Sarek Oy - Privacy Policy

(Last update 2020-07-30)
In order to be transparent with its customers, Sarek Oy ("Sarek") has adopted a Privacy Policy pertaining to personal data collected or processed by Sarek.
Sarek has updated its Privacy Policy in compliance with applicable regulations, especially the so-called GDPR as pertaining to data protection.

1. CONTROLLER

The controller is Sarek insofar as it processes your data for its own account.
For any inquiry, you may get in touch with the Data Protection Officer whose contact details are below at article 7. Sarek may process your data as a processor for its clients who are Controllers.
This privacy policy only applies to processing carried out by Sarek as a Controller.

2. COLLECTED DATA

Depending on cases, Sarek can collect various data, including but not limited to:
  • Identification data: name, ID card and its number and/or passport and/or any other relevant identification document or number, nationality, residence permit, place and date of birth, IP address and its localization;
  • Contact data: postal eand electronic addresses, phone number;
  • Data pertaining to interactions between Sarek and its clients: cookies, means of payment, mail exchanges;
  • Data pertaining to the processing of postal and electronic mail sent to you such as timestamp and date.

3. PURPOSE

Sarek may process your personal data on the basis of a legal obligation, your consent, a contractual relationship with you, and/or to pursue its legitimate interests. Sarek collects and processes your personal data for different purposes:
  • Communicate with you via postal or electronic mail as part of our provision of service;
  • Providing services;
  • Combating fraud; when placing an order, Sarek may ask for additional documents in order to prevent the risk of fraudulent orders. In any case, no decision is exclusively based on an automated processing. Each decision is taken by one of our agents, based on information provided by our fraud detection tool. You have the right to express your point of view and to contest the decision.
  • Compliance with legal and regulatory obligations;
  • Compliance with our contractual obligations with regulatory authorities and registries, notably the transmission of data pertaining to domain contacts to registries (including personal data of such contacts as well as any other information required by a registry), which may be established in a third country without sufficient level of protection regarding personal data;
  • Anonymous statistical analysis;
  • Should your personal data be processed for different purposes, Sarek will inform you and when required by law will obtain your prior consent.

4. HOW DATA IS COLLECTED

Sarek is likely to collect your personal data through:
  • Sarek websites (including when creating a client account, buying a service or sending a message to our support team);
  • Exchanges with you whether you are a client or prospect;
  • Third parties, notably as part of our contractual relationship with our clients or partners or in the case of incoming domain name transfer from another registrar.

5. TRANSFER OF PERSONAL DATA

Sarek transfers your personal data outside of the European Union insofar as it is necessary for managing your case, or when the law so provides. Such is the case as part when the registry for a top-level domain is established in a third country.
Sarek may also transfer your personal data to third parties if it is required by legal or regulatory provisions or as part of requests by third parties with a legitimate interest (e.g. intellectual property rights enforcement).

6. DATA RETENTION DURATION

Personal data are kept in compliance with legal and tax provisions for a duration that shall not exceed that which is necessary for the purposes data were collected and processed for.

7. RIGHTS

You have a right of access, to rectification and erasure, to data portability, and to object to the processing of your personal data.
You may also, at any time, revoke your consent for further processing when such a processing has your consent as a legal basis (e.g.: publication of your information in the whois).
For any inquiry regarding your rights or to exercise them, you may contact our Data Protection Officer: You have a right to lodge a complaint with a supervisory authority in Finland.

8. COOKIES

Your web browser has a function called "cookies", that downloads a small text file on your computer when you visit our site. It is a piece of information concerning your computer and browser, that is recorded when you visit our website.
The activation of this function is not necessary for visiting our website. Nonetheless, access to some services, notably all that require logging in (such as the administration interface and the management of your domain names, or your personal account) require the use of such "session cookies" in order to function.
Sarek uses session or settings cookies which are essential to the browsing and proper function of the website.

9. SECURITY

Sarek takes all useful precautions, as well as appropriate technical and organizational measures in order to preserve your personal data security and prevent their unlawful destruction, loss, alteration, unauthorized disclosure of, or access to by unauthorized third parties.

10. LINKS

Sarek websites may offer links to other third-party websites such as Registries’ websites.
Sarek does not have any control over the content published on third parties’ websites or over their policies regarding personal data and what they may collect.
Therefore, Sarek cannot be held responsible for these third parties’ processing of your personal data.