Privacy Policy

Privacy Policy

10th of February 2023


The data controller who is responsible for your personal data is ILO Yarn Oy and/or the other ILO Yarn company(ies) with whom you have a relationship with. We are fully committed to protecting your individual rights and keeping your personal data safe. This Privacy Policy is meant to help you understand what information we collect about you, why we collect it, our storing and sharing practices, and what your privacy rights are.

We process individuals’ personal data for a number of reasons. In this Privacy Policy, when we write “you”, we mean you as a customer, a potential customer or our customer’s employees. It can also mean other relevant parties, such as beneficial owners, authorized representatives and managers, shareholders and associated parties. When we write “we” in this Privacy Policy, we mean ILO Yarn Oy including branches and all companies owned and/or controlled directly or indirectly by ILO Yarn Oy at any given time.   


Personal data is in most cases collected directly from you or generated as part of the use of our services, products and channels. Sometimes additional information is required to keep information up to date or to verify the information that we collect.

In some cases, we also collect and process personal data about persons associated with you, for example employees, beneficial owners, agents, chargors, payers, persons who are in contact with us in respect of a single transaction, and other individuals with whom we interact and collaborate with.

The types of personal data we collect

The categories of personal data that we collect, and use are listed below. We have provided examples of the types of personal data that fall within each category. Please note that the list of examples is not exhaustive. The type of personal data that we collect from you will depend on the service or product we are providing to you as a customer. 

  • Identification information: such as your unique identification number, full name and IP address.
  • Contact information: such as physical address, phone number and e-mail address.
  • Financial information: such as the history of the customer relationship between you and us, credit/payment card details, and type of agreement that you have entered into.
  • Information related to legal requirements and taxation: such as country of taxation or foreign taxpayer reference, and information required to be collected for customer due diligence and anti-money laundering requirements.

The sources from which we gather your personal data

From you

We collect information you provide directly to us. For example, when becoming a new customer, we collect personal data such as name, national unique identification number, e-mail address and phone number. We also collect debt information to be able to provide you with the product or service in question. We also collect information which you provide to us, such as messages you have sent as feedback or a request in our digital channels.

From third parties

To be able to offer you our products and services and to comply with statutory requirements, we will also collect personal data from third parties, such as publicly available and other external sources. For example, when you apply for a part payment from us, we may collect information from other sources, such as centralised credit information providers which information from other creditors. To ensure your personal data is accurate and up to date, we receive periodic updates of some personal data categories from third parties (e.g. public authorities).

Examples of third-party data sources include:

  • Registers held by governmental agencies (such as registers held by tax authorities, company registration offices, enforcement authorities, etc.)
  • Financial sanction lists (for example, lists held by international organizations such as the EU and UN as well as national organizations)
  • Registers held by credit-rating agencies and other commercial information provider. 
  • Publicly available data, for example from social media or via search engines. Social media may also share data with us in accordance with your personalised privacy settings in those channels/media.

Email marketing

With your permission, we may send you e-mails regarding our online store, new products and other store-related updates. You can unsubscribe from our mailing list at any time.

Recording of telephone conversations, online meetings and storage of chat conversations

We may record phone calls and chat conversations for documentation of customer requests, verification of orders and security purposes, and to fulfil legal requirements. For example, online meetings, telephone, and chat conversations may be stored to document what happened and was said during the conversation, including any agreements entered into. In some countries, we may use a recording for quality control of services delivered and for improvement of our processes, if allowed by law.

Video surveillance

For security purposes, including crime prevention, we may have cameras in our branch offices and storage facilities.

Storage of data

We offer an online shopping platform on which we sell products and services to you. The information collected from our customers is stored in the information system connected to the online store, databases, and the storage space of the platform. Your data is safe, because it is stored behind a firewall and its protection has been taken care of with appropriate technical measures.


We use and process your personal data on the basis of the legal grounds and purposes described below.

Necessary to perform an agreement with you

One reason we process personal data is to collect and verify the data prior to giving an offer and entering into a contract with you. We also process personal data to document and complete tasks in order to fulfil our contractual obligations towards you, e.g. to provide and administer our products and services to you.

Examples of activities necessary to perform an agreement with you: 

  • collecting your contact information to provide you with customer service during the contract period, including customer care and customer administration and communication with you
  • collecting your identification information and financial information to provide different payment options

Legal requirements

In addition to the performance of contract, processing of personal data also takes place for us to fulfil our obligations under law, other regulations or authority decisions.

Examples of processing due to legal obligations:

  • Know Your Customer requirements
  • Prevention of money laundering and terrorist financing
  • Sanctions screening
  • Bookkeeping regulations
  • Reporting to tax authorities, police authorities, enforcements authorities, and supervisory authorities

Legitimate Interests

We use your personal data where necessary to further our legitimate interests, as long as those legitimate interests are not overridden by your interests or fundamental rights and freedoms.

Examples of our processing based on legitimate interests:

  • Marketing, product, and customer analyses. This processing forms the basis for marketing, process-, business- and system development, including testing. This is to improve our product range and to optimize our customer offerings.
  • Profiling, for example when conducting customer analysis for marketing purposes.
  • Anonymizing financial and demographic data to create statistics to test and develop new products and services. Anonymized and aggregated statistics cannot be linked to an individual.
  • Analyses of the use of social media for the purpose of providing better and more targeted marketing and communication, services and advice, including to respond to your comments and provide you with user support. 
  • Possible establishment, exercise or defense of legal claims and collection procedure.


When you give us your personal data by using our services (for example, verifying your credit card, placing an order, choosing a delivery method or returning a product you ordered), you agree to the collection of your personal data.

There are situations when we will ask for your consent to process your personal data. Information about the purpose, processing activity, types of personal data and your right to withdraw your consent will be provided when you are asked to give us your consent. If you have given consent to processing of your personal data you can always withdraw the consent at any given time. 


We may in some cases use automated decision-making if it is authorized by legislation if you have provided an explicit consent or if it is necessary for the performance of a contract. One example is the automated credit approval process in case you choose to apply for a part payment or invoice.

When using automated decision-making we will provide you with further information about the logic involved, as well as the significance and the envisaged consequences to you.
You can always express your opinion about a decision based solely on automated processing, including profiling, if such a decision would produce legal effects (e.g. contract cancellation) or otherwise similarly significantly affect you (e.g. refusal of an online application).


Your personal data can be shared with others to the extent we are under statutory obligation to do so and to fulfil services and agreements we have with you.

We may share your personal data with others such as authorities, suppliers, payment service providers and business partners.  Before sharing, we always ensure that we respect relevant financial industry secrecy obligations.

The reasons your personal data may be disclosed

To provide our services to you, we disclose data about your data that is necessary to identify you and perform an assignment or agreement with companies that we cooperate with. These services include, but are not limited to, secure payment solutions.

For example, we can disclose data in partial payment situations to a financial company or online store payment method service provider. We may also share anonymized data for social and economic research or statistical purposes, where we believe it is in the public interest.

We disclose your personal data to 

  • Authorities: we disclose personal data to authorities to the extent we are under statutory obligation to do so. Such authorities include tax authorities, police authorities, enforcements authorities and supervisory authorities in relevant countries.
  • Ilo Yarn Group Companies: we disclose personal data internally in the Ilo Yarn Group with your consent or if this is permitted pursuant to legislation.
  • External business partners: we disclose personal data to external business partners with your consent or if this is permitted pursuant to legislation. External business partners include for example vendor partners of finance companies.
  • Suppliers: we have entered into agreements with selected suppliers, which include processing of personal data on behalf of us. This can be suppliers of IT development, maintenance, hosting and support.

Third country transfers

In some cases, we may transfer personal data to organizations in so-called third countries (countries outside of the European Economic Area). Such transfers can be made if any of the following conditions apply.

  • the EU Commission has decided that there is an adequate level of protection in the country in question, or
  • other appropriate safeguards have been taken, for example the use of the standard contractual clauses (EU model-clauses) approved by the EU Commission, or the data processor has valid Binding Corporate Rules (BCR) in place, or

You can access a copy of the relevant EU model-clauses used by us for transfers by going to


Keeping your personal data safe and secure is at the center of how we do business.

We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, and unauthorized access, disclosure, alteration and destruction.


You have the following rights in respect of the personal data we hold on you:

Right to request access to your personal data

You have a right to access the personal data we are keeping about you. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for our business concept and business practices.

Right to request correction of incorrect or incomplete data

If the data we are keeping about you is incorrect or incomplete, you are entitled to have the data corrected, with the restrictions that follow from legislation.

Right to request erasure

You have the right to request erasure of your data in the following cases.

  • you withdraw your consent to the processing and there is no other justified reason for processing,
  • you object to the processing and there is no justified reason for continuing the processing,
  • you object to processing for direct marketing,
  • processing is unlawful, or
  • when processing personal data on minors, if the data was collected in connection with the provision of information society services.

Due to the legislation, we are in many cases obliged to retain personal data on you during your customer relationship, and even after that, e.g., to comply with a statutory obligation or where processing is carried out to manage legal claims.

Right to limitation of processing of personal data

If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data. The processing will be restricted to storage only, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.

If you are entitled to erasure of the data which we have registered about you but the data is necessary for you to defend a legal claim, you may request that we restrict the processing to storage only if you want to keep the data.

Even when processing of your data has been restricted as described above, we may process your data in other ways if this is necessary to enforce a legal claim or you have given your consent.

Right to object to processing based on our legitimate interest

You can always object to the processing of your personal data if the processing is based on our legitimate interest, including direct marketing and profiling in connection to such marketing.

Right to withdraw consent

When the lawful basis for a specific processing activity is your consent, you have a right to withdraw your consent at any given time. Information about your right to withdraw it is provided when you are asked to give us your consent.

Right to data portability

You have a right to receive personal data that you have provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the lawful basis consent or of fulfilling a contract. Where secure and technically feasible the data can also be transmitted to another data controller by us.

Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.


We will keep your data for as long as they are needed for the purposes for which your data was collected and processed or required by laws and regulations.

The reasons we store your personal data

We keep your data for as long as necessary for the performance of a contract and as required by retention requirements in laws and regulations. Where we keep your data for other purposes than those of the performance of a contract, such as for bookkeeping, we keep the data only if necessary and/or mandated by laws and regulations for the respective purpose.

The data retention obligations will differ within the ILO YARN Group subject to local law.

Example of storage times

Bookkeeping regulations: storing legally required information for up to ten years

Details on performance of an agreement: storing information related to your agreement with us for up to ten years after end of customer relationship


We use cookies. You have right to restrict cookies but please note that restricting cookies may affect the functionality of the website.

What are cookies? 

Cookies are small text files that contain letters and numbers and are placed on your computer or device. Cookies are set when you visit a website that uses cookies and may be used to keep track of pages visited within the site, help you continue where you left off or remember your preferences, such as language settings. 

When you enter our websites, you accept our use of cookies.

Why do we use cookies on our websites?

We use cookies and similar technologies to:

  • Deliver products and services to our customers and page visitors
  • Provide a secure online environment
  • Manage our marketing and provide a better online experience
  • Monitor the use of our website
  • Track our website performance
  • Make our website content more relevant to you

The data will not be used to identify individual visitors.

What type of cookies do we use?

We use both session cookies, which are only stored temporarily during the time you visit a site, as well as persistent cookies, which stores a file on your hard disk for a certain period of time. We use different types of cookies on each country-specific website.

In certain circumstances our use of cookies involves processing of personal data. We use appropriate technical, organizational, and administrative security measures to protect any information.

To make it easier for you to understand the way our website uses cookies, we have grouped them into categories:


These cookies are crucial to the operation of this website. These cookies are for instance needed for security and for supporting functionality such as remembering the visitor’s preferences (that is, language or currency) to ensure that this site performs as intended.


These cookies are used to collect aggregated visit behavior on this website. These cookies enable us to optimize websites based on how visitors use our services, for instance which pages visitors go to most often or which products most visitors engage with. The companies setting these cookies have data processing and contractual agreements in place with us.


These cookies are used to enable functionality from third parties, such as video players, podcasts, and social media features. In addition, these cookies enable us to present tailored advertising in third party media. 

Content from third-party providers:

We may show content from external third-party providers on our websites to be able to offer functionality such as YouTube videos, SoundCloud podcasts or Twitter news panels. These third parties often use cookies and will consequently receive and be able to process data on your use of their services. We are not in control of data collected by third parties in these instances.

You can read more about the use of cookies by third parties and their processing of personal data on their respective websites.


If you have any questions regarding our Privacy Policy or are dissatisfied with how we process your personal data or in case you wish to exercise your Individual Rights you can always contact us

ILO Yarn Oy (y-tunnus 2785527-9)

Linnankatu 8

20100 Turku



You can also lodge a complaint with or contact the data protection authority in any of the countries where we provide services or products to you.     


We are constantly improving and developing our services, products and websites, so we may change this Privacy Policy from time to time. If the changes are significant, we will provide you with a notice, when we are required to do so by applicable law.