Huutokaupat.com
Hae sivustolta

PRIVACY POLICY

Please note that this is a translation of the Finnish language version of the Privacy Policy. In case of any discrepancies between the Finnish version and this English version, the Finnish version shall prevail. Translation updated 2nd of July 2025.

Data protection statement in accordance with the EU General Data Protection Regulation (GDPR).

1. NAME AND CONTACT DETAILS OF THE DATA CONTROLLER

Mezzoforte Oy (“Mezzoforte”)

Porkkalankatu 20 C
00180 Helsinki

Contact person:

Toni Welin
+358 9 4241 3200
tietosuojavastaava@mezzoforte.fi

2. NAME OF THE REGISTER

Huutokaupat.com-verkkopalvelun käyttäjärekisteri.

3. PURPOSE AND LEGAL BASIS OF PROCESSING PERSONAL DATA

3.1. Purpose of processing personal data

Huutokaupat.com is an auction-style online service (the ‘Service’) owned and maintained by Mezzoforte. Mezzoforte, and in certain situations, companies belonging to the same group and partners, may process the personal data saved in the register:

  • Establishing, managing and maintaining customer relationships and legitimate interests (such as sending customer letters and other customer-related communications electronically and by other means, handling complaints, etc.);
  • To provide the Service, in which case personal data may also be disclosed to other users of the Service to the extent necessary to execute transactions made on the Service between the buyer and the seller and to deliver the item of the transaction to the buyer;
  • For granting credit, and assessing the company or its responsible person;
  • For invoicing and collection purposes;
  • For profiling, personalising services, and marketing and advertising (including targeting);
  • For preventing and investigating misuse and fraud;
  • To fulfil legal obligations; and
  • For the planning, development and analysis of Mezzoforte's business and the Service.

Mezzoforte and companies belonging to the same group as Mezzoforte have at any given time the right, subject to authorisation and prohibition, to use and disclose the data in the register for justified purposes (such as direct marketing, distance selling and market research) in accordance with data protection legislation.

Personal data may be processed by companies belonging to the same group as Mezzoforte in accordance with applicable data protection legislation.

3.2. Legal basis for processing

Mezzoforte processes personal data on the basis of the applicable data protection legislation. The processing of personal data is based in particular on:

  • The contractual relationship between Mezzoforte and the user of the Service regarding the use of the Service;
  • The consent given by the user of the Service, for example when they have given their consent to the setting of non-essential cookies, or to digital direct marketing;
  • The legitimate interests of Mezzoforte or a company belonging to the same group or a partner, in particular when personal data is processed on the basis of a customer relationship, for direct marketing purposes, for credit assessment, or to prevent or investigate misuse; and
  • A legal obligation, in particular when Mezzoforte processes data contained in invoices or other sales-related material in order to comply with accounting legislation or mandatory liability provisions.

To the extent that Mezzoforte develops the Service, conducts marketing, or intervenes in cases of misuse based on a legitimate interest, Mezzoforte considers that the processing is beneficial to both Mezzoforte and the users of the Service. The processing of personal data enables Mezzoforte to provide better services, inform persons likely to be interested in the Service, personalise content according to user preferences, and keep the Service secure for all users. Mezzoforte strives to be as transparent as possible about its practices and to give users the opportunity to influence them as described in section 9.

To the extent that Mezzoforte personalises the content of the Service, or targets marketing or advertising itself or through its partners, user profiling is carried out. However, Mezzoforte does not make automated decisions that have legal effects on users or otherwise significantly affect them.

4. CONTENT OF THE REGISTER

The register stores the personal data of persons who have registered as users of the Service (‘Users’). The register may contain the following information about the User:

  • Basic information about the User, such as full name, address details, country of residence, date of birth, telephone number, email address;
  • If the User identifies themselves as a business user, the name and business ID of the company represented by the User, and billing information will also be stored. Additionally, information obtained from credit checks on the company and the company's liable person will be stored, as well as information collected on the basis of a legal obligation (such as any tax identification numbers and address details);
  • The User's personal identification number (or, in some cases, other tax identification number, or place of birth) is stored when required by law, as well as registration number of a vehicle or other similar items published in the Service, if it is required for the registration, transfer of ownership, financing, or other similar transaction purposes;
  • Concluding a transaction on the Service requires that the User identifies themselves through an identification service, in which case the information obtained during the identification process, i.e. the User's name, date of birth, gender and personal identification number, will be stored in the register;
  • Payments, fees, and taxes that Mezzoforte has withheld, invoiced, or received from the User;
  • The number of transactions made.

The register may also contain other information collected based on legal obligations (e.g. Laki digitaalisen alustatalouden toimijoiden tiedonantovelvollisuudesta verotuksen alalla (2022/1267)). The provision of the above personal data is necessary for the conclusion of the contract for the use of the Service and for the execution of the transaction between the buyer and the seller. If the User does not provide the above information, Mezzoforte will not be able to enter into a contract with the User for the use of the Service and/or may be obliged to close the User's account until the required information has been provided.

Additionally, personal data relating to persons other than the User may be stored in the Register as follows:

If the seller of an item published on the Service is someone other than the User, the above-mentioned information collected about the User may be collected and stored about the actual seller of the item (including information required by law);

  • If the purchase price of an item sold through the Service is paid to a bank account other than that of the User acting as the seller, the above-mentioned information collected about the User, may be collected and stored of the account holder (including information required by law);
  • If the transferee of a vehicle or other similar item is someone other than the User, the above-mentioned information collected about the User, may be collected about the transferee if and to the extent required by the registration, transfer of ownership, financing, or other similar transactions involving the auction item; and
  • From Users who are not representing limited liability companies (including agriculture and forestry), the personal identification number may be collected for identification, credit management, and collection purposes, if necessary.

The following information about the User is also stored in the register:

  • Information related to invoicing and collection;
  • Information related to the customer relationship and contractual relationship, such as products and services, their start and termination dates, sales and communication contact details, customer service contacts, and complaints;
  • Information related to transactions, such as information on bids, notifications, payments, and deliveries;
  • User IDs and other identification information;
  • Permission information and restrictions, such as direct marketing permissions and restrictions;
  • Interests and other information provided by the User;
  • Event and user analysis data; and
  • Segmentation data formed from the above information, and the observed data described below, e.g. Placing the User in the ‘interested in vans’ category.

In addition, Mezzoforte processes behavioural data observed through cookies and other technologies based on the User's use of the Service. In collecting and processing behavioural data, Mezzoforte also utilises its partners involved in the production of the Service. The collection and processing of behavioural data is described in more detail in section 7.

Personal data provided by the User or otherwise collected during the customer relationship may be combined with behavioural data observed using cookies and other similar technologies for the purposes described in section 3.1.

5. REGULATORY DATA SOURCES

As a rule, data is obtained from the data subject themselves, for example as part of registering to use the Service, or otherwise requesting the data from the User, and the data is updated based on information obtained from the User themselves.

Mezzoforte may also use Users as data processors to assist in the collection of personal data from data subjects. This may be done if necessary to collect personal data mentioned earlier in this privacy policy from persons other than Users (e.g. if an auction item is sold on a commission basis by the User, or the payment for the auction item is transferred to the bank account other than the User).

Data may also be obtained through identification services, from Digital and Population Data Services Agency's population database, and Posti's address information system, as well as other similar public and private registers. Additionally, data may be gathered from Mezzoforte's partners and other parties involved in the provision of the Service, to the extent that they are entitled to disclose such data to Mezzoforte. Data is also obtained in connection with the use of the Service through cookies and other similar technologies.

6. TRANSFER OF DATA OUTSIDE THE EU OR EEA

Mezzoforte may transfer personal data in the following ways:

  • Conducting the auction: The User's personal data will be disclosed to the person or company that is a party to the auction with the User. In accordance with section 6 of the Terms of Use, the party to the auction that receives the data may use the personal data solely for the purpose of conducting the transaction.
  • Direct marketing and surveys: Personal data may be disclosed to Mezzoforte's selected partners for direct marketing purposes and other legitimate purposes, such as opinion and market surveys, and distance selling. If the User has refused to allow their personal data to be used for these purposes, Mezzoforte will not disclose the data.
  • Authorities: The User's personal data may always be disclosed to authorities in accordance with applicable law, other instructions, or orders from authorities binding Mezzoforte.
  • Legal claims and violations: Personal data may be disclosed to third parties if necessary for the performance of a contract, to investigate possible violations, to prepare, submit or defend legal claims, or to collect receivables.
  • Corporate restructuring: Personal data may also be disclosed to the company receiving the data in connection with a business transfer or other corporate restructuring.
  • Consent: Personal data may be disclosed to third parties if the User has given their consent.

The User's personal data may be transferred outside the EU/EEA, for example, if required for the technical implementation of the Service. Mezzoforte has ensured that such transfers are only carried out in accordance with the requirements of data protection legislation, for example by using service providers that store personal data in countries that the European Commission has found to provide an adequate level of data protection, using the European Commission's model clauses.

7. USE OF COOKIES AND SIMILAR TECHNOLOGIES

Mezzoforte uses cookies and other similar technologies that enable the monitoring of the use of the Service. A cookie is a small text file that is stored on the user's device by the browser. Cookies contain an anonymous, unique identifier that enables Mezzoforte to recognise different browsers visiting the Service. Only the server that sents the cookie can later read and use the cookie. Mezzoforte does not obtain information such as the User's name, email address, or other similar identifying information solely through cookies. However, if the User has logged into the Service, Mezzoforte may also link information observed about the User to the personal data provided by the User.

Mezzoforte uses cookies and other similar technologies to track visitor traffic, the use of various features of the Service, and other interactions of the User with the Service. The information obtained through these technologies is used to improve the quality of the Service, to operate the Service, to analyse its use, to develop Mezzoforte's business, to personalise the user experience and content, and to target advertising and marketing.

The information observed based on the User's use includes, among other things, the following information:

  • Actions performed on the Service, such as items viewed, sections and pages viewed, searches performed and search terms, viewing of images, sharing of content
  • time, frequency and duration of visits
  • the page from which the User accessed the Service
  • browser type and operating system
  • device type, such as computer or mobile device
  • IP address
  • session time and duration
  • screen resolution and operating system
  • unique identifier, such as cookie or device ID
  • interaction with communications, such as whether the User has clicked on an email sent to them
  • other information collected with the User's consent.

In addition to Mezzoforte's so-called first-party cookies, the Service uses so-called third-party cookies. These third parties may be, for example, providers of measurement, tracking and other analytics, or advertising services whose services Mezzoforte uses to analyse the use of the Service, to target advertising and marketing, to personalise content, and to develop its business.

Third-party cookies are always subject to the cookie and privacy policies of the service provider in question, and Mezzoforte has no influence on the content of these policies. The user has the opportunity to familiarise themselves with the third parties currently in use and their privacy policies. The user can view and edit their cookie settings on the Evästeet page.

The user has the opportunity to influence cookies in the following ways:

  • Service cookie settings: Users can give their consent to the use of non-essential cookies in the Service's cookie settings. Users can change their choices at any time, for example by withdrawing their consent, by selecting ‘Evästeet’ at the bottom of the page.
  • Private browsing: Private browsing allows the User to restrict the collection of information. Private browsing deletes cookies, browsing history and saved passwords stored in a private window when the private window is closed.
  • Creating a new cookie profile: By clearing cookies from the browser at regular intervals, the user changes their unique identifier, which resets the profile associated with the previous identifier.
  • Blocking cookies: The user can block cookies in their browser settings. Blocking cookies may result in some features of the Service, e.g. customer service chat not being available.
  • Preventing the use of Google Analytics: The user can prevent the use of website data in Google Analytics by installing a browser add-on that prevents the use of Google Analytics here. This add-on prevents Google Analytics JavaScript (ga.js, analytics.js and dc.js) running on websites from sharing website visit data with Google Analytics.
  • Data combination: The user can influence the combination of online behaviour data collected through cookies and other similar technologies and personal data provided by the user by contacting Mezzoforte's customer service by email: asiakaspalvelu@huutokaupat.com or in writing: Mezzoforte Oy, Porkkalankatu 20 C, 00180 Helsinki.
  • Preventing targeted advertising: Some third parties allow you to prevent targeted advertising on the Your Online Choices website.

Restrictions made through the links listed above are based on cookies and will expire if the User deletes all cookies from their browser. The choices are browser-specific, so if the User uses multiple browsers, they must make their choices separately for each browser.

8. SECURITY MEASURES AND DATA RETENTION PERIOD

8.1. Data security

The register is in electronic format and is located on a server managed by Mezzoforte, protected by firewalls and other technical security measures, and maintained by a third party. Access to the register is only granted to Mezzoforte employees and other persons acting on its behalf who need to process personal data for the performance of their duties. Mezzoforte has ensured that such persons are bound by a confidentiality obligation.

8.2. Data retention period

The retention periods for personal data are as follows:

  • User account: Mezzoforte will retain personal data for as long as the User is registered as a user of the Service. Personal data from customer accounts that are deemed inactive will be deleted no later than two years after the end of activity. Some data may be retained for longer if required by law. Inactive users will be reminded of their user account and asked to log in again to keep their account. If the User does not log in to the Service even after the reminders, the user account will be deleted.
  • Purchase transaction data: Personal identification numbers stored for the registration, transfer of ownership, financing, or other similar transaction of a vehicle or other similar item, as well as personal data of the transferee who is not the User, will be deleted once the relevant transaction has been completed. Insofar as Mezzoforte is a party to the auction, the buyer's personal data will be deleted when Mezzoforte's liability for defects based on mandatory legislation has expired, at least two years after the sale. In order to comply with accounting obligations, personal data contained in accounting records will be retained for approximately seven years.
  • Customer feedback, cancellations and complaints: feedback, cancellations, and complaints submitted by the user or other parties to the transaction will be processed until the feedback, cancellation, or complaint has been finally resolved. The data will be stored for two years after the issue has been marked as closed.
  • Service usage data and interaction data: Service usage data collected through cookies and other similar technologies will generally be stored for a maximum of two years. In the case of newsletters, information about the opening of newsletters is stored in the customer management system and retained for as long as the user ID is valid and the newsletter has not been deleted from the system. The information is used to develop communications.
  • Direct marketing: If the user does not have a user ID for the service but subscribes to the newsletter, the subscription will remain active until the user cancels the newsletter subscription, or the sending of newsletters is discontinued.
  • Legal obligations and prevention of abuse: Personal data about the User and other registered persons may, however, always be stored to the extent and for as long as necessary to comply with legislation binding on Mezzoforte or decisions made by authorities. In addition, in order to prevent misuse, an identifier may be stored in anonymous or encrypted form using one-way encryption, which cannot be restored by Mezzoforte or anyone else to identify an individual User.
  • User's request for deletion: Mezzoforte may delete the User's personal data at the User's request, provided that Mezzoforte does not need to retain the data for the purpose of establishing, exercising, or defending legal claims, or for compliance with legal obligations.

9. RIGHTS OF THE DATA SUBJECT

The User or other data subject has the right, in accordance with the applicable data protection legislation, to:

  • Access their personal data processed by Mezzoforte, and check what data has been stored about them;
  • To request the correction, supplementation, or deletion of their personal data if the data is incorrect, unnecessary, incomplete, or outdated, or to change, supplement, or delete their data themselves in the Service;
  • Prohibit the use of their data for direct marketing or profiling;
  • Object to processing based on legitimate interests on grounds relating to their personal situation. In such a situation, for example, processing will be restricted for the period during which the grounds for the objection are assessed. Processing may also be restricted, for example, when the User disputes the accuracy of personal data, in which case processing will be restricted for the period necessary to verify the accuracy of the data;
  • Requests the transfer of data provided by the User from one system to another, provided that the data is processed automatically on the basis of consent or a contract;
  • Withdraw their consent given to Mezzofortelle to the extent that the processing of personal data is based on consent, without affecting the lawfulness of the processing carried out before the withdrawal of consent.

Legal grounds may restrict the above rights of the User or other registered persons.

Requests relating to the above rights should be sent:

By email to asiakaspalvelu@huutokaupat.com or in writing to Mezzoforte Oy, Porkkalankatu 20 C, 00180 Helsinki. Mezzoforte may request additional information to verify the identity of the User.

Personal data may be stored and used if necessary to comply with legal obligations, resolve disputes, or enforce agreements.

The User has the right to lodge a complaint with the authorities if they consider that their data has been processed in violation of this privacy policy or the applicable data protection legislation.

Office of the Data Protection Ombudsman

Tel: 029 56 66700
Email: tietosuoja(at)om.fi

10. JOINT CONTROL

Mezzoforte acts as joint controller when maintaining its Facebook page. With regard to statistical visitor data on Mezzoforte's Huutokaupat.com Facebook pages, Facebook and Mezzoforte are joint controllers. For more information on the processing of personal data, please refer to Facebook's privacy policy.

11. CHANGES TO THE PRIVACY POLICY

We reserve the right to update this privacy policy, for example, due to the development of the Service or mandatory legislation. Changes and updates to the privacy policy will be communicated in the Service.

We recommend that you review the content of the privacy policy regularly. The changes published in May 2018 were based on the entry into force of the EU General Data Protection Regulation (GDPR). In December 2019 and January 2023, the privacy policy was clarified, particularly with regard to the use of cookies and the User's ability to influence the processing of their personal data. In December 2023, the privacy policy was updated in accordance with the Act on the information obligations of digital platform operators in the field of taxation (2022/1267), which entered into force in 2023. In June 2025, the privacy policy was clarified with regard to the retention periods for personal data.