PRIVACY NOTICE
AXOPAR BOATS OY
PRIVACY NOTICE
1. General information
The purpose of this Privacy Notice is to describe how Axopar Boats Oy (“Axopar”) processes your personal data, what personal data we collect, how the data is used, and to whom the data is disclosed. In addition, we tell you how you can control the processing of your personal data.
Axopar’s business is focused on providing well-made, competitively priced, and recognizable boats. This Privacy Notice applies to our customers (mainly the dealers and their customers) and potential customers, including newsletter subscribers and website users, and where applicable, our vendors and partners (later “you”).
Personal data refers to information that allows a person to be directly or indirectly identified as an individual person. Personal data, data subject, controller, and other key terms are defined in the General Data Protection Regulation (2016/679, “GDPR”). Axopar complies with the GDPR in all processing of personal data in conjunction with other applicable national data protection legislation.
Our website contains links to websites and services run by other organizations which we do not control. Please, note that this Privacy Notice does not apply to those other websites‚ so we encourage you to read their privacy notices. We are not responsible for the privacy notices and practices of other websites and services (even if you access them using links that we provide).
2. Controller and contact information
Company
Axopar Boats Oy
Bussiness ID
2611096-1
Email
[email protected]
Address
Salmisaarenaukio 1, 00180 Helsinki
3. Processing of your personal data
We collect and process only personal data that is relevant and necessary for the purposes outlined in this Privacy Notice.
You provide us personal data when entering into a business relation with us, ordering our products or services, participating in our promotional events, games, or opinion/marketing research, visiting us, contacting us or communicating with us, or using our products and services (e.g., IT tools and web pages).
We also receive personal data from 3rd parties supporting the delivery of our products and the improvement of our services (e.g. web site analytics and personalised web content), and finding potential customers interested in our products.
In addition, we may receive your personal data from the boat dealer as part of our business processes for the following purposes: managing customer relationships, ensuring safety and product support (including potential recalls), limited segmentation within our CRM system, and for marketing, statistical analysis, and sending boat-related email notifications.
In the context of the whistleblowing channel, the primary source of personal data processed is the channel and the reports made through the whistleblowing channel.
Purpose of the processing
Personal data
Retention times
Sales and after sales: orders/purchases, delivery, invoicing, (debt collection) warranties, reclamations, customer satisfaction & feedback, and related communications
(Dealer/Customer) identity and contact information (name, email, company address, phone number) Information about the boat, including the customer's wishes, feedback, and preferences.
Accounting related data is stored 10 years after the termination of the financial year / accounting period (legal obligation) Other personal data related to sales (and after sales) are stored two years as a maximum after the financial period when the con
Vendor / supplier and partner management
Identity and contact information (name, email, company address, phone number)
As long as the contractual relationship is valid and two years as a maximum after the termination Accounting related data is stored 10 years after the termination of the financial year / accounting period (legal obligation)
Customer services
Identity and personal contact information, feedback/inquiry content and related communications
2 years as a maximum after the case has been resolved or closed unless the case is related to sales (see sales retention time)
Marketing; Distribution of the email newsletter to the subscribers
Name and email address Date and time for subscribing IP address
Until the subscriber cancels the subscription
Marketing; direct marketing by phone and mail, promotional events, competitions, surveys and research
Name, phone number and address, wishes and preferences
12 months as a maximum after the end of the related marketing activity
Service usage and web page behaviour for marketing and market analysis, research, personalised services and targeted marketing Improvement of the website functionality
See Cookie Policy
Ensuring the security of our IT environments and protection of data
Access management and log data
Documented in the IT procedures
Fraud prevention
“Know your customer” data Finnish Act on Detecting and Preventing Money Laundering and Terrorist Financing (503/2008)
As long as required by the Act https://www.finlex.fi/
Legal claims
Establish, exercise or defend against legal claims based on statutory obligation or company’s legitimate interest.
According to the applicable statute of limitations
The legal basis for processing personal data related to sales activities and vendor/supplier and partner management is the performance of a contract or its preparation. When we process the personal data of our dealer’s customers (the buyers), the legal basis may include our legitimate interests to, e.g., manage customer relationships and ensure safety, handle potential recalls and provide product support.
The legal basis for processing personal data for customer services, marketing, improvement of our products and services, and the security of our IT environment is primarily our legitimate interest to
serve our customers, potential customers, vendors, partners, and other stakeholders properly
provide meaningful information and web services,
improve the usability of our services and website,
improve the user experience of our products and services and,
protect our IT environment.
Certain processing is based on your consent, such as newsletter subscription (electronic direct marketing) and usage of cookies or pixels. We will ask for your consent to process your personal data whenever necessary. You can withdraw your consent at any time by unsubscribing from the newsletter by following the instructions in the newsletter or using the unsubscribe function on our website.
We may also process personal data due to legal obligations, e.g., to operate appropriate security measures for the protection of data and to perform fraud prevention.
The legal basis for processing personal data for the whistleblowing channel are:
Axopar’s statutory obligation (Whistleblower Protection Regulation)
Legitimate interest
The Personal data we collect are retained for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required by law or we need it to protect our legal rights. Thereafter, the Personal data will be deleted within a reasonable timeframe or rendered anonymous.
4. Recipients of Personal Data
We utilize service providers and 3rd parties to deliver our business and have delegated some of the business-related operations to service providers. For the purposes stated in this Privacy Notice, personal data may be disclosed, when necessary, to other companies within the same group of companies as us and to other third parties, such as our dealers. Personal data, such as photos and videos from promotional events, may be disclosed to third parties (for example, press, media, and Axopar’s dealers) for press and marketing use based on legitimate interest.
We use IT service providers to, e.g., deliver the website, office, and communications software and equipment. We also use marketing and accounting service providers and analytics services.
A list of the recipients that handle personal data can be provided upon request.
Transfer outside EU/EEA
When Personal data are transferred outside the EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission, or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted including any supplementary measures, where assessed to be necessary, or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR. The following recipients may process data outside the EU/EEA:
Recipient
Transef safeguard
Google Analytics
EU-U.S. Data Privacy Framework
Hubspot
EU-U.S. Data Privacy Framework
Microsoft
EU-U.S. Data Privacy Framework
Salesforce
EU-U.S. Data Privacy Framework
Meta
EU-U.S. Data Privacy Framework
Other transfers
In addition, we may share your information in connection with any merger, sale of our assets, or financing or acquisition of all or a portion of our business and in connection with other similar arrangements.
Personal data are also disclosed to third parties if required under any applicable law or regulation or order by competent authorities and to investigate possible infringing use of the products and services as well as to guarantee the safety of the products and services.
5. Your rights and the Supervisory Authority
You have the rights set out in the applicable data protection legislation.
You have the right to have confirmed if we process your personal data.
You have the right to verify and access your personal data and to request us to provide you with the data in writing or electronically. This applies to information that you have provided to us insofar as the processing is based on a contract/consent.
You have the right to correct any incorrect or incomplete personal data. You also have the right to request us to remove data. However, please note that certain personal data is strictly necessary in order to achieve the purposes defined in this Privacy Notice and may also be required to be retained by applicable laws,
You have the right to transmit to another controller the personal data you have provided (based on your consent or contract relationship).
You have the right to request us to restrict the processing of your personal data in accordance with the conditions set out in the data protection legislation. In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, we will limit access to such data.
You have the right to object to processing of your personal data for certain purposes e.g. you have the right to deny any processing or transferring of data for direct marketing.
If the processing of your personal data is based on consent, you have the right to withdraw consent at any time (the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal).
You can use your rights by submitting a request to the contact information at the beginning of this Privacy Notice. After receiving all the required information for your request (incl. confirmation of identity), we will start the processing of your request. We will contact you within a period of one month at the latest.
We may reject requests that are unreasonably repetitive, excessive, or clearly abusive (manifestly unfounded). We may also reject a request (for example erasure of data) due to a statutory obligation or a statutory right of the company, such as an obligation or a claim relating to our services.
In case you consider our processing activities of your Personal data to be inconsistent with the current legislation, you have the right to lodge a complaint with the competent data protection supervisory authority. However, we request that the matter be dealt with Axopar in the first instance.
The relevant authority in Finland is the Data Protection Ombudsman (www.tietosuoja.fi).
6. Protection of Personal Data
We commit to following the security provisions of applicable data protection regulations, as well as to process Personal Data in compliance with good processing practices.
Personal data are protected with appropriate technical and organizational measures. We store the information in secure IT environments that are protected with adequate security technics. Our personnel and processors that process personal data are obliged to keep the personal data strictly confidential. Access to personal data is only granted to those employees that need the information to perform their work tasks. Employees and processors have personal IDs and passwords.
We inform the authorities and users of data breaches according to applicable information security and data protection regulation(s).
7. Changes to the Privacy Notice
We may make changes to this Privacy Notice at any time by giving a notice on the website and/or by other applicable means. It is highly recommended that you review the Privacy Notice on our website now and then. If you object to any of the changes to this Privacy Notice, you should cease using the services, where applicable, and you can request that we remove the personal data unless applicable laws require us to retain such personal data. Unless stated otherwise, the then-current Privacy Notice applies to all personal data we process at the time.
This Privacy Notice has been published on 1st September 2022 and updated on 23rd September 2025.
