Marimekko is committed to complying with applicable data protection laws and regulations and protecting the privacy of its stakeholders. In this privacy statement, we describe how Marimekko processes the personal data of its customers, suppliers, other business partners, investors, PR and press contacts, and other stakeholders. It includes information on what data we process, for what purposes, and how you can influence the processing of your personal data.
Updated on 20 September 2024
- WHEN DO WE COLLECT YOUR DATA?
We collect your personal data when you:
- are a contact person of our corporate customer, supplier, or other stakeholder (such as a press representative, an influencer, or a potential investor),
- contact us as a representative of your organization,
- subscribe to our stock exchange and press releases,
- give us a permission for direct marketing,
- become a shareholder, and/or
- participate in our event.
We collect much of the data directly from you. In addition, for sales and marketing communications and relationship management purposes, we may obtain the contact information of corporate customers, media representatives, influencers, and other stakeholder representatives from service providers that maintain and sell such data, as well as company websites. In addition, we may use public registers as well as update and other services. The source of shareholder information also includes analysts, and the shareholders register held by Euroclear Finland Ltd on behalf of the Board of Directors of Marimekko Corporation.
2. HOW DO WE PROCESS YOUR DATA?
We process your personal data in order to provide you with our products and services in the best possible way. We process your data for the following purposes:
2.1 Relationship management
We process your personal data to administer and manage our business relationship or other pertinent connection with you. Your personal data is also processed for planning, developing, and managing Marimekko’s business operations.
| Processed data | Basis for processing |
| – Name, company, title and contact information – Communication and actions related to the business relationship or other pertinent connection – Participation in our events, if applicable – Share ownership, if applicable | – Performance of a contract – Compliance with a legal obligation – Marimekko’s legitimate interest (conducting the company’s business, improving customer experience) |
| How long do we store the data? | |
| Until we no longer need your data to fulfil the purpose for which your data was collected, or you no longer perform the tasks in the company or other organisation on the basis of which your data is processed. However, we will continue to process your data if, for example, your new job description justifies this. | |
2.2 Product and service orders
If you reserve or purchase products or services in our B2B shop, we will use your data to process your reservation or purchase order and in case of possible returns or claims.
| Processed data | Basis for processing |
| – Contact information | – Performance of a contract – Compliance with a legal obligation |
| How long do we store the data? | |
| For as long as it is necessary, for example, to defend a legal claim or to comply with accounting and other legal obligations. | |
2.3 Marketing and communications
We process your data to market our products and services and provide company information. We may carry out electronic direct marketing if you have given your consent to it. To do this, we may create an account (which may be a guest account for non-logged in users) based on the information you provide and the information we collect in accordance with this privacy policy. For example, information about whether you have opened emails we send you and clicked links in them may be stored in your account.
| Processed data | Basis for processing |
| – Contact information – Direct marketing consents and other permissions given by you – Data we receive from third parties that complements the data we process in accordance with applicable laws | – Marimekko’s legitimate interest (conducting the company’s business, improving customer experience and targeting direct marketing) – Consent if needed |
| How long do we store the data? | |
| Until the marketing consent has been revoked or until we no longer need your data to fulfil the purpose for which your data was collected, or you no longer perform functions within the company or other organization on the basis of which your data is processed. We store browser and server based tracking data in accordance with our cookie policy. | |
2.4 Surveys and opinion polls
The development of our products and services is of paramount importance to us. If you participate in our customer satisfaction surveys, market surveys or opinion polls, we process your data in order to better understand our customers and other stakeholders and thus offer better products and services.
| Processed data | Basis for processing |
| – Your participation and information you provide in our surveys and opinion polls | – Marimekko’s legitimate interest (conducting the company’s business, and improving customer experience) – Consent if needed |
| How long do we store the data? | |
| Until the survey or poll has ended and its purpose has been fulfilled. | |
2.5 Events and safety
We may use your data to organize events to identify you and ensure your participation. By collecting CCTV recordings, we want to ensure your safety and protect Marimekko’s assets.
| Processed data | Basis for processing |
| – Your participation and information you provide for the event CCTV recordings from cameras placed in our facilities – Photos and video recordings of our events (if we photograph you specifically, we will ask for your consent to publish the photo) | – Marimekko’s legitimate interest (conducting the company’s business, and improving customer experience) – Consent if needed |
| How long do we store the data? | |
| The information you provide will be stored for approximately two (2) years from the date of the event. CCTV recordings are retained for approximately one month, unless a recording relates to an unsolved claim or other issue, in which case the recording is retained until the issue has been solved and possible legal liabilities have been clarified and completed. | |
2.6 Regulatory compliance
Where necessary, we process your personal data to prevent fraud and to comply with applicable laws (such as trade sanctions and anti-bribery laws e.g. by checking the veracity of ultimate beneficial owner information).
| Processed data | Basis for processing |
| – Information from public registers – Updated contact and other information from update services or public registers – Information we receive from third parties that complements the information we process, in accordance with applicable laws | – Compliance with a legal obligation – Marimekko’s legitimate interest (conducting the company’s business) |
| How long do we store the data? | |
| For as long as necessary, for example, to defend a legal claim or to comply with accounting and other legal obligations. | |
3. WHEN IS YOUR DATA DISCLOSED TO OTHERS?
We may disclose your personal data to companies belonging to the Marimekko group. In addition, we use external service providers in the processing of your personal data. We oblige such service providers contractually to ensure a sufficient level of data security to protect your personal data and to comply with applicable laws. These service providers may act as processors of personal data, in which case we commit them not to use your data for their own purposes, but they may also act as separate controllers, for example with regard to personal data required for payment transfers, deliveries, and targeted marketing.
We may also disclose your data to authorities if we are required by law to do so, for example if it is necessary to prevent or investigate fraud or other illegal activities. We may also disclose your data to other parties by order of a competent court. In addition, we may disclose your data in connection with a possible sale of business or other corporate transaction to the buyer of the business or other relevant party related to the transaction.
If we transfer your personal data outside the EU/EEA, we will ensure that there is an appropriate legal basis for the transfer and that the data processing and data security comply with the requirements of applicable laws.
4. HOW DO WE PROTECT YOUR PERSONAL DATA?
We have implemented appropriate technical and organizational security measures to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and other unlawful or unauthorized processing. Security measures include, for example, keeping software versions of our systems up-to-date, security solutions for our communications networks, multi-factor authentication solutions, and storing physical documents in locked and fire-resistant facilities. In addition, the databases and their backups can only be accessed by certain persons, all persons processing personal data must have personal authorization, only our specifically authorized employees or authorized third parties have access to our premises or the right to process the data, and anyone who is granted access to personal data is obliged to keep it confidential. Access levels depend on the type of data required for access to or processing of data by the person’s job description. In addition, we regularly communicate and train our personnel on data protection.
5. YOUR RIGHTS
You can influence the processing of your personal data in the following ways:
- You have the right to access your data: You have the right to request access to your personal data or copies thereof. You can also obtain information about their type, processing and disclosure.
- You can withdraw your consent: If and to the extent the processing of your personal data is based on consent, you can withdraw your consent at any time. If you withdraw your consent, Marimekko will still process your personal data on other legal grounds, for example to comply with applicable laws.
- You can review and edit your personal data: You have a right to request any incorrect, unnecessary, or outdated data to be corrected or deleted and any missing data to be completed.
- You can request the erasure or restriction of processing of your data: If you believe that your personal data is inaccurate or incorrect, that the processing is not lawful, that Marimekko processes your data contrary to the purpose of the processing, or if you wish to object to the processing, you can request that the data be erased or restricted. Marimekko will investigate your request as soon as reasonably possible before deciding on further action.
- You can object to the processing of your data: You have the right to object to the processing of your personal data on a justified basis.
- You can request the portability of your data to another controller: You have the right to receive the personal data you have provided to Marimekko in a structured, commonly used, and machine-readable format and, if you wish, to transmit that data to another controller.
- You can lodge a complaint with a supervisory authority: If you believe that Marimekko is processing your personal data in a way that violates your legal rights, you can lodge a complaint with your local supervisory authority. A list of the websites of the supervisory authorities is available here.
Please note that when exercising the rights listed above, you may be asked for additional information to verify your identity. Such additional information will not be used for any other purpose and will be deleted once your identity has been verified.
6. CONTACT INFORMATION
Controller: Marimekko Corporation, business ID 0111316-2
Data protection officer: Essi Weseri
If you have a request, notification, or any other question regarding the processing of your personal data, you can contact us in the following ways:
- By sending an email to privacy@marimekko.com
- By contacting your Marimekko contact person
7. AMENDMENTS
We may amend this privacy statement from time to time. When we publish changes, the effective date at the beginning of this policy will change to the effective date on which the changes take effect.