Reg­istry and Pri­va­cy State­ment

This is the Reg­is­ter and Pri­va­cy State­ment in accor­dance with Ouca Bikes Oy’s Per­son­al Data Law (Sec­tions 10 and 24) and the EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR). Pre­pared 21.03.2022. Last mod­i­fied 01.01.2026.

The Con­troller

Ouca Bikes Oy, Tuoteku­ja 1 A 8, 90410 Oulu, Fin­land.

Con­tact per­son respon­si­ble for the reg­is­ter

Jani Sip­ilä, jani.sipila@oucabikes.com, tel. +358 50 552 2991

The Name of the Reg­istry

“Cus­tomer infor­ma­tion reg­is­ter” and “Mar­ket­ing reg­is­ter”.

Legal Basis and Pur­pose of the Pro­cess­ing of Per­son­al Data

The legal basis for the pro­cess­ing of per­son­al data under the EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion is

• con­sent of the per­son (doc­u­ment­ed, vol­un­tary, indi­vid­u­al­ized, informed and unam­bigu­ous)
• a con­tract to which the data sub­ject is a par­ty
• Data Pro­tec­tion Law
• the per­for­mance of a pub­lic task (on which it is based), or
• the legit­i­mate inter­est of the con­troller (eg cus­tomer rela­tion­ship, employ­ment rela­tion­ship, mem­ber­ship).

The pur­pose of pro­cess­ing per­son­al data is com­mu­ni­cat­ing with cus­tomers, main­tain­ing a cus­tomer rela­tion­ship and mar­ket­ing. The data is not used for auto­mat­ed deci­sion mak­ing or pro­fil­ing.

Infor­ma­tion Con­tent of the Reg­is­ter

The infor­ma­tion stored in the reg­is­ter is: person’s name, posi­tion, com­pa­ny / orga­ni­za­tion, con­tact infor­ma­tion, for exam­ple phone num­ber, e‑mail address, address, web­site address­es, IP address of the net­work con­nec­tion, pro­files in social media ser­vices, infor­ma­tion about sub­scribed ser­vices and their changes, billing infor­ma­tion, oth­er infor­ma­tion relat­ed to the cus­tomer rela­tion­ship and the prod­ucts that has been ordered.

We do not store per­son­al infor­ma­tion for longer than is nec­es­sary for its pur­pose or, alter­na­tive­ly, as defined in our secu­ri­ty and pri­va­cy agree­ments with our ser­vice providers or part­ners. Reten­tion peri­ods for per­son­al infor­ma­tion vary depend­ing on the pur­pose and sit­u­a­tion. We will update your per­son­al infor­ma­tion as nec­es­sary and remove unnec­es­sary infor­ma­tion.

Reg­u­lar Sources of Infor­ma­tion

The infor­ma­tion stored in the reg­is­ter is obtained from the cus­tomer by e‑mail, tele­phone, social media ser­vices, con­tracts, cus­tomer meet­ings and oth­er sit­u­a­tions in which the cus­tomer dis­clos­es the infor­ma­tion.

Reg­u­lar Trans­fers of Data and Trans­fers of Data Out­side the EU or the EEA

The infor­ma­tion is not reg­u­lar­ly dis­closed to oth­er par­ties. The infor­ma­tion may be pub­lished to the extent agreed with the cus­tomer..

Reg­istry Secu­ri­ty Prin­ci­ples

The reg­is­ter shall be han­dled with due care and the data processed by the infor­ma­tion sys­tems shall be ade­quate­ly pro­tect­ed. When reg­istry data is stored on Inter­net servers, the phys­i­cal and dig­i­tal secu­ri­ty of their hard­ware is ade­quate­ly addressed. The con­troller shall ensure that the data stored, as well as the access rights to the servers and oth­er infor­ma­tion crit­i­cal to the secu­ri­ty of per­son­al data, are treat­ed con­fi­den­tial­ly and only by the employ­ees whose job descrip­tion it belongs to.

Right of Inspec­tion and Right to Request Rec­ti­fi­ca­tion of Infor­ma­tion

Every per­son in the reg­is­ter has the right to check the infor­ma­tion stored in the reg­is­ter and to request the cor­rec­tion of any incor­rect infor­ma­tion or the com­ple­tion of incom­plete infor­ma­tion. If a per­son wish­es to check or request the rec­ti­fi­ca­tion of data stored about him or her, the request must be sent in writ­ing to the data con­troller. If nec­es­sary, the con­troller may ask the appli­cant to prove his or her iden­ti­ty. The con­troller will respond to the cus­tomer with­in the time lim­it set by the EU Data Pro­tec­tion Reg­u­la­tion (gen­er­al­ly with­in one month).

Oth­er Rights Relat­ed to the Pro­cess­ing of Per­son­al Data

A per­son in the reg­is­ter has the right to request the removal of his or her per­son­al data from the reg­is­ter (“right to be for­got­ten”). Data sub­jects also have oth­er rights under the EU’s gen­er­al data pro­tec­tion reg­u­la­tion, such as restric­tions on the pro­cess­ing of per­son­al data in cer­tain sit­u­a­tions. Requests must be sent in writ­ing to the con­troller. If nec­es­sary, the con­troller may ask the appli­cant to prove his or her iden­ti­ty. The con­troller will respond to the cus­tomer with­in the time lim­it set by the EU Data Pro­tec­tion Reg­u­la­tion (gen­er­al­ly with­in one month).