Processing of Personal Data

Privacy Policy for Footbalance’s Online Stores and Websites

Last updated: 10.05.2021

Note that this Privacy Policy concerns processing of personal data primarily in Finland. There might be slight differences to some parts due to national legislation in other countries.

1. Controller

Footbalance System Oy (business ID1839211-0)

Tammiston kauppatie 7B

01510 VANTAA

+358 (0)44 016 8406

and our group companies: Footbalance System Retail Ltd.,  Footbalance System Canada Ltd. and FootBalance System Inc. (hereafter ”we” or “Footbalance”)

2. Contact for register matters

dataprivacy@footbalance.com

3. Footbalance’s personal data processing overview

Consumer Customers

We collect data from you when you browse our website (e.g. IP address), register on our online store (e.g. User ID and password) or place an online order with us (e.g. name, address and order information).

We collect data from you (e.g. name, e-mail, pain identifier, activities and interests and 2D/3D foot scan) when you use our FootBalance foot analysis device and software at our retail partners premises. We ask your consent to  

  • use pain identifier data and 2D/3D foot scan to design your custom insoles and enable your personalized product purchases from Footbalance online stores; and     
  • send you e-mail communications relating to Footbalance’s products and services and products and services of our retail partners where you purchased your insoles.

Your pain identifier and 2D/3D foot scan data is only used to design your custom insoles and enable your personalized product purchases from Footbalance online stores. You can withdraw your consent(s) anytime contacting dataprivacy@footbalance.com.   

4. What data do we process and what is the purpose and the legal basis of processing the personal data?

 
Personal DataPurpose of processingLegal basis

Basic information such as name, customer number, gender, username and/or other identifier, preferred language

Contact information such as e-mail address, phone number, address information

Information related to the consumer customers’ activities and interests

Delivering and improving our products and services according to your needsLegitimate interest
Customer surveys  
Managing the customer relationship  
Fulfilling our contractual and other promises and obligationsPerformance of a contract 
Invoicing  
Direct marketingConsent 
BookkeepingLegal obligation 
Pain identifier data, 2D/3D foot scan, foot measurements, insole profile and size and type of footDesigning your custom insoles and enabling your personalized product purchases from Footbalance online stores. However, pain identifier data is provided by you if you are willing to give the data during our foot analysis process.Consent
Possible direct marketing opt-outsServing customers interest of not receiving direct marketingLegitimate interest in being able to fulfil our legal obligation to ensure opt-out from direct marketing in accordance with the law
Information you provide in connection with the events we host, registration data, special diets, invoicing dataOrganizing eventsLegitimate interest in being able to host events and invoice when applicable
Consent regarding health data (e.g. allergies)  
Data of the connection and terminal device you are using such as the IP address, device ID or other device identifier and cookies (e.g. online shop browsing and usage information)Targeting advertising in our online servicesConsent
Developing our products and services  
Analyzing and profiling behavior  

 

5. Consent

We use your consent as defined in the Sections 3 and 4. If you would like to withdraw your consent, please contact dataprivacy@footbalance.com. Once you notify us of your request, we will respond to you as soon as possible.

6. From where do we receive data?

We receive information primarily from yourself including your use of our services.

7. To whom do we disclose data, and do we transfer data outside of EEA?

We may disclose our Consumer Customers’ contact data to MyFootBalance foot scanning service provider (our Corporate Customer/Retailer where foot scanning has taken place) for marketing purposes. We’ll do this only if we have our Consumer Customers’ permission. Retailer’s data processing activities are described in their respective Privacy Policies.

We may disclose data from this Consumer Customer Personal Data Register to our co-operation partners who conduct marketing and arrange campaigns and events with and on behalf of us, and who consider themselves as controllers instead of processors working on our behalf (these parties are i.a. social media operators and advertisement networks). Otherwise, we do not disclose data from the register to external parties unless required by the legislation or an order by the authorities.

We use subcontractors that process personal data on our behalf. We have outsourced the IT-management to an external service provider, on whose administrated and secured server the personal data is stored.

We may transfer personal information to a purchasing entity in the event we sell or transfer all or a portion of our business or assets.

We transfer personal data outside the EU/EEA. When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses or have other appropriate transfer mechanism is in place.

8. How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons.

We store the data as long as it is necessary for the purpose of processing the data. Specific retention periods:

  • Online store/account data: Permanently, however your account data will be removed after seven years of inactivity.
  • Marketing consents and contact data; Until unsubscribing.
  • Cookies; We use session-specific cookies that expire when the user closes the web browser. In addition, we use permanent cookies that stay on the user’s device for a certain period of time, or until the user removes them. The validity of permanent cookies varies between a few months and a few years.

We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

9. How do we use cookies on our website?

Our websites and social media channels use cookies and other similar technologies for managing and developing the website, improving and analyzing user experience and targeting advertisement in our and our partners’ services. Cookies allow us to collect information such as from which website users arrive to the pages, which pages are browsed and when, which browser is used and the IP address of the device.

For more information on how we use cookies, please see our Cookie Policy.

10. What are your rights as a data subject?​​​​​​​

You have the right to access the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.

On grounds relating to your particular situation, you also have the right to object profiling and other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

11. Children’s personal data​​​​​​​

Our websites including online store are not meant for children. We do not knowingly collect personally identifiable data from children under 18. If you are a parent or legal guardian and think your child has given us information, you can write to us at dataprivacy@footbalance.com or at the address specified in the beginning of this Privacy Policy.

12. Changes to this Privacy Policy ​​​​​​​​​​​​​​

Should we make amendments to this Privacy Policy, we will place the amended policy on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this Privacy Policy from time to time to ensure you are aware of any amendments made.

Privacy Policy for Footbalance’s Corporate Customers and Suppliers

Last updated: 10.05.2021

Note that this Privacy Policy concerns processing of personal data primarily in Finland. There might be slight differences to some parts due to national legislation in other countries.

1. Controller

Footbalance System Oy (business ID1839211-0)

Tammiston kauppatie 7B

01510 VANTAA

+358 (0)44 016 8406

and our group companies: Footbalance System UK Ltd., Footbalance System Retail Ltd., Footbalance System Canada Ltd. and FootBalance System  Inc. (hereafter ”we” or “Footbalance”)

2. Contact for register matters

dataprivacy@footbalance.com

3. Footbalance’s personal data processing overview

Corporate Customers

We collect data from you when you browse our website (e.g. IP address). We also process your personal data to manage our customer relationship and fulfilling our contractual and other promises and obligations.

Suppliers

We collect data from you when you browse our website (e.g. IP address). We also process your personal data to manage our customer-supplier relationship and fulfilling our contractual and other promises and obligations.

4. What data do we process and what is the purpose and the legal basis of processing the personal data?

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS

Basic information such as name and/or other identifier, preferred language

Contact information such as e-mail address, phone number, address information

Information of the customer and supplier relationship and the contract such as information of past and current contracts and orders, correspondence with you and other communication, payment information and other information which you have voluntarily provided to us

Delivering and improving our products and services according to your needs

Legitimate interest

Customer surveys

 

Managing the customer and supplier relationship

Fulfilling our contractual and other promises and obligations

Performance of a contract

Purchasing and ordering necessary services and products from our suppliers to maintain our business

Invoicing

Direct marketing

Legitimate interest

Bookkeeping

Legal obligation

Possible direct marketing opt-outs

Serving customers interest of not receiving direct marketing

Legitimate interest in being able to fulfil our legal obligation to ensure opt-out from direct marketing in accordance with the law

Information you provide in connection with the events we host, registration data, special diets, invoicing data

Organizing events

Legitimate interest in being able to host events and invoice when applicable

Consent regarding health data (e.g. allergies)

Data of the connection and terminal device you are using such as the IP address, device ID or other device identifier and cookies

Targeting advertising in our online services

Consent

Developing our products and services

Analyzing and profiling behavior

5. From where do we receive data?

We receive information primarily from following sources: yourself including your use of our services, population register, authorities, credit information companies, contact information service providers and other similar reliable sources.

For the purposes described in this Privacy Policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations.

6. To whom do we disclose data, and do we transfer data outside of EEA?​​​​​​​

We may disclose data from this Corporate Customer and Supplier Register to our co-operation partners who do marketing and arrange campaigns and events with and on behalf of us, and who consider themselves as controllers instead of processors working on our behalf (these parties are i.a. social media operators and advertisement networks). Otherwise, we do not disclose data from the register to external parties unless required by the legislation or an order by the authorities.

We use subcontractors that process personal data on our behalf. We have outsourced the IT-management to an external service provider, on whose administrated and secured server the personal data is stored.

We may transfer personal information to a purchasing entity in the event we sell or transfer all or a portion of our business or assets.

We transfer personal data outside the EU/EEA. When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses or have other appropriate transfer mechanism is in place.

7. How do we protect the data and how long do we store them?​​​​​​​

Only those of our employees, who on behalf of their work are entitled to process customer or supplier data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons.

We store the data as long as it is necessary for the purpose of processing the data. Specific retention periods:

  • Contract customer and supplier data; 5 years after the financial year/accounting period
  • Marketing contact data; Until unsubscribing.
  • Cookies; We use session-specific cookies that expire when the user closes the web browser. In addition, we use permanent cookies that stay on the user’s device for a certain period of time, or until the user removes them. The validity of permanent cookies varies between a few months and a few years.

We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

8. How do we use cookies on our website?​​​​​​​

Our websites and social media channels use cookies and other similar technologies for managing and developing the website, improving and analyzing user experience and targeting advertisement in our and our partners’ services. Cookies allow us to collect information such as from which website users arrive to the pages, which pages are browsed and when, which browser is used and the IP address of the device.

For more information on how we use cookies, please see our Cookie Policy.

9. What are your rights as a data subject?​​​​​​​

You have the right to access the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.

On grounds relating to your particular situation you also have the right to object profiling and other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

10. Changes to this Privacy Policy

​​​​​​​​​​​​​​​​​​Should we make amendments to this Privacy Policy, we will place the amended notice on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this Privacy Policy from time to time to ensure you are aware of any amendments made.