Data protection

 

ELITE BIKE FINLAND OY'S PRIVACY POLICY

Elite Bike Finland Oy is committed to protecting your privacy. This privacy policy applies to the processing of personal data of our customers, potential customers, partners, and website users. In this privacy policy, we explain in more detail:

  • Who is the controller and what are their contact details
  • What kinds of personal data we process and where the data is collected from
  • For what purposes we use personal data and what is the legal basis for processing
  • How long we retain data
  • How we use cookies
  • What control options you have
  • Where we transfer and disclose data 
  • How we protect the data
  • When we act as joint controllers
  • How we can make changes to the privacy policy

We ask you to review the contents of this privacy policy. We also ask you to note that our website may contain links to third-party services. If you click on these links and move to a third-party service, we encourage you to review the principles regarding the processing of personal data followed on that site.

1. WHO IS THE DATA CONTROLLER?

Elite Bike Finland Oy
Business ID: 3486262-9
Address: Kauppaneliö 11, 60120 Seinäjoki


2. WHAT KIND OF DATA DO WE PROCESS AND WHERE IS THE DATA COLLECTED FROM?

    We typically process the following data:

    • Information about consumer customers, such as name, contact details, communications, billing information, order details such as information about purchased products and devices and their possible serial and registration numbers, direct marketing consents and prohibitions, information about websites accessed through customer or marketing communications, and other information provided by the data subject.
    • Information about contacts of corporate customers, such as name, contact details, title, and communications, information about the organization the contact represents, such as name, business ID, contact details, and billing information, order details such as information about purchased products and devices and their possible serial or registration numbers, direct marketing consents and prohibitions, and information about websites accessed through customer or marketing communications.
    • Information about contacts of potential customers, such as name, contact details, title, and information about the organization the contact represents, such as name, business ID, contact details, and information about websites accessed through customer or marketing communications.
    • Information about contacts at partner organizations, such as name, contact details, title, and communications, as well as information about the organization the contact represents, such as name, business ID, contact details, and billing information.
    • Information about website visitors, such as name and contact details provided via the contact form or chat, automatically collected log data, and data collected by cookies describing the user's device and site usage as per section 5. Visitors can also browse our website without providing information that can personally identify them.

    We obtain information about our customers and partners from the data subject themselves or the organization they represent, from credit information providers, or from authorities. We collect information about potential customers from public sources such as the trade register, company websites, professional profiles like LinkedIn, or through contacts made via the website.

     3. FOR WHAT PURPOSES DO WE USE PERSONAL DATA AND WHAT IS THE LEGAL BASIS FOR PROCESSING?

    We process data for the following purposes:

    • Provision of services and delivery of products: We process the information you provide to fulfill the contract we have made with you or the organization you represent. We cannot contact you regarding matters related to the contract, manage your digital customer account, deliver the newsletter you ordered, invoice products or services, or monitor or collect payments without processing personal data. This processing is based on the contractual relationship (if you are a party to the contract yourself) or on a legitimate interest based on the contract made with the organization you represent. 
    • Marketing: We process and may disclose your data for marketing based on our legitimate interest. Marketing, such as targeted advertising using cookies and electronic direct marketing to consumer customers, may also be based on the consent you have given. 

    We use partners in marketing and digital advertising. For example, we use Facebook's “custom audiences,” targeting advertising on Facebook to our existing customers. Facebook custom audiences are created by generating an encrypted identifier in the browser based on your email address or phone number, which is then compared to Facebook's encrypted identifiers. This allows advertising to be targeted on Facebook to our customers or to create audiences resembling our customers' profiles. We do not receive information about which identifiers sent to Facebook end up in the final audience or which identifiers have no match on Facebook. Conversely, Facebook does not receive information from us about who is behind the identifier. We can do similar advertising and marketing with other partners as well. More information about third parties and cookies used for digital advertising can be found in sections 5 and 7 of this privacy statement.  

    • Drawings and competitions: We organize drawings and competitions that you can participate in if you wish. Processing is based on the consent given at the time of participation. You can withdraw your consent at any time, after which you will no longer be included in the drawing or competition.
    • Business development: We process your data to develop our business and services. This processing is based on our legitimate interest.
    • Ensuring information security and investigating abuses: We process data to ensure information security in accordance with our statutory obligations. We also occasionally use data to prevent and investigate abuses. For example, using automatically collected log data, we can monitor and investigate the actions of the information system user and the legality of data use based on our legitimate interest. 
    • Protecting our rights: We may need to process personal data to resolve disputes, for example. This processing is based on our legitimate interest.
    • Implementation of statutory obligations: We may be required to retain some of your personal data to comply with accounting or other mandatory legislation, such as product liability law. From time to time, we must carry out correction and recall campaigns required by authorities. In such cases, processing is based on compliance with a statutory obligation.

    To the extent that processing is based on legitimate interest, we consider that the processing benefits both you and us. The processing of personal data enables you to receive relevant information about our contract or services. Considering the nature of the data and the purpose of use, we consider that the processing does not conflict with your fundamental rights or freedoms. You can object to marketing at any time. You can object to other processing based on legitimate interest on grounds relating to your personal situation as described in section 6.

    We do not make automated decisions that have legal effects or otherwise significantly affect you.

    3.1 Abandoned Cart Reminders

    If you have entered your contact information (such as email address or phone number) in our online store but have not completed your order, we may contact you to remind you of the unfinished purchase. Contact may be made by email or phone. We process the data based on our legitimate interest to facilitate your shopping process and provide customer service. You can at any time prohibit such reminder messages or calls by contacting us or using the unsubscribe link in the message if it is an email.

    4. HOW LONG DO WE RETAIN DATA?

      We retain your personal data as long as necessary to fulfill the purposes described above. Primarily, the retention periods are as follows:

      • We retain personal data as long as the customer or contractual relationship is active (for example, the contract or direct marketing consent is valid or the contact person of a corporate customer has not prohibited marketing) and for about two years after its termination for the purposes described in this privacy policy, such as contract management, business development, and marketing;
      • After the retention period mentioned above, we keep data for about five years to respond to possible complaints; and 
      • We retain any personal data possibly included in receipts for seven years to comply with accounting obligations.

      After the retention periods mentioned above have expired, we delete the data unless it needs to be retained longer, for example, to respond to legal claims or official inquiries or to comply with product liability or other mandatory legislation.  

      5. HOW ARE COOKIES USED ON THE SITE?

        We may collect information about the user's device of our services using cookies and other similar technologies. A cookie is a small text file that the browser stores on the user's device. Cookies contain a unique, anonymous identifier that allows us to identify and count the browsers visiting our site.

        Cookies do not move independently on the network but are set on the user's terminal device only with the site the user has called. Only the server that sent the cookie can later read and use the cookie. Cookies or other technologies do not harm the user's terminal device or files, nor can cookies be used to run programs or spread malware.

        We collect technical information about your terminal device and information about the use of our websites through cookies. This information includes, for example:

        • device-related information, such as device type, browser version, screen size, operating system, IP address;
        • a unique cookie or mobile identifier; and
        • information about the use of online services, such as data on page loads, times and durations spent on online services, navigation within online services, or viewed content such as articles or online store products. 

        We may use session cookies that expire when you close your web browser, as well as persistent cookies that remain on your device for a certain period or until you delete them. The validity period of persistent cookies typically ranges from a few months to several years. 

        So-called first-party cookies are set by the site visible in the address bar. In addition, our website uses so-called third-party cookies, such as those from advertising technology providers and social media services. 

        We classify cookies according to their purpose as follows:

        • Necessary cookies: These cookies are essential for using our services and their functions, such as logging in or implementing chat and shopping cart functionality.
        • Analytics cookies: These cookies help us gather information on how our websites are used. Among other things, we use the web analytics service Google Analytics provided by Google Inc. to analyze the usage of our websites and to develop our websites to better serve users. The data stored in cookies used by Google's tools is sent to Google's servers located around the world for storage. As a result, this data may be processed on servers located outside the user's country of residence. Using the data received, Google evaluates the user's browsing behavior on the site and compiles summary reports on site usage. Additionally, Google prepares reports on services offered in connection with websites and produces statistics on internet usage. Google may also disclose information to third parties if required by law or in cases where a third party processes the data on Google's behalf. 
        • Advertising cookies: These cookies are used for targeting advertising elsewhere on the Internet. Advertising cookies are generally third-party cookies. Some of these third parties process data as independent controllers, and you can find more information about personal data processing in their privacy policies. Advertising cookies are set by, among others, Google and Facebook.

        You can influence cookies in the following ways:

        • Deleting cookies: You can delete or clear cookies from your browser settings, which resets the profile associated with the previous identifier. 
        • Blocking cookies: You can block cookies from your browser settings. Blocking cookies may affect the functionality of our services or prevent the use of our services, such as login or shopping cart functionality.
        • Blocking the use of Google Analytics: You can prevent the use of site data in Google Analytics by installing the browser add-on that blocks Google Analytics here. This add-on blocks Google Analytics JavaScript (ga.js, analytics.js, and dc.js) running on websites from sharing site visit data with Google Analytics.
        • Blocking targeted advertising: The Your Online Choices website offers comprehensive information about online advertising and the option to opt out of browser-based advertising. It is important to note that after opting out, you will see as much advertising as before, but the ads will not be targeted to you or necessarily of interest to you. You can also influence ad targeting directly on third-party sites. For example, for Facebook, you can influence advertising here. 

        6. WHAT INFLUENCE DO YOU HAVE?

          We implement the rights described below within the limits permitted and required by law:

          • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. If your personal data is being processed, you have the right to a copy of the personal data, provided that providing the information does not adversely affect the rights and freedoms of others.  
          • Right to rectification and erasure: Upon your request, we will rectify or erase personal data that is incorrect, incomplete, or unnecessary for the purpose of processing. Data will not be erased if it is necessary, for example, for the establishment, exercise, or defense of a legal claim.
          • Data portability: If you wish, you can receive the personal data you have provided, which we process automatically based on consent or contract, transferred to yourself or a third party in a machine-readable format.
          • Right to prohibit direct marketing and related profiling: You can prohibit the disclosure and processing of your data for direct marketing purposes at any time.
          • Right to withdraw consent: You can withdraw your given consent at any time.
          • Right to object and restrict processing: You can object to processing based on legitimate interest on grounds relating to your personal situation. For example, in such a situation, processing is restricted for the time during which the grounds for objecting to the processing are assessed. Processing can also be restricted, for example, when you dispute the accuracy of the personal data, in which case processing is restricted for the time during which we can verify the accuracy of the data. If there is a compelling legitimate reason that overrides your rights or freedoms, or if processing is necessary for the establishment, exercise, or defense of legal claims, we will contact you to continue processing the data.
          • Right to complain: You can file a complaint with the authority if your personal data has been processed contrary to this privacy statement and the applicable legislation. Contact details for the supervisory authority, the Data Protection Ombudsman, can be found at: www.tietosuoja.fi. However, we kindly ask you to contact us first so that we can resolve the matter amicably. 

          To exercise the rights described above, we ask you to contact the address provided in section 1. You can object to direct marketing or withdraw your consent to it also via the link at the end of each message. We ask you to verify your identity so that we can ensure that data is not disclosed to anyone other than the data subject themselves.

          7. WHERE ARE THE DATA TRANSFERRED AND DISCLOSED?

            We use subcontractors in data processing, such as transport companies, warehouse operators, and IT system providers, ensuring through contractual arrangements that data is processed in accordance with the applicable legislation at all times. If we transfer data outside the EU or EEA area, we ensure an adequate level of personal data protection, among other things, by agreeing on matters related to the confidentiality and processing of personal data as required by law, for example by utilizing the EU's standard contractual clauses. 

            We do not disclose data to third parties for their own independent purposes except in the cases mentioned below:

            • Authorities: We may disclose personal data as required by competent authorities in accordance with applicable legislation at any given time.
            • SGN Group: We may process and disclose personal data within the SGN Group.
            • Marketing: We may disclose your data to selected partners for marketing purposes unless you have prohibited this.
            • Partners: We may disclose your data to our partners for their legitimate purposes unless you have prohibited this.
            • Corporate arrangements: If we sell, merge, or otherwise arrange our business, personal data may be disclosed to buyers and their advisors.
            • Debt collection and legal claims: We may disclose your data to selected partners for the purpose of collecting receivables and for legal claims.

            8. HOW IS DATA PROTECTED?

              We use appropriate technical and organizational security measures to protect personal data against unauthorized processing. Such measures include the use of firewalls and encryption technologies, proper access control, limited access rights, guidance for personnel involved in processing personal data, and careful selection of subcontractors.  

              9. WHEN DO WE ACT AS JOINT CONTROLLERS

                To the extent that we maintain a page on Facebook or another similar social media service or utilize their functionalities, such as the like button on our site, we may be joint controllers with the respective service provider. For example, through Facebook fan pages, we collect statistical data such as likes and visits to our Facebook pages, the visibility of our posts, and demographic profiles of people reached by our posts. Additionally, we see public information of people who like or comment on our pages, such as their name and profile picture, as well as other information according to the privacy settings defined by the user on Facebook. You can find more information about the processing of personal data in Facebook's or other similar social media service's privacy policies.

                10. CAN CHANGES BE MADE TO THIS PRIVACY POLICY?

                  We continuously develop our services and may change this privacy policy. Changes may also be based on changes in legislation or official guidelines. We recommend regularly reviewing the content of the privacy policy on our website. 

                  The privacy policy was last updated on 29.10.2025