Last update 25th May 2018

PRIVACY POLICY FOR FINNISH BABY BOX SERVICES

It is important for us to protect your privacy. This Privacy Policy (“Privacy Policy”) explains our practices we use to collection and processing personal information that we receive when you use our website www.finnishbabybox.co (“Site”) and order from us via our Site. In this Privacy Policy we collectively use the term “Services” to refer to our Site and services. This Privacy Policy does not apply to any third-party websites or services, even if they are accessible through our Services. Also, please note that, all capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Service.

Reima may change this Privacy Policy from time to time or change, modify or withdraw access to the Service at any time with or without notice. The most current version of the Privacy Policy is found here.

1 Controller

REIMA OY
KARHUMÄENTIE 3
FI-01530 VANTAA
FINLAND

(hereafter ”we” or ”Reima”)

2 Contact person for register matters

HELI VILJANEN
C/O REIMA OY
KARHUMÄENTIE 3
01530 VANTAA
PHONE: +358 20 759 5800
EMAIL: HELI.VILJANEN@REIMA.COM

3 Name of register

Finnsh Baby Box customer and marketing register

The basis of processing personal data is the performance of a contract and Reimas’s legitimate interest (e.g. customer relationship management, direct marketing) and/or consent of the user.

The purpose of the processing of personal data are:

We use automated decision-making (inc. profiling) to identify the data subjects’ online behavior and purchase habits and create profiles based on the information. We use this information to target marketing and develop our services.

5 What data do we process?

We process the following personal data of the customer or other data subject in connection with the customer and marketing register:

6 From where do we receive information?

We receive personal data concerning customers primarily from the data subject him-/herself.

For the purposes described in this Privacy Policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

7 Our policy toward children

Our Services are not directed to children under 18 and we do not knowingly collect Personally Identifiable Information from children under that age. If we learn that we

have collected Personally Identifiable Information of a child under 18, we will delete such information from our files as soon as possible.

8 To whom do we disclose data and do we transfer data outside of EU or EEA?

We may share your personal data within the Reima group of companies, including but not limited to the sales entities of Reima, or authorized third parties who process personal data on behalf of Reima for the purposes described in this Privacy Policy, such as technical service providers or marketing service partners. Such parties are not permitted to use your personal data for any other purposes.

Data may be disclosed to authorities under compelling provisions. If we decide to sell, buy, merge or otherwise reorganize our business operations in any way, this may involve us disclosing your personal data to e.g. prospective or actual purchasers of our business and their advisers. We transfer and disclose personal data related to customers outside EU/EEA, including but not limited to United States of America. We have implemented suitable safeguards for the transfers and disclosures. We use EU Commission standard contractual clauses or the Privacy Shield system.

9 How do we protect the data and how long do we store them?

Reima takes reasonable technical and organizational information security measures, such as use of firewalls, secure server facilities, encryption, access right management, and other similar measures to prevent and minimize risks associated with processing personal data and its disclosure to and use by unauthorized third parties.

Where appropriate, we may take back-up copies and use other such means to prevent accidental damage to or destruction of your personal data.

However, please note that despite our reasonable steps to protect your personal data, no website, Internet transmission, computer system or wireless connection is completely secure, which we advise you to consider e.g. when choosing, which personal data you provide us with.

Our Services link to websites and services of third parties. We’re not responsible for the information that you provide to those third parties. To protect your information you should review the privacy policies of third parties that you access.

We store the personal data for as long as is necessary considering the purpose of the processing. Personal data about customers is processed and retained during the customer relationship and as long as we deliver services, and after the relationship or service provision has ended for three (3) years. Personal data about potential customers is deleted or updated when it is discovered to be outdated or the data subject is deemed unresponsive to the marketing.

We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.

10 Use of cookies

Read about our use of cookies from our Cookie Policy.

11 What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent, in cases where the processing of the data is based on your consent.

As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object to the processing or request restricting the processing of your personal data. Additionally, you have a right to request your data to be delivered to you in a standard format, in case where the processing of data is based on your consent or a contract between us.

You also have a right to lodge a complaint with a data protection authority in your jurisdiction or with the power to investigate processing concerning your personal data.

For specific personal reasons, you also have a right to object to profiling and other processing concerning you, when processing of the personal data is based on our legitimate interest. In connection to your claim, you should identify the specific grounds on which you object to the processing. We can refuse to act on such a request on the basis of the privacy legislation.

As a data subject you have the right to object to profiling in so far as it relates to direct marketing.

12 Who can you be in contact with?

All contacts and requests concerning this privacy notice must be submitted in writing or in person to the person mentioned in section two (2).

13 Changes in the Privacy Policy

Should we make amendments to this Privacy Policy we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this Privacy Policy from time to time to ensure you are aware of any amendments made.