2+1 years

Privacy Statement

This privacy statement (“Statement”) explains how the personal data of actual or potential clients of Mirka Ltd (“Mirka”), website visitors at Mirka.com, and users of various Mirka services is processed. It is intended to cover all personal data processing by Mirka, except for purely internal processing (such as for internal HR, production or other internal purposes), and processing in relation to Mirka’s Partner Program and Partner Portal, which is covered by a different privacy statement, accessible here: Partner Portal Privacy Statement

This Statement was originally written in English. In case of any discrepancy between the English version and any translation, the English version shall prevail.

The information presented below covering data processors, and what data is processed (section 2) is divided into sections for ease of use/clarity, which you can click open for more detailed information.

Further sections on data processing may be added or existing ones amended from time to time, and this Statement will then be updated as needed.

This document contains the following information:

1. Overall description of our data processing practices
2. Who processes personal data, what data is processed, for what purpose, and how long is it stored
3. Data transfers
4. What are your rights
5. Changes to the Statement
6. Use of non-personal data

     Appendix: Glossary

1. Overall description of our data processing practices

Mirka as the data controller, collects and processes personal data under this Privacy Statement and in accordance with applicable national legislation, including the EU General Data Protection Regulation. The term “personal data” refers to personal identifiable information that directly or indirectly identifies you, such as your name, physical address, e-mail address, IP number or other contact details. Personal data processing refers to any action that we or a third party that we have engaged takes with the personal data, such as collection, registration and storage. We process personal data that is adequate, relevant and not excessive in relation to the purpose for which it has been collected. We only collect and process personal data where we have lawful grounds to do so.  

2. Who processes personal data, what data is processed, for what purpose, and how long is it stored

Responsible data controller and data processors

For all of the fields of processing listed below, the data controller for personal data collected and processed is Mirka. Mirka also transfers data, and provides access to data to other Mirka Group companies, in particular local subsidiaries, in order to fulfil orders, to fulfil warranty obligations, to provide local support, and to manage clients and partners. These Mirka Group companies act as processors on the basis of a written data processing agreement. For inquiries relating to personal data at Mirka, please contact: privacy@mirka.com

For detailed information on data processors, and processing of data related to specific fields of data processing, please click open the relevant sections below.

myMirka users

Mirka processes personal data of persons (“User(s)”) using the myMirka service, including e.g. tool warranty registration service and other functionalities, either through an app or web portal (“myMirka”). In addition, myMirka may collect non-personal, power tool related data of some users of myMirka. For more information on this, see Section 6 Use of non-personal data.

Who processes the personal data?

In addition to processing by group companies, Mirka uses external data processors to provide myMirka, in particular:

• A cloud service provider, currently Microsoft Azure
• A content management system (CMS) and webform provider and processor, currently Optimizely
• An email service provider, currently Twilio SendGrid
• Maintenance and development providers, currently KPS and Solita
• A payment service provider, currently Adyen
• Shipping providers for product returns, currently Posti, UPS and FedEx
• Analytics providers, currently Fullstory, Plausible and Alphabet (Google Analytics)

Data is processed by these processors subject to a written data processing agreement with Mirka, consistent with article 28 of GDPR. For information about the processing of personal data when purchasing Mirka goods or services, see ecommerce below.

What data is processed in myMirka, for what purpose, and how long is it stored

Data is collected mainly from the User through a registration form, although some data may also be collected through use of myMirka. Access to myMirka requires providing personal data, in particular the User’s name and contact information.

Sales and marketing contacts

Mirka processes personal data of contact persons (“Contact(s)”) of current or potential customers in connection with its business-to-business (B2B) sales and marketing activities.

Who processes the personal data?

In addition to processing by group companies, Mirka uses external data processors in connection with sales and marketing related processing, in particular:

• Cloud service and CRM system provider, currently SAP
• Email service provider, currently Sinch
• Sales support service provider, currently SnapADDY and ABBYY Cloud
• Maintenance and development providers, currently KPS and Vincit

Data is processed by these processors subject to a written data processing agreement with Mirka, consistent with article 28 of GDPR.

What data is processed in relation to Marketing, for what purpose, and how long is it stored?

What data is processed in relation to Sales, for what purpose, and how long is it stored

Data is collected into the marketing/sales systems directly from Contacts using, e.g., webforms. The provision of personal data is necessary for those potential clients that wish to procure Mirka goods or services.  

Mirka.com website visitors

Mirka processes personal data of visitors (“Visitor(s)”) to its website based on their browsing activities as well as on various contact forms they may use on the website. In addition, Mirka may collect non-personal analytics data of visitors. For more information on this, see Section 6 Use of non-personal data.

Note! The Visitor may also browse or purchase products while visiting the Mirka website. For personal data processing relating to e-commerce, see below.

Who processes the personal data?

In addition to processing by group companies, Mirka uses external data processors to provide its website and related services, in particular:

• Cloud service provider, currently Microsoft Azure
• CMS and webform provider and processor, currently Optimizely
• CRM system provider, currently SAP
• Analytics service providers, currently Alphabet (Google Analytics), Plausible and Fullstory

What data of Visitors is processed, for what purpose, and how long is it stored

Data collected through contact forms is collected directly from the Visitor, whereas some data is collected simply through visiting and browsing the Mirka website if the Visitor has allowed cookies. Use of contact forms requires providing personal data, in particular the Visitor’s name and contact information.

eCommerce customers

Mirka processes personal data of customers (“Customer(s)”) buying from its online shop based on their shopping activities as well as on the purchase orders they make. The data collected slightly varies depending on whether the Customer is shopping on their own behalf (“B2C”) or on behalf of a company (“B2B”). In addition, Mirka may collect non-personal analytics data of Customers. For more information on this, see Section 6 Use of non-personal data.

Note! Using the online shop requires browsing the Mirka website. For personal data processing relating to browsing the website as a Visitor, see above.

Who processes the personal data?

In addition to processing by group companies, Mirka uses external data processors to provide its online shop and related services, in particular:

• Cloud service provider, currently Microsoft Azure
• CMS and webform provider and processer, currently Optimizely
• CRM and Marketing automation system provider, currently SAP
• eCommerce platform provider, currently SAP
• Email service provider, currently Sinch and Twilio SendGrid
• Analytics service providers, currently Alphabet (Google Analytics), Plausible and Fullstory

In addition, Mirka uses Adyen NV as a payment processing provider. When processing payments, Adyen acts as a data controller. For more information about how Adyen processes information when processing payments, see their privacy notice: https://www.adyen.com/privacy-policy

What data of Customers is processed, for what purpose, and how long is it stored

Data collected in connection with purchases and returns is collected directly from the Customer, whereas some data is collected simply through visiting and browsing the Mirka online shop if the Customer has allowed cookies. Making a purchase requires providing personal data, in particular the Customer’s name and contact information.  

3. Data transfers

For data subjects in the EU/EEA/UK, the servers will be hosted in the EU. However, personal data may be accessed (and therefore processed) from outside the EU/EEA/UK or in some cases transferred outside the EU/EEA/UK, by local Mirka subsidiaries in order to:

• provide support or repair
• fulfil orders
• investigate suspected or actual illegal activity
• prevent physical harm or financial loss
• support the sale or transfer of all or a portion of our business or assets

All transfers/processing of personal data outside the EU/EEA are carried out on the basis of an adequacy decision by the EU commission (GDPR Article 45), or subject to standard contractual clauses (GDPR Article 46), complemented by sufficient supplementary safeguards in order to ensure that the rights of data subjects can be fulfilled. You can request a copy of the standard contractual clauses, including a description of the transferred data, by using the contact details provided for Mirka above.

4. What are your rights

Since we process your personal data, you can exercise certain rights during specific circumstances under the applicable data protection legislation as follows:

• Right to access and rectification: You have the right to request access to the personal data relating to you. This includes e.g. the right to be informed whether or not personal data about you is being processed, what personal data is being processed, and the purpose of the processing. You also have the right to request that inaccurate or incomplete personal data be corrected.
• Right to restriction of processing: You are entitled to restrict the processing of personal data in certain situations.
• Right to object: You have the right to object at any time to the processing of your personal data based on legitimate interests. This includes the right to object to processing for direct marketing purposes. If you object, we will no longer process your personal data for such purposes.
• Right to be forgotten: You may also request that your personal data be erased if e.g. the personal data is no longer necessary for the purposes for which it was collected, the processing is unlawful, or the personal data has to be erased to enable us to comply with a legal requirement.
• Right to Data Portability: If personal data about you that you yourself have provided is being processed automatically with your consent or in accordance with a contract between you and Mirka, you may request that the data is provided in a structured, commonly used and machine-readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible.
• Opt-out from marketing: We will give you the opportunity to opt out of future marketing whenever we send you marketing material, you can also opt out at any time by contacting us.
• If you wish to exercise your rights or have any other questions regarding your personal data, please contact us at: privacy@mirka.com. You are also entitled, at any time, to lodge a complaint with the relevant supervisory authority if you consider that your personal data has been processed in contravention of applicable data protection legislation. The supervisory authority for Mirka’s domicile is the Finnish Data Protection Ombudsman: https://tietosuoja.fi/en/home

5. Changes to the Statement

Mirka reserves the right to amend this Statement from time to time. We will post any changes on this page and, where appropriate, notify you by e-mail. Please check back regularly to see any updates or changes to our Privacy Statement.

6. Use of non-personal data

Mirka also collects and processes data that does not directly or indirectly identify individual Visitors. Furthermore, certain data is anonymised or collected into general statistics containing no personal data, which may then be used for developing Mirka goods or services, or analysing usage of Mirka goods or services.

Cookies and website analytics data

When you enter this website, we may collect information about your computer, IP address, operating system and browser type, for example, for statistical purposes or for the purposes of system administration. This information generally comprises data which does not allow individual identification of information related to a specific user. If a Visitor gives consent and allows cookies via the Cookiebot banner, Mirka uses cookies from Google Analytics and Google Tag Manager as well as Plausible and Fullstory in order to further analyse web usage and traffic. More information concerning cookie practices by Mirka can be found in our Cookiebot banner, which you can access again by clicking the "Cookie preferences" link in the footer.

For Google Analytics 4 (GA4), we have implemented the following measures to protect user privacy:

• IP address anonymization is enabled
• Data sharing with Google products and services is disabled
• Advertising features are disabled
• User-ID tracking is disabled
• Maximum data retention period is set to the shortest possible, currently 2 months
• We process the data within the EU where possible through Google's EU servers

The data collected by GA4 is transferred to Google servers, which may be located outside the EU/EEA. Such transfers are safeguarded by the EU Standard Contractual Clauses and additional technical and organizational measures. For more information about how Google processes data, please see Google's Privacy Policy: https://policies.google.com/privacy

Power Tools analytics data

In addition, Mirka collects and processes non-personal data collected for persons who have connected their power tools to myMirka. In particular, Mirka collects and processes data relating to speed, usage time, vibration, accumulated vibration dose, battery capacity, battery charge, battery charge level, battery full charge cycles, battery health, tool settings and malfunction alerts. This data may be used to provide analytics and reports to the user or to develop Mirka products or services.

Revised: 16.1.2025

Appendix

Glossary

Analytics data: Information collected about how users interact with websites or applications, including page views, clicks, and navigation patterns.

Cookie: A small text file stored on your device that helps websites remember your preferences and track your browsing behaviour.

DDoS Attack: Distributed Denial of Service - an attempt to disrupt normal website traffic by overwhelming the system.

IP Address: A unique numerical label assigned to each device connected to a computer network.

Pseudonymous Identifier: A processed version of personal data where the most identifying fields are replaced with artificial identifiers.

Server: A computer or system that provides resources, data, or services to other computers over a network.

Session: A period of time during which a user interacts with a website or application.

Standard Contractual Clauses (SCCs): Legal tools approved by the European Commission for international data transfers.

User ID: A unique identifier assigned to track individual user activity across sessions.