Data protection
Register Description in accordance with Section 10 of the Personal Data Act (523/99).
Bobbi.fi customers personal data is collected to customer register upon registration and ordering. The registery description explains what information are collected about customers and what it is used for.
1. Registrar
Bobbi.fi (Emilis Oy)
Kerttulinkatu 12 M 1
20500 Turku
Finland
bark@bobbi.fi
www.bobbi.fi
2. Contact information regarding data protection
Emilia Söderholm
+358447887022
bark@bobbi.fi
3. Name of the register
Bobbi asiakasrekisteri (Bobbi customer register)
4. Purpose of the processing of personal data
Bobbi.fi is handling personal data to handle and maintain customer relations, customer feedback and customer communications. Bobbi may utilize terminal location to display targeted advertising. User can cancel the utilization of location from its device.
Personal data can be used for marketing purposes. Marketing can be segmented and the registerd customer can be profiled for marketing purposes. Profiling can be done based on customers previous purchases or interests which may be stated by the customer or based on the customers intrests.
5. Legal basis for the proceedings
Bobbi.fi has the right to handle customers personal information is based on the legitimate interest generated by the customer relationship. Bobbi can handle personal information also on the basis of consent.
6. Processed personal data
Bobbi can collect and handle the following information:
- first and last name
- postal address
- phonenumber
- date of birth
- personal identity number (with consent)
- direct marketing authorizations and prohibitions
Bobbi.fi can also handle following information about the customer:
- information about registration and termination of registration
- purchase information made while registered
- information on the method delivery and payment
- information related to payment, invoicing and collection
- information related to customer communications, such as feedback and complaints
- information about bobbi.fi -users obatined by cookies
- information about contents the customer has created in the online services such as updating your own information or product reviews
7. Collection of personal information
The personal information Bobbi is collecting is mainly given from the customers for example as registering to the shop. Information can be also collected electronically by cookies.
8. Cookies
Cookie is a small text file that is stored on the user’s device via browser. The cookie contains a unique but anonymous identifier. Bobbi.fi is able to use cookies to collect information about the use of the service and to improve the user experience.
The user can manage cookies and block cookies from browser settings. The user is considered to have accepted the use of cookies used in the service if the user has not blocked them and continued to use the service.
9. Disclosure of personal data
Personal data will not be handed over to third parties nor will them be transferred outside EU or ETA areas.
Handling of the personal data has been outsourced to selected service providers such as delivery and invoicing companies or direct marketing companies.
Otherwise, personal data may only be disclosed to the extent permitted and required by applicable law. If the trasfer outside the EU or the ETA is necessary for the purposes of the processing of personal data or for the technical implementation of the processing, the transfer shall comply with the requirements of data protection law and use standard data protection clauses adopted by the comission.
10. Retention period of personal data
Personal data shall be kept for as long as necessary for the purposes of the processing of personal data or to comply with the legal obligations of the controller. Accounts not used for more than 12 months will be automatically deleted.
11. Security of processing
Personal data are stored in the controller’s electronic system, to which access is granted only to those specific, pre-defined persons belonging to or acting on behalf of the controller who need access to the system for work or other similar reasons. The system is protected by firewalls and other technical means.
Bobbi will use reasonable efforts, such as firewalls and other technical means, to protect the personal information being processed from unauthorized access and other unlawful processing.
12. Customer rights
Right of access to information
The customer has the right to receive confirmation from the controller whether personal data concerning him or her are being processed. The customer also has the right to receive a copy of his or her personal data and information on the processing of personal data in accordance with the Data Protection Regulation.
Right to rectification of data
The customer has the right to ask the data controller to correct inaccurate and incorrect data concerning the data subject without undue delay. In addition, the customer has the right to have incomplete personal information supplemented. A registered customer can also correct their own data by logging in to their data in the registrar’s online service.
Right to delete data
The customer has the right to have the controller delete the personal data of the data subject without undue delay if:
- personal data are no longer needed for the purposes for which they were collected or for which they were otherwise processed
- the data subject withdraws the consent if the processing is based on the consent
- the data subject objects to the processing of his or her personal data on the basis of his or her specific personal situation and there is no valid reason for the processing or the data subject objects to the processing of his or her personal data for direct marketing purposes
- the controller has processed personal data unlawfully
- personal data must be deleted in order to comply with the legal obligation applicable to the controller
- data on the data subject have been collected while the data subject is a minor
Right to restrict processing
The Customer has the right to have the controller restrict the processing of personal data so that, in addition to storage, personal data may only be processed with the Customer’s consent or for the purpose of filing, drafting or defending a legal claim or protecting another person’s rights if:
- the data subject contests the accuracy of the personal data, in which case the processing is limited for the duration of the verification of the accuracy of the data;
- the controller processes the personal data unlawfully and the data subject opposes the deletion of the personal data and instead requests that the use of the personal data be restricted;
- the controller no longer needs personal data for the purposes of processing, but the data subject needs them to present, draw up or defend a legal claim;
- the data subject has objected to the processing of his or her personal data on the basis of his or her specific personal situation and is awaiting a determination as to whether the legitimate interests of the controller override the grounds for objecting to the Customer;
The right to transfer data from one system to another
If the data subject has himself provided his personal data to the controller, the data subject shall have the right to obtain such personal data in a structured, commonly used and machine-readable form and to transfer such data to another controller if:
processing is performed automatically; and
the processing is based either on the Customer’s consent or the processing of the Customer’s personal data is necessary for the implementation of the agreement or for the implementation of pre-contractual measures at the Customer’s request
The right to transfer data from one system to another is limited to a procedure that does not adversely affect the rights or freedoms of others.
Right to withdraw consent
To the extent that the processing is based on the consent given by the Customer, the Customer has the right to withdraw the consent at any time without affecting the legality of the processing carried out on the basis of the consent before the withdrawal.
Exercise of rights
A request for the exercise of rights must be made in writing and signed. Alternatively, the request may be made in person at the controller. If necessary, the controller may request additional information from the data subject to confirm his / her identity.
If the Customer’s requests are manifestly unfounded and unreasonable (eg less than one year has elapsed since the previous request for access to the data), the controller has the right to charge a reasonable fee for the execution of the request for compensation.
13. The right to object to the processing of data for direct marketing purposes and otherwise
The customer has the right to object to the processing of his personal data for direct marketing purposes and for market and opinion research. The processing of personal data for the purposes of direct marketing and direct marketing, as well as the processing for market and opinion polls, shall cease after the exercise of the right of objection.
The customer has the right to object to the processing of his or her personal data on the basis of his or her specific personal situation, if there is no valid reason for the processing.
A ban on direct marketing can be made when doing business in an online store, when registering as a customer of an online store, using a prohibition link provided in a newsletter or otherwise contacting the registrar. A registered customer can make a ban by logging in to their own customer data in the registrar’s online service.
If the Customer wishes to object to the processing of data other than for direct marketing, the request must be submitted as described in clause 10 above.
Right to appeal to the supervisory authority
The customer has the right to lodge a complaint with the supervisory authority, in particular in the Member State where the customer is domiciled or employed or where the alleged breach has taken place, if the data subject considers that the processing of personal data violates the customer’s rights under the Data Protection Regulation. In Finland, the supervisory authority is the Office of the Data Protection Commissioner.
Contact
Please do not hesitate to contact our customer service with the form below.