PROCESSING OF PERSONAL DATA
The responsible processor of personal data in the ROSES24.FI e-shop is ROSES24SUOMI Oy (registration number: 3485004-6),postal address: Roihuvuorentie 21 lt. 4, 00820 HELSINKI /+372 57 87 61 69 and e-mail: [email protected]. ROSES24SUOMI Oy transfers the personal data necessary for payment to its authorised partner Montonio Finance UAB.
What personal data are processed
- Name, telephone number and e-mail address;
- Delivery address
- bank account number;
- the price of goods and services and payment information (purchase history);
- information necessary to provide customer support
Purpose for which personal data are processed
Personal data are used for the management of customer orders and the delivery of goods.
Purchase history data (date of purchase, product, quantity, customer details) is used to provide an overview of the goods and services purchased and to analyse customer preferences.
The bank account number is used for refunds to the customer.
Personal data such as email address, telephone number and customer name are used to resolve issues related to goods and services (customer support).
The IP address or other network identifiers of the e-commerce user are processed to provide the e-commerce service as part of the information society and to keep statistics on internet usage.
Legal basis
The processing of personal data is carried out for the performance of a contract with a customer.
The processing of personal data is carried out for the fulfilment of a legal obligation (e.g. accounting and consumer disputes).
Recipients to whom the personal data are transferred
Personal data are transferred to the customer service department of the online shop for the purpose of managing purchases and purchase history and resolving customer problems.
The name, telephone number and e-mail address will be transmitted to the transport service provider of the customer’s choice. If the goods are delivered by courier, the customer’s address is transmitted in addition to the contact details.
If the accounting of the e-commerce is carried out by the relevant service provider, the personal data will be transmitted to the relevant service provider for the purpose of carrying out the accounting operations.
Personal data may be transferred to IT service providers if this is necessary to ensure the functioning of the online shop or the storage of the data.
Security and access to data
Personal data is stored on EU servers located in the territory of a Member State of the European Union or a country that has joined the European Economic Area. Data may be transferred to countries where the European Commission has assessed the level of data protection to be adequate and to US companies that have signed up to the Privacy Shield.
Personal data is accessible to employees of the online store who may access personal data in order to resolve technical issues related to the use of the online store and to provide customer support services.
The online store applies appropriate physical, organisational and technical security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.
The transfer of personal data to the online store’s authorised processors (e.g. transport service provider and data storage) is based on agreements between the online store and the authorised processors. When processing personal data, the authorised processors are obliged to ensure appropriate safeguards.
Access to and rectification of personal data
Personal data can be viewed and corrected in the user profile of the online shop. If a purchase has been made without creating a user account, personal data can be viewed by contacting customer support.
Withdrawal of consent
If the processing of personal data is based on the customer’s consent, the customer has the right to withdraw consent by informing Customer Support by e-mail.
Retention
When a customer’s account is closed in the online store, the personal data will be deleted unless it is necessary to keep it for accounting purposes or to resolve consumer disputes.
If a purchase is made in the online shop without creating a customer account, the purchase history will be kept for three years.
In the event of disputes concerning payments and consumer claims, personal data will be kept until the claim has been satisfied or until the limitation period for the claim has expired.
Personal data necessary for accounting purposes will be kept for seven years.
Deletion
If you wish to delete personal data, please contact Customer Services by e-mail. A reply to the deletion request will be sent within one month at the latest, including the date of deletion.
Transfer to
A reply to a request for the portability of personal data sent by e-mail will be sent within one month at the latest. The customer service will verify the identity and inform you of the portability of the personal data.
Direct marketing messages
The e-mail address and telephone number will be used to send direct marketing messages if the customer has given his/her consent. If you do not wish to receive direct marketing messages, you must click on the link at the bottom of the email or contact customer service.
Where personal data are processed for direct marketing purposes (profiling), the customer has the right to object at any time to both the initial and subsequent processing of his/her personal data, including profiling for direct marketing purposes, by informing Customer Service by e-mail.
Dispute resolution
Disputes relating to the processing of personal data are settled through the Customer Service([email protected]), +372 57 87 61 69).