Privacy Policy


Qstock Oy
Company ID: 2811591-8
Kansankatu 53 T 3
FI-90100 Oulu

Contact person concerning the register (data privacy officer)

Binta Jabbi
+358 40 456 4113

Name of register

Qstock Oy:n customer data register

The registered

The registered are Qstock Oy website visitors who have submitted their contact information. Among the registered are also people who have authorised direct marketing through the portal.

Purpose of the register

Qstock Oy uses the personal data stored in the register for customer communications by sending newsletters to customers who have authorised direct marketing.

Purposes of collecting and processing data

Data of the registered people are collected and processed with consent from the registered to carry out lotteries and manage customer communications by newsletters.

Register data content

Qstock collects only the necessary contact information, i.e. e-mail addresses.

Period of data storage

We store the personal data for only as long as is needed for the purpose of using the data. After that, the data will be erased. If a person so wishes, they can leave the direct marketing list whenever they want, and they have the right to ask for their personal data to be erased.

Regular data sources

The data is collected by Google Analytics 4 analytics tool.

Regular handover of data and data transfer outside the EU or the ETA

The Qstock Oy customer data register is stored digitally in the Creamailer system, the data privacy functions of which abide by the legislation and official directives of Finland and the EU. The data in the Creamailer service are located on secure servers within the EU. The facilities of the server centre meet Traficom regulations on securing communications networks and services, and on the synchronisation of communications networks (TRAFICOM/54045/

The third-party service provider of the Whistleblowing channel applied by Qstock Oy uses subcontractors that offer technical data processing services, some of which are located outside the EU in the United States of America. Appropriate protective measures outside the EU and the ETA have been taken care of through agreements. See the privacy policy for Whistleblowing.

Principles of protecting the register

No outside party has access to the register maintained by Qstock Oy in the Creamailer system. The data security and data protection in Creamailer is obtained through the lifecycle model of thinking. Creamailer defines that its services and thereby the processing of personal data has been considered in the planning, execution, development, and maintenance of services. Creamailer carries out data security and data protection under the principles of preventive risk management. Creamailer has prepared for data abuse and other risks by observing the nature of the protected data and the probability of risks. The data is not handed over to outside parties or outside the EU or the ETA.

Qstock Oy does not keep any manual record of the newsletter’s subscribers. The system is operated by designated people who mind their user accounts and are bound by confidentiality.

The personal data of form submitters are stored as confidential. The registrar’s organisation supervises the use of the register, and access to the personal data register is limited so that the registered data stored in the system is accessible and authorised only to those employees who shall have and need access to the data in their tasks. Any member of personnel who processes personal data is bound by confidentiality.

Right to inspect and correct data

Every person included in the register has the right to inspect their data stored in the register and the right to demand correction of potentially incorrect data, as well as complementing deficient data. If a person wishes to inspect data stored about them and demand corrections, the request must be sent to the registrar by e-mail. If necessary, the registrar may ask the maker of the request to verify their identity. The registrar shall reply to the customer within the period stated in the EU’s General Data Protection Regulation, GDPR (mainly within a month).

Other rights pertaining to processing of personal data

A registered person has the right to ask for data concerning them to be removed from the register (”the right to be forgotten”). Also, the registered person has any other rights according to the EU’s GDPR, such as the right to limit personal data processing in certain situations. These requests must be made to the registrar by e-mail. If necessary, the registrar may ask the maker of the request to verify their identity. The registrar shall reply to the customer within the period stated in the GDPR (mainly within a month).