Partner Privacy Policy
Kokit Application values your privacy and is committed to protecting your personal data. In this Partner Privacy Policy (“Privacy Policy”), we explain how we process personal data in connection with the websites, applications, and other services we offer, as well as when you offer your products and services on our platform in cooperation with us. We comply with the EU General Data Protection Regulation (GDPR) and other applicable laws.
Our customers’ privacy is important to us, and we are committed to handling and protecting the information collected in connection with our services appropriately and securely, to the best of our ability.
This Privacy Policy also applies to substitutes acting on behalf of primary Partners. You must ensure that any substitute is informed about this Partner Privacy Policy before they offer products or services as your substitute. Both you and your substitute may have access to each other’s information.
This Privacy Policy explains how and why we collect and process your information when you visit our website, use our application, or otherwise use the services we offer, and how we protect that information. In addition, this Privacy Policy describes what choices you can make regarding the use of your information and how the information is protected. By providing us with your personal data on our website, in our application, or otherwise in connection with our services, you accept that the processing of data is subject to this Privacy Policy and the data processing principles presented in the register description, as required by the Personal Data Act 1999/523 Section 10 and the EU General Data Protection Regulation (GDPR).
In this Privacy Policy, “you” refers to the Partner (“Yhteistyökumppani”), i.e. the provider of products or services, or any person working for such a provider, or other relevant parties such as substitutes.
This Privacy Policy contains the following sections:
• Data Controller
• What Personal Data Is Collected
• How Your Personal Data Can Be Used and on What Legal Grounds
• To Whom Personal Data Can Be Disclosed
• How Personal Data Is Protected
• Your Rights Regarding Personal Data
• Cookies and Other Technologies
• How Long Your Personal Data Is Stored
• Changes to This Privacy Policy and Cookie Notice
• Direct Marketing
• Contact
Data Controller
This Privacy Policy covers the processing of personal data carried out by Kokit Application. (Kokit Application is a trade name of Slum Boy Oy.)
• Business ID: 3435919-3
• Postal Address: Voimakatu 14 H 7, 20540 Turku, Finland
• Email: hello@kokit.fi
You can reach the appointed Data Protection Officer at the above address.
What Personal Data Is Collected
Information related to our registers of personal data is primarily collected from you directly or from representatives of your company. Information about you is obtained with your consent and/or from transactions related to reservations and purchases. Personal data can also be collected, stored, and updated from other sources.
Personal and company data we collect can be categorized as follows:
• User information required for using the service: full name, phone number, email address, location information, and billing information.
• Optional user information: images, a more detailed description of your experience and personal details, product information, and other information you provide either when creating a user account or later when editing your profile.
• Other user information: order history and information you provide when sending or receiving reviews or comments or when responding to surveys; marketing consents and prohibitions; and other information you provide in communications.
• Information related to statutory requirements: country of taxation or foreign tax identification number, and information related to customer due diligence and the prevention of money laundering.
• Usage data: details of the device, browser, and version of the service you use; your network operator, type of network connection, IP address, and other connection-related details; identifiers provided by your device or by third-party application providers or advertisers (or identifiers we create ourselves); location information; the links from which you arrived at our services and the links you followed from our services; tracking of events by our partners; the time you spend using our service; information about your searches; the parts of the services you visited; the times and dates of your visits; your interactions on the service; and other similar information.
When you offer your products through our service, we may collect, use, and share information about your precise or approximate location, including the real-time geographic location of your mobile device. This location information is collected to provide services to users and partners—for example, to inform parties about a delivery or to fulfill the agreement between a driver and a company. Location data is also needed, for example, to accurately estimate delivery times and to confirm payments.
Additionally, we may process your location data (such as the pickup location collected during a delivery) to resolve user complaints and to handle cases related to breaches of the service agreement. We use non-personally identifiable information whenever possible.
We also retain old product information and any messages between drivers, partners, and users for purposes such as handling possible complaints and addressing allergy or dietary restrictions.
Furthermore, we may collect personal data that is publicly available from third parties. Personal data can be collected, stored, and updated from public registers such as the Business Information System (YTJ), the Finnish Patent and Registration Office (PRH), Suomen Asiakastieto Oy, the Population Register Center, or other similar address and update service providers.
How Your Personal Data Can Be Used and on What Legal Grounds
We use personal data for order management, customer service, marketing personalization, and user analytics. Through analytics, we improve the usability of our website and application.
Service and Product Agreements (Performance of Contract)
The primary purpose of processing personal data is to collect, process, and verify personal data before making an offer and entering into an agreement, as well as to document, manage, and carry out tasks in accordance with the contract. Examples include:
• paying out fees,
• fulfilling other contractual obligations (providing a service or product),
• supplying information related to users’ orders so that services can be properly delivered, and
• responding to questions and requests.
Compliance with Legal Obligations (Legal Obligation)
Complying with obligations defined in laws, regulations, and official decisions requires us to process personal data. Examples of statutory or necessary obligations (and other related purposes) that require the processing of personal data include:
• Accounting regulations – compliance with bookkeeping and financial reporting requirements.
• Reporting to authorities – reporting to tax, police, enforcement, or supervisory authorities as required by law.
• Payment services requirements – fulfilling requirements and obligations related to payment services.
• Service communications – contacting you regarding the service agreement or services, informing you of changes, or requesting feedback related to them.
• Claims and legal processes – handling claims, debt collection, and other legal processes.
• Fraud and misuse prevention – preventing fraud and misuse of our services, and ensuring the security of our information systems and network. For example, based on our legitimate interest, we may retain necessary personal data for a limited time after the end of a contractual relationship if needed to prevent misuse or for security reasons.
• Complaint resolution and breach investigation – resolving user complaints and investigating or responding to incidents related to a breach of the service agreement between you and us.
• Recording communications – recording your communications with our customer support (for example, call recordings) for quality assurance or record-keeping.
• Business development – developing our business, services, and products, and improving cooperation with Partners. For example, to improve service quality, we analyze trends and Partner behavior in the use of our services, using non-personally identifiable data whenever possible.
• Internal group processing – processing your data within our corporate group in accordance with this Privacy Policy.
Marketing, Product, and Customer Analyses (Legitimate Interest)
Personal data is also processed in connection with marketing, product, and customer analyses. Marketing activities and the development of processes, business operations, and systems (including testing) are based on the processing of personal data. This allows us to improve our product selection and optimize the services offered to customers. These activities may involve profiling. We have a legitimate interest in using profiling, for example, for customer analysis for marketing purposes or to match a job applicant with a suitable position.
Consent
In certain parts of our services, we may request your consent for the processing of personal data. For example, processing your location data requires permission, which you can grant through your mobile devices or browser’s operating system. Precise location data can be collected when the application is active in the background or foreground. You can allow or disable location tracking in your device settings. If location tracking is not enabled, we cannot receive precise location data, which will prevent the receipt of location-based work tasks.
Additionally, with your consent, we may process personal identification data such as facial recognition data or video footage for purposes like verifying your identity.
Automatic Processing
In providing our services, data processing may include automated decision-making solutions that allocate work tasks efficiently. These decisions are influenced by factors such as:
• location and the distance to the delivery address, and
• schedules and possible restrictions (for example, age-related delivery requirements).
Our automated systems are designed to optimize overall travel distance in an urban area and minimize delays. Personal attributes—such as past performance—are not used in the decision-making process.
If you have any questions regarding automated decisions or if you need assistance in verifying the correctness of an automated decision, you can contact our customer service.
To Whom Personal Data Can Be Disclosed
Sharing with third-party partners: We may share personal data with trusted partners such as payment service providers, providers of products and services being delivered, authorized service providers, and transportation or logistics services. We always ensure that these parties adhere to our guidelines and general confidentiality obligations when handling personal data. Providing our services and fulfilling agreements necessitate disclosing your personal data to such partners.
We disclose the information necessary to verify your identity and to carry out an order or enforce an agreement to the companies and individuals we work with in order to provide the services. For example, information may be shared to ensure an order is delivered, to approve a substitute product, or to provide additional details related to an order.
We also disclose personal data to government authorities as required by law. Such authorities include, for example, tax authorities, police, enforcement authorities, and data protection or other supervisory authorities.
Information may further be disclosed to external business partners with your consent or as allowed by law. We have agreements with selected suppliers of goods and services that involve processing personal data on behalf of our company. For example, we have contracts with providers of software development, maintenance, server and hosting services, and IT support, which ensure that personal data is handled in accordance with our instructions.
We may share your name and other necessary personal details with end-users when it is needed to carry out a delivery. For instance, if a user wants to initiate a chat conversation with you, or if you initiate a chat with a user through the application, we may display your first name to the user.
We may also share personal data with other third parties that need access to your information to provide services to users or to fulfill the purposes defined in this Privacy Policy. For example, partners providing transportation for the products you offer will receive information about the estimated completion time of an order and the pickup location.
With Explicit Consent: In certain situations, we will seek your consent before processing or sharing your personal data—for instance, for direct marketing purposes or when processing certain special categories of data. The consent request will include information about that specific data processing, and you may withdraw any consent you have given at any time.
Other Justified Reasons: We may transfer personal data in scenarios where our business is involved in a merger, acquisition, or sale of assets. In such events, we will continue to ensure the confidentiality of personal data and will inform affected users of the transfer and any changes to privacy practices, as required.
Transfer to Countries Outside Europe: As a rule, we do not transfer your data to countries outside the European Economic Area (EEA). If it becomes necessary, we will ensure that any transfer of personal data outside the EEA is protected with appropriate and adequate safeguards in compliance with data protection requirements.
How Personal Data Is Protected
We have implemented appropriate technical, organizational, and administrative security procedures to protect all information in our possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Your Rights Regarding Personal Data
As a data subject, you have the following rights regarding the personal data we hold about you:
• Right to access your personal data: You have the right to access the personal data we hold about you. However, this right of access may be restricted based on legislation, the privacy rights of others, or our business practices. Trade secrets and internal evaluations or materials may also limit your ability to receive certain information.
• Right to rectification: You have the right to request correction of any incorrect or incomplete personal information we have about you, unless applicable law restricts such correction.
• Right to erasure: You have the right to request the deletion of your personal data in certain circumstances, for example:
• if you withdraw your consent to processing and there is no other justified reason for us to continue processing your data;
• if you object to the processing of your data and there is no acceptable reason for it to continue.
• if you object to the processing of your data for direct marketing purposes.
• if the processing of your data is unlawful; or
• if the data concerns a minor and was collected in connection with offering information society services.
• Right to restrict processing: You have the right to request that the processing of your personal data be restricted to storage only. This right applies, for example, if you contest the accuracy of the data we hold or question the lawfulness of processing, or if you have objected to processing your data. In such cases, we will restrict processing to mere storage until the issue is resolved (for instance, until the accuracy of your data is verified, or it is determined whether our legitimate grounds override yours). If you are not entitled to have certain data deleted, you can ask us to limit the processing of that data to storage only. If the processing of your data is necessary solely for the establishment, exercise, or defense of legal claims, you can demand that processing be limited to storage. Please note that we may still process your data for other purposes if required for the establishment, exercise, or defense of legal claims, or if you have given your consent.
• Right to object: You have the right to object to the processing of your personal data when it is based on our legitimate interest. This includes objecting to processing for direct marketing purposes or to any profiling related to direct marketing.
• Right to data portability: You have the right to receive the personal data you have provided to us in a machine-readable format. This right applies to personal data that is processed by automated means and based on your consent or on the performance of a contract. Transferring this data to another data controller is possible only if it is secure and technically feasible for us to do so.
Requests to exercise any of the above rights will be evaluated on a case-by-case basis, considering the circumstances of each request.
Cookies and Other Technologies
We use cookies, among other technologies, on our website to collect and store information about the services you use. We may also combine information collected via cookies with other data. If you provide information in our service that can identify you, we will store that information along with any other data we have collected.
The information described above is used, among other purposes, to monitor and develop the use of our service, to produce targeted advertising, and to measure the effectiveness of advertising. You can read more details about our use of cookies on our website.
Cookies and other data on our website do not harm your device or files. The retention period of cookies varies, ranging from a few seconds up to being stored permanently (until deleted).
Users can choose to set their web browser to refuse cookies. Please note that some parts of the service may not function properly if cookies are disabled.
We also use third-party services and integrations on our site for analytics, marketing, and other purposes (for example, Google Analytics). You can review the privacy practices of such third-party services on the respective providers’ websites.
How Long Your Personal Data Is Stored
We retain your data for as long as it is needed for the purpose for which it was collected and processed, or for as long as required by applicable laws and regulations.
In practice, we keep your data for as long as it is needed to carry out our contract with you, and thereafter as long as laws and regulations require. If we retain your data for purposes other than fulfilling a contract – such as for anti-money laundering compliance, accounting, or meeting solvency requirements – we will retain the data only for as long as it is necessary for that purpose and/or as mandated by law or regulation.
For example:
• Accounting regulations: up to 10 years
• Payment service requirements and obligations: 5 years
• Other obligations under service- or product-specific legislation: up to 7 years
• Offers: up to 2 years after the offer has ended
• Information on contract performance: up to 10 years after the end of the customer relationship (for the purpose of defending against legal claims)
• IP address information: stored for 36 months
The above time periods are given as examples for clarification purposes only.
Changes to This Privacy Policy and Cookie Notice
We continuously improve and develop our services, products, and websites, so this Privacy Policy (and the related information about cookies) may be updated from time to time. If significant changes are made to the Privacy Policy, we will provide a clear notice of these changes when required by applicable law.
Direct Marketing
You have the choice not to permit the use of your personal data for direct marketing, market research, or profiling for direct marketing purposes. You can manage your direct marketing preferences by using the features of our service, utilizing the opt-out option provided in our communications, or by contacting our customer service.
Contact
If you have any questions about this Privacy Policy, you can contact our customer service for assistance. You also have the right to file a complaint or to contact the data protection authority if you believe that our handling of your personal data conflicts with applicable data protection laws.