Last update 25th May 2018
(hereafter ”we” or ”Reima”)
2 Contact person for register matters
C/O REIMA OY
PHONE: +358 20 759 5800
3 Name of register
Finnsh Baby Box customer and marketing register
4 What is the legal basis for and purpose of the processing of personal data?
The basis of processing personal data is the performance of a contract and Reimas’s legitimate interest (e.g. customer relationship management, direct marketing) and/or consent of the user.
The purpose of the processing of personal data are:
The delivery and development of our products and services. We collect information to make using our services enjoyable and easy, develop the Serivce further, and to administer your use of the Services (including your Account, if you have an Account).
When you use our Service or order from us, we’ll collect certain information that can be used to identify you (“Personally Identifiable Information”). When you engage with our Services, such as, without limitation, registering for e-mail notifications, setting up a shopping cart, or filling out and submitting an online form, you may be asked to provide Personally Identifiable Information, such as name, email address, phone number, or home address. Depending on which activity you engage in, the Personally Identifiable Information may be required or optional. We may also collect information that is not considered Personally Identifiable Information because it cannot be used alone to identify you, such as due date or country of residence. If you choose to purchase from us, we also collect certain Personally Identifiable Information, such as credit card number, billing address, shipping address, phone number.
We automatically record certain information about how you use our Services (“Log Data”). Log Data may include information such as your IP address, browser type, operating system, the web page that you were visiting before accessing our Services, time spent on our pages, the links on our Services that you clicked on and other statistics. We use Log Data to manage our Service and we analyze or engage third parties to analyze Log Data to make our Services better. We may use a person’s IP address to fight inappropriate usage, such as spam or malware. We also use the IP Address to analyze aggregate information on how our Services are used.
We collect information about where you are located by, for example, inferring your approximate location from your IP address. We use that information to improve and personalize our Services for you, as well as, assess credit card fraud risks.
Fulfilling our contractual and other rights, promises and obligations. We may store certain information that you provided in connection with completing your purchase via our Service (e.g., your purchase history, your visits to our Services prior to purchase and certain billing information).
Taking care of the customer relationship and communications with the customers. We may use your personal data to communicate with you, for example, to provide information relating to the Service or to contact you for customer satisfaction queries.
Analyzing and profiling behaviour of a customer or other data subject such as a potential customer.
Electronic and direct marketing.
Targeting advertising in our and others’ online services.
We use automated decision-making (inc. profiling) to identify the data subjects’ online behavior and purchase habits and create profiles based on the information. We use this information to target marketing and develop our services.
5 What data do we process?
We process the following personal data of the customer or other data subject in connection with the customer and marketing register:
Basic information of the data subject such as name, username and/or other identifying identifier, password, country of residence, language of use;
Contact information of the data subject such as e-mail address, phone number, address;
Information related to the behavior of the data subject in the services and website, which is used for profiling purposes such us the sites and services visited, the duration of visits/use, actions taken on the sites and in services;
Technical information about the data subject’s end devices such as IP address, browser type, and operating system;
Possible direct marketing prohibitions and consents;
Transactions. We collect or ask for information relating to your use of the Service and your other interactions with us. Such information may include, for example, details of the queries or requests you have made, purchase history, details of agreements between you and Reima, records of contacts and communications, information and details relating to the material and content you have provided us with and other such transactional information.
Information regarding the customership and contract, such as information of past and excisting contracts and orders, other transaction information;
Other possible information collected based on the consent of the data subject.
6 From where do we receive information?
We receive personal data concerning customers primarily from the data subject him-/herself.
7 Our policy toward children
Our Services are not directed to children under 18 and we do not knowingly collect Personally Identifiable Information from children under that age. If we learn that we
have collected Personally Identifiable Information of a child under 18, we will delete such information from our files as soon as possible.
8 To whom do we disclose data and do we transfer data outside of EU or EEA?
Data may be disclosed to authorities under compelling provisions. If we decide to sell, buy, merge or otherwise reorganize our business operations in any way, this may involve us disclosing your personal data to e.g. prospective or actual purchasers of our business and their advisers. We transfer and disclose personal data related to customers outside EU/EEA, including but not limited to United States of America. We have implemented suitable safeguards for the transfers and disclosures. We use EU Commission standard contractual clauses or the Privacy Shield system.
9 How do we protect the data and how long do we store them?
Reima takes reasonable technical and organizational information security measures, such as use of firewalls, secure server facilities, encryption, access right management, and other similar measures to prevent and minimize risks associated with processing personal data and its disclosure to and use by unauthorized third parties.
Where appropriate, we may take back-up copies and use other such means to prevent accidental damage to or destruction of your personal data.
However, please note that despite our reasonable steps to protect your personal data, no website, Internet transmission, computer system or wireless connection is completely secure, which we advise you to consider e.g. when choosing, which personal data you provide us with.
Our Services link to websites and services of third parties. We’re not responsible for the information that you provide to those third parties. To protect your information you should review the privacy policies of third parties that you access.
We store the personal data for as long as is necessary considering the purpose of the processing. Personal data about customers is processed and retained during the customer relationship and as long as we deliver services, and after the relationship or service provision has ended for three (3) years. Personal data about potential customers is deleted or updated when it is discovered to be outdated or the data subject is deemed unresponsive to the marketing.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
11 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent, in cases where the processing of the data is based on your consent.
As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object to the processing or request restricting the processing of your personal data. Additionally, you have a right to request your data to be delivered to you in a standard format, in case where the processing of data is based on your consent or a contract between us.
You also have a right to lodge a complaint with a data protection authority in your jurisdiction or with the power to investigate processing concerning your personal data.
For specific personal reasons, you also have a right to object to profiling and other processing concerning you, when processing of the personal data is based on our legitimate interest. In connection to your claim, you should identify the specific grounds on which you object to the processing. We can refuse to act on such a request on the basis of the privacy legislation.
As a data subject you have the right to object to profiling in so far as it relates to direct marketing.
12 Who can you be in contact with?
All contacts and requests concerning this privacy notice must be submitted in writing or in person to the person mentioned in section two (2).