managing contracts with our suppliers,
- invoicing,
- providing customer service,
- processing feedback and troubleshooting,
- bookkeeping and accounting, and
- fulfilling other mandatory administrative tasks and safeguarding our legal rights.
- What are the legal bases for processing this data?
We mostly rely on our legitimate interest for maintaining our supplier relations for the purposes described above, as well as safeguarding our legal rights in the event of disputes.
There are also legal obligations we need to observe, e.g. with respect to bookkeeping and taxation for example, which may require us to process personal data to some extent.
- How long do we store it?
Contacts to our customer support and the following correspondence are stored for 3 years or for the duration of your customer relationship to us, whichever is longer.
Personal data entered into supplier contracts are stored up to 10 years, unless the contract period is longer, in which case they will be stored until the end of the contract period and 3 years after the end of the contract period.
Invoices and other bookkeeping materials which may include personal data are held for 6-10 years in accordance with the relevant bookkeeping obligations.
WEBSITE VISITORS
Cookies
We use cookies on our website.. With cookies, we can better offer up-to-date and individual services, among other things, by showing content based on the user’s interests. Cookies also enable, for instance, logging in and verification, saving personal settings and definitions, analysing the operations of our website and preventing fraud.
When you use our online services, the following information, among other things, is collected: your IP address, the links you use, the advertisements and other content you viewed, from which website do you arrive and which pages do you visit, the time of your browsing, your browser or the browser type and other similar data. Our website and services may include third party cookies. We use both session and permanent cookies. Session cookies only exist for the duration of the session, or the time you spend on our website, and they are automatically erased when the browser is closed. Permanent cookies exist for a certain period of time, and they are stored on your computer also after the session has ended unless you erase them before that.
Cookies do not harm your device or files.
You can adjust the use of cookies from your browser settings. You can find additional information from each browser’s data protection or manual documentation.
Contact form
We provide our website visitors an opportunity to contact us directly via the contact form on our website. On the contact form you may provide us your name, email, company, country and the message of your choice.
In this context we also ask for your consent to send you electronic marketing. Please see more information on the personal data processing related to our marketing operations here.
The information provided by you via contact form may be combined with the other information we process related to you or your organization. Depending on the contents of the message, we may contact you for sales purposes or forward your message onwards to our customer support or to another unit or person within our organization.
Our purpose of offering you the option for contacting us via the form relates to customer service and sales. You may of course choose to contact us for another reason also. Our processing of the personal data provided via the contact form is based on our legitimate interest of providing customer service and promoting our products and services. Electronic direct marketing is based on your consent, which can be withdrawn by you anytime by unsubscribing from our mailing list. We store your messages to us depending on its contents. Please see more about our purposes of processing personal data, our legal bases and storing periods in Customer Data and Marketing and Sales.
Downloads
We offer on our website certain materials to be downloaded by website visitors. When downloading materials, we ask you to provide to us your first name, last name, company details, email address and country.
In this context we also ask for your consent to send you electronic marketing. Please see more information on the personal data processing related to our marketing operations here.
Our purpose for processing your personal data in connection with offering free downloads is the promotion and marketing of our products and services. Our processing of the personal data provided via the downloads is based on our legitimate interest of promoting our products and contacting you for marketing purposes. Electronic direct marketing is based on your consent, which can be withdrawn by you anytime by unsubscribing from our mailing list.
We store your information for sales purposes for 5 years. For electronic marketing purposes, we will store your information for 1 year or until you cancel your subscription, whichever is longer.
MARKETING AND SALES
Email marketing
We may send you emails containing information regarding our products and services. Marketing emails can be sent to our customers and suppliers, business contacts we deem interested in our products and services due to their work tasks, as well as those who have subscribed to our email lists.
We may receive your contact details directly form you, our commercial partners or social media and other public sources.
For email marketing purposes we process your name, email address, your position in your company and your status related to us (e.g. customer contact person / prospective customer), as well as the contents of the communications we have sent to you.
If you are a business contact, our email marketing may be based on our legitimate interest to promote our products and services. If you have subscribed to our emails, our processing of your personal data for email marketing purposes is based on your consent, which can be withdrawn by you anytime by unsubscribing from our mailing list. For electronic marketing purposes, we will store your information for 1 year or until you cancel your subscription, whichever is longer.
Sales leads
The contact information may be collected directly from customers and their contact persons, Fibox website contact form and downloads, event participation lists and business cards, social media and other public sources. We may contact our sales leads by email or by phone.
For sales purposes we process the name and contact details of our prospective customers, as well as the relevant company details and country of operation. We also store the contacts made and summaries of our discussions in our CRM.
The purpose of processing your data is the sales of our products and services, as well as maintaining business relationships with our customers and prospective customers. Our basis for processing your personal data for this purpose is our legitimate interest to promote the sales of our products and services and maintain business relationships. Your personal data will be stored in our CRM and stored for the period the sales lead is active or for 5 years, whichever is longer.
JOB APPLICANTS
Where do we receive your data from?
We receive your personal data directly from you when you apply for a position with us, via email, or through recruitment platforms. We may also receive data from third-party agencies or from public professional networks like LinkedIn.
What do we collect?
We collect personal data necessary for recruitment, such as your contact details, CV, work experience, education, and any information from assessments, references, or public profiles. All data is limited to what is necessary for the recruitment process. Sensitive information included in the application will be limited to be viewed by our HR personnel working in recruitment, hiring managers and system administrators.
For what purposes do we process this data?
We process your data solely for recruitment purposes, including evaluating your suitability for the role, communication during the process, conducting assessments, and making job offers.
What are the legal bases for processing this data?
-
- Consent: When you explicitly agree to share your data, such as with third-party providers.
- Contractual necessity: For evaluating your application and conducting interviews.
- Legitimate interests: For recruiting suitable candidates and ensuring an efficient recruitment process.
How long do we store it?
We retain your data for up to 6 months after the recruitment process concludes. After this period, your data will be securely deleted unless required by law to retain it longer.
*****
Who do we disclose your personal data to or share your personal data with?
Controller to processor disclosures
We rely on digital services provided by external service providers when processing personal data in our operations. Such services are subcontracted in terms of the GDPR and include e.g. email, data storage, website hosting, digital co-working space, email marketing platform, customer support tickets, etc. These services are governed by separate service agreements between us and the service provider, and we remain responsible for the personal data processed through them as data controllers.
Controller to controller disclosures
When delivering goods to you, we will share your delivery details with 3rd party delivery partner determined by you in connection with placing your order with us. When delivering goods abroad we will also need to disclose the personal data included in the order to the customs of the destination country. Sharing of your delivery details is based on our legitimate interest of delivering the ordered goods to you and fulfilling the contract between us.
In case of non-performance of payment obligations by customer, we will share the details necessary for the collection of the outstanding payments to an external collection agency. The sharing of your data is based on our legitimate interest to execute our agreement and to safeguard our rights.
The abovementioned external parties will apply their own privacy policies to the processing of personal data.
Is your personal data transferred internationally?
Within the Fibox group, your personal data may be transferred between different Fibox locations globally as we may have organized some of our group internal processes in a way that requires such transfers to take place. Some of our data subjects may also be located outside of the EU/EEA themselves.
Fibox locations outside of the EU/EEA are Australia, Canada, China, Great Britain, Hong Kong, India, Indonesia, Israel, Japan, the Republic of Korea, Malaysia, New Zealand, Philippines, Singapore, South Africa, Switzerland, Taiwan and the USA. In internal transfers of personal data we rely on either the European Commission’s adequacy decisions (Canada, Israel, Japan, New Zealand, Switzerland) or in standard contractual clauses adopted and approved by the European Commission. We also limit the shared data to what is necessary for the purpose of each transfer.
We also use service providers (data processors) who, in some cases, operate outside of the EU/EEA area or may transfer personal data to their sub-processors operating outside the EU/EEA. Also these transfers are always governed by appropriate safeguards, such as the standard contractual clauses approved by the European Commission.
Your rights as a data subject
Data subjects have the following rights under the GDPR:
Right to access your information: You have the right to know what information we have and process about you and may request us to provide you access to this data.
Right to rectification: You have the right to request incorrect or incomplete information about you to be rectified.
Right to erasure or restriction: You have the right to request your data to be erased when the processing of your personal
data is no longer necessary and in certain other situations provided for in the GDPR. If we have a right to deny your demand of erasure, or if the retention of your personal data is necessary for the investigation of your claim otherwise, you have the right to require for the restriction of its processing from us.
Right to objection and right to withdraw consent: you have the right to object to the use of your personal data for profiling and direct marketing, as well as processing of your personal data when it is based on our legitimate interest. If our processing of your personal data is based on your consent, you have the right at any time to withdraw such consent.
You may object to our email marketing or withdraw your consent by clicking the unsubscribe-link provided at the bottom of each email communication.
With respect to sales contacts, you may object to the processing of your personal data and ask us not to contact you again.
Right to data portability: If our data processing is based on your consent or a contract between us, you have the right to receive a copy of the personal data you have provided to us yourself in a structured machine-readable format.
Right to lodge a complaint with the supervisory authority: Finally, if you feel that your rights have not been respected in connection with our data processing procedures, you do have the right to lodge a complaint with the national supervisory authority. However, before doing so we would kindly ask you to contact us and voice your concern so that we may try to find a solution together.
The national supervisory authority in Finland is the Finnish Data Ombudsman’s Office (“Tietosuojavaltuutetun toimisto”): https://tietosuoja.fi
Controller’s contact details
If you have any questions regarding our privacy practices or would like to exercise your rights explained above, please contact us at marketing@fibox.com.
Our official details are:
Fibox Oy Ab
Company ID: 0939933-7
Address: Keilaranta 17
02150 Espoo
This notice was last updated on 14 November 2024.