Data Protection Record of Oy Osk. Lindroos Ab’s Customer and Marketing Data Filing System
Oy Osk. Lindroos Ab (later “Company” or “We”) is committed to ensure the confidentiality and data protection of personal data at its possession. This data protection record is applied to personal data that we collect in relation to our customer and marketing data filing system (later “Data Filing System”). The personal data and related processing is described in this data protection record. Additional information regarding the processing of personal data in the Data Filing System is provided by our contact person Antti Keisu (firstname.lastname@example.org).
We may update this data protection record from time to time, for example due to changes in applicable legislation. We endeavour to carry out reasonable means to inform you of any possible changes and their effects in due time beforehand. Therefore, we advise you to review this data protection record always after becoming aware of changes regarding the data protection record. This data protection record was last updated on 26 June 2019.
2 Data Controller and Data Protection Officer
Name: Oy Osk. Lindroos Ab
Address: Aleksanterinkatu 48 B
00100 Helsinki, Finland
Tel: +358 9 624 940
Business ID: 1594495-2
Oy Osk. Lindroos Ab´s ’s data protection officer: Antti Keisu (email@example.com).
3 Whose Personal Data Do We Collect?
We process the personal data of our customers’ and potential customers’ (hereinafter “you”) in the Data Filing System.
4 What Categories of Personal Data Do We Process?
We process the following categories of personal data of our customers or potential customers:
- your name;
- your contact details: email address and telephone number;
- the company you are representing and your position in the company; and
- information concerning the exploitation of electronic services and content (e.g. subscription to a newsletter), technical information sent to our server by your browser (e.g. IP-address, browser, browser version, the webpage from which you came to our webpage) as well as the cookies sent to your browser and information related to them (additional information on cookies and similar technologies below in Section 13).
5 Which Sources Do We Use to Collect Personal Data?
We collect personal data primarily from the data subjects themselves (e.g. your contact requests through our webpage and business cards delivered to us). In addition, personal data are obtained from the following sources: Posti Group, Klarna and PayTrail.
6 Basis for, Purposes and Impacts of Processing Your Personal Data
The basis for processing your personal data is our legitimate interest based on our purposes of use determined below. We also send you electronic direct marketing messages based on your consent.
If you are already our customer:
The purpose of the processing of your personal data as an existing customer is in particular the management and maintenance of our customer relationships. In addition, your personal data are processed for the sales and direct marketing of our products and services. By processing your personal data, we are able to provide better services for you and develop our products and services to better fit the needs of our customers. The processing of your personal data will have no other impact on you.
If you are our potential customer:
The purpose for which the personal data concerning our potential customers are used is carrying out direct marketing and other sales and marketing measures regarding our services and products, i.e. standard marketing procedures such as sending marketing messages by email. The processing of the personal data of our potential customers has no other impacts than targeting of marketing messages.
We also perform profiling of your personal data in order to target and enhance our marketing and improve the quality of our marketing. With profiling we are able to target marketing to you that better responds to your interests and needs based on e.g. your previous purchases. More information on profiling can be found in section 10 below.
We further process your personal data in some situations [e.g. for product development and the planning of marketing campaigns]. We endeavour to, whenever possible, anonymise and pseudonymise all of your personal data used for the said purposes before further processing them. We also always utilise all data security measures described in section 12. The purposes of use in question are closely connected to the primary purposes of use described above and are a substantial part of our customer relationships and their development. The further processing has no direct impacts on you as a data subject. We do not further process your personal data for other purposes. The purposes of the further processing are the purposes of processing mentioned above.
7 Regular Disclosures and Transfers of Your Personal Data to Third Parties
Your personal data may be transferred to our sales and marketing business partners. Currently our business partners are inter alia: Breguet, Bvlgari, Gemex, Lapponia Jewellery, Ole Lynggaard Copenhagen, Omega, Piaget, Panerai, Breitling, Cartier, IWC, Jaeger-LeCoultre, Rolex, TAG Heuer, Tudor, Ulysse Nardin, Zenith, Gucci, Baume & Mercier, FOPE, Raymond Weil, Mido, Rado, Tissot, Certina, Kalevala Koru, Georg Jensen, Chopard.
Our business partners may process your personal data only for marketing measures carried out on our behalf. We always ensure that our partners do not process the personal data transferred to them for any other purposes.
We may also be required to share your personal data with competent authorities in accordance with legislation concerning the processing of personal data.
8 Transfers of Your Personal Data outside the EU or European Economic Area
We do not transfer your personal data outside the European Union or European Economic Area.
9 Principles for the Retention of Your Personal Data
We retain your personal data in the Data Filing System in accordance with the following principles: The retention period separately for each category of personal data; for the customers and potential customers or the criteria for determining the retention period: E.g. the personal data of our customers shall be retained for as long as the customer relationship exists. After the termination of the customer relationship your personal data shall be retained for a maximum of one year following the termination of the customer relationship. The personal data of our potential customers shall be retained in the Data Filing System for as long as you hold a position to which our marketed product or service is related, provided that you have not prohibited direct marketing. In such case information on the prohibition of direct marketing can be retained in the Data Filing System. Your personal data may be retained for longer if applicable legislation or our contractual obligations towards third parties require a longer retention period.
We may, as a part of the personal data processing activities, perform automated profiling of data subjects in order to enhance marketing and present you with marketing messages better suited to your interests. You have, at all times, the right to object to profiling in accordance with Section 11 below.
11 Rights of a Data Subject in Relation to the Processing of Personal Data
As a data subject you have the right, at any time, to object to the processing of your personal data for direct marketing purposes and profiling. You may give us channel-specific consents and prohibitions concerning direct marketing (e.g. prohibit marketing messages sent by e-mail but allow marketing messages sent by mail).
In addition, you have the right to, according to applicable data protection legislation, at any time:
- be informed about the processing of your personal data;
- obtain access to data relating to you and review your personal data we process;
- require rectification and completion or erasure of inaccurate and incorrect personal data;
- withdraw your consent and object to the processing of your personal data in so far as the processing of your personal data is based on your consent;
- object to the processing of your personal data on grounds relating to your particular situation in so far as the processing of your personal data is based on our legitimate interest;
- receive your personal data in a machine-readable format and transmit those data to another controller (provided that you have delivered us such data yourself, we process such personal data based on an agreement or your consent and the processing of personal data is carried out by automated means); and
- obtain a restriction of processing of your personal data.
If you withdraw your consent, it will not affect the lawfulness of the processing based on consent before its withdrawal. You may withdraw your consent in accordance with section “Contacts” below. The only impact caused by withdrawal of your consent is that we will not be able to send direct marketing to you or conduct profiling and target marketing to you and in this way improve the quality of marketing to you.
You should present your request for exercising any of the aforementioned rights in the manner described in the ‘Contacts’ Section of this data protection record. We may ask you to specify your request in writing and to verify your identity before processing the request. We may refuse to fulfil your request on grounds set out in applicable data protection legislation.
You also have the right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the EU member state of your habitual residence or place of work, if you consider that we have not processed your personal data in accordance with applicable data protection legislation.
12 Principles of Data Security
We respect the confidentiality of your personal data. Description of data security measures: E.g. tangible material containing personal data shall be kept under lock and key in a space to which only separately appointed persons have access. Personal data processed digitally are protected and stored in our information system accessible to persons on a need-to-know basis only. Such persons have personal user credentials and passwords.
13 Information on Cookies and Similar Technologies
We use Google Analytics on our website www.lindroos.fi in order to analyse, how users use the website www.lindroos.fi. Google Analytics is a web analytics service offered by Google Inc. (“Google”) that functions by using cookies. Please note that Google’s terms and conditions are applied to cookies installed by Google. More information on Google’s terms and conditions can be found from https://www.google.com/policies/privacy/partners/. You can prevent the use of Google Analytics on your terminal(s) by contacting us in accordance with Section 14 below. Please note that if you decide to prevent the use of Google Analytics, it may affect your use of website www.lindroos.fi and hinder the functioning of its properties and functions.
All requests concerning the use of the rights mentioned above, questions about this data protection record and other contacts should be made by e-mail addressed to the data protection officer to the address firstname.lastname@example.org. You may also contact us in writing:
Oy Osk. Lindroos Ab
Aleksanterinkatu 48 A
00100 Helsinki, Finland
If you wish to withdraw your consent for direct marketing and newsletters, it can be done by clicking on a link found in each direct marketing message.