Step2Fit - Privacy Notice Concerning Websites, Marketing Activities, and Partners

This privacy notice addresses the processing of personal data by Step2Fit on its websites, in its marketing activities, and in its partner operations. The purpose of the aforementioned activities is to enable the company's commercial operations. Processing the registered personal data is necessary to achieve the above-mentioned purposes. Detailed purposes, grounds for processing, and other principles of personal data processing, as well as a description of the rights of the registered, are described in this notice. The purpose of this notice is to describe how Step2Fit processes personal data in accordance with legislative requirements.

The integrity, protection, and accuracy of the processing of registered data are of paramount importance to Step2Fit. Step2Fit is committed to collecting and processing the personal data of all registered persons in a fair and transparent manner and in compliance with personal data processing legislation.

Purposes and Legal Basis for Personal Data Processing

For marketing purposes, we collect personal data from the registered person themselves, e.g., when subscribing to newsletters and when making contact requests, from public sources (e.g., company websites and trade registers) and from information obtained during other transactions or participation in events.

The personal data collected for marketing purposes is used, among other things, for the following purposes:

Personal data is processed based on the following legal bases, depending on the processing situation: consent given by the registered person, realization of Step2Fit's legitimate interests, and preparation and/or implementation of a contract in which the registered person is a party.

For cooperation with partners (e.g., suppliers and other partners), we collect personal data regularly from the registered person themselves or from the entity they represent (e.g., contact persons of suppliers) or from information obtained during other transactions or participation in events. Information can also be collected from public sources (e.g., company websites and trade registers) and from information obtained during other transactions or participation in events.

Personal data of partners is used, among other things, for communication purposes and other management of the partnership.

Personal data is processed based on the following legal bases, depending on the processing situation: consent given by the registered person, realization of Step2Fit's legitimate interests, preparation and/or implementation of a contract in which the registered person is a party, and compliance with statutory obligations.

During website operation, personal data is collected from the registered person based on their behavior on Step2Fit's website. The information is used, among other things, for website analytics, optimization, and general tracking of visitor numbers.

Processed Personal Data Categories

The following data, among others, is processed about individuals within the scope of this privacy notice:

Marketing measures:

Access to Personal Data

Only those individuals who need the information to ensure system operation and to perform their work have access to the data. Within our company, the following actors have access to personal data:

Step2Fit may use subcontractors and service providers for the processing of personal data. Personal data can be transferred to subcontractors and service providers only to the extent that they participate in the implementation of the uses described in this statement. Such third parties may not use the information for any purpose other than those described in this statement and defined by Step2Fit. The data controller obliges them to keep the information confidential and to adequately ensure data security to protect personal data.

Personal data can be handed over according to the requirements and conditions based on the law presented by the competent authority.

More information in the Microsoft Trust Center: https://www.microsoft.com/fi-fi/TrustCenter/Transparency#Data_storedv

Transfer of Personal Data Outside the EU/EEA and Data Protection During Transfer

Personal data is not transferred outside the EU/EEA.

Duration and location of personal data processing

Step2Fit does not store personal data. Google (analytics) retains visitor data on its EU servers for 26 months.

Automated decision-making

Personal data is not used in automated decision-making.

Rights of the data subjects and their exercise

The data subject has the following rights in relation to personal data covered by this privacy notice:

If a data subject feels that their data has been processed unlawfully, they also have the right to file a complaint with the supervisory authority, which in this case is the Finnish Data Protection Authority, the Data Protection Ombudsman. The data subject also has the right to complain to the supervisory authority in the country where their permanent residence is.

If the data subject has questions about their rights, they can contact the Step2Fit data protection contacts, whose details can be found at the end of this privacy notice.

If the data subject wishes to exercise their rights in relation to their personal data covered by this privacy notice, they can contact info@step2.fit.

Technical and organizational measures taken to protect personal data

The company has implemented appropriate organizational measures, including integrating data protection into the company's operations, product and service development, and company governance; restricting access only to those designated individuals whose access to the data is necessary for the performance of their duties; using locked premises, passwords, and antivirus and firewall software; training the staff and other appropriate cybersecurity and data protection measures.