Holmberg Brands OY (”Terinit” or ”we”) processes online customers’ personal data for the managing and processing of orders and deliveries, managing customer relations and for direct marketing purposes. We also process the information of online visitors for trend detection and analytics.
Your chosen payment service provider is the controller in regard to any payment transactions data. The Privacy Policies of these service providers are available on their websites:
Controller’s contact details:
Holmberg Brands Oy
Melkonkatu 16 A, 2 krs
COLLECTED PERSONAL DATA
We collect the following information of our registered users or online customers:
- first and last name
- email address
- postal address
- phone number
- order and delivery history
- payment method
- possible communication history
- returns, complaints or claims
- direct marketing opt-ins or restrictions
- company name and business id of business customers.
We may also process technical data of all the online visitors that may in certain situations identify you and qualify as personal data, including the following:
- IP address
- operating system
- device type
- products searched in the online store
- browsing history and URL route in the online store.
Paytrail stores IP-address, payment method and payment time & date during the payment process.
COOKIES AND ANALYTICS TOOLS
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
A cookie is a small text file saved in the user’s computer. If you don’t want to save cookies on your computer, you can prevent cookies in your browser settings. In that case we cannot guarantee that our site will functions in the best way possible.
SOURCES OF PERSONAL DATA
We primarily receive personal data directly from you in connection with your order or registration.
Technical analytics data is saved automatically from online visits.
THE PURPOSES AND LEGIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA
Personal data may also be used for the following purposes of use in accordance with legislation and applicable consents:
Facilitating orders and deliveries
We process personal data to process, confirm and deliver orders. Personal data may also be processed in situations concerning order’s or product’s reclamation or warranty.
Customer communication and customer care
The customer’s data may be used for customer service, communication and to control and maintain customer relationship.
If you contact our customer service, we will use the given data to response to questions and solve possible problems and processing of your message.
Direct marketing and market research
If you have ordered our newsletter or in any other way expressed you want to receive direct marketing material, we may process your personal data in order to send you direct marketing material such as information about our products and current offers and events. With your consent we may also contact you for market research purposes.
Legal grounds for processing personal data
We process personal data to take care of our obligations based on a contractual relation towards you or to facilitate pre-contractual steps. In certain cases we process personal data to fulfil our legal obligations, for example when we are obliged to store order and transactions data for accounting purposes. We also process personal data on the basis of consent when you have given your consent for the processing of personal data and on the grounds of our legitimate interests to maintain and develop our business, for example for the purposes of collecting website analytics.
We do not store personal data longer than is legally permitted or as it is necessary to meet the purposes of use above. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use.
Storage periods reflect the time reasonably necessary for our legitimate interests for example for claims handling, internal reporting, marketing and reconciliation purposes.
Due to accounting legislation we are also required to store all material relating to our transactions for the period as defined by the law.
We will store Analytics Data relating to the Services 36 months.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
We primarily store personal data inside the European Economic Area.
However, in some situations we may transfer personal data to be processed outside of this area. In these cases we will ensure that your data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements such as the Privacy Shield framework.
THE RECIPIENTS OF PERSONAL DATA
We do not share your personal data with third parties outside of Terinit’s organization unless one of the following circumstances applies:
For legal reasons
We may share personal data with third parties outside Terinit’s organization if access to the personal data is reasonably necessary to: (i) meet applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, identity theft, money laundering, terrorism financing or information security or technical difficulties; or (iii) ensure any other purpose required by public interest in accordance with the law.
To authorized service providers
For other legitimate reasons
With your explicit consent
We may share personal data with third parties outside Terinit’s organization for other reasons than the ones mentioned before, when we have your explicit consent to do so. You have the right to withdraw such consent at any time by contacting us.
THE RECIPIENTS OF PERSONAL DATA
Right to access
You have the right to access your personal data processed by Terinit. You may contact us to find out what personal data we process and for which purpose we use it.
Right to correct
You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored corrected or completed. By contacting us you can update for example your contact information or other information.
Right to deletion
You may ask us to delete your personal data. We will comply with your request unless we have a legitimate ground to not delete the data. Such ground may be for example an obligation to keep certain data due to accounting legislation or a requirement to store order information to verify your product warranty.
Right to object and right to restrict
You have a right to resist the processing of your personal data or profiling, if your data is being processed for direct marketing. You have a right to demand the limitation of your personal data among other things when the data concerning you is not true. In addition in certain special situations you have a right to resist the processing of your personal data on the grounds of a personal special situation.
Right to data portability
You have the right to receive your personal data from us in a structured and commonly used format and to independently transmit data to a third party.
How to use your rights
If you want to use any of the above mentioned rights, please send us a letter or a secure e-mail with the following information: name, address, phone number and a copy of a valid ID. We may request additional information to confirm your identity.
We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
If you have given your consent to receive direct marketing for example by ordering a newsletter, we may send you notices concerning our products, offers and events.
You have the right to prohibit us from using personal data for direct marketing, market research or profiling by contacting us through the contact information pointed above or by using the ubsubscribe option included in all direct marketing messages.
We have implemented administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability.
Access to personal data is limited to authorized persons on a need-to-know basis. The personal data is protected with appropriate access controls, user rights and passwords.
Should despite of the security measures, a security breach occur that is likely to have negative effects on your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.
LODGING A COMPLAINT
You have the right to lodge a complaint to the supervisory authority, if you consider Terinit’s processing of personal data to be inconsistent with the applicable data protection laws.