23rd July 2019
1. Data controller
Olivia Klein Oy
Company ID: 2868533-9 (Finland, EU)
Address: PL 245, 00131 Helsinki, Finland
2. Processing of data
We collect and process the following types of personal data:
2.1 Customer register
By creating an account in the Olivia Klein shop, you provide us with your email address and consent to it being saved in the Olivia Klein customer register. The email address is used to create and manage your account and will not be used for marketing purposes. You can also voluntarily add the following personal information to the account, so that it can be used to process your orders:
- Full name
- Phone number
When you place an order in the Olivia Klein shop, a contract is formed between you and Olivia Klein Oy. So that we can fulfill our obligations under the contract (successfully process and ship your order), we request you provide the following personal information, which is saved in the Olivia Klein customer register:
- Full name
- Phone number
- The contents of your order, order tracking information and order history
2.2 Personal data collected via contact form or email
When you send us a message either by email or by using our contact form, you consent to your email address and the message contents being processed for customer service purposes. Correspondence relating to customer service requests are not separately collected or saved in the customer register. Your email address will only be used to reply to your enquiry, and it will not be used for marketing purposes.
2.3 Personal data collected automatically when browsing the website
- Data about your device and browser
- Your IP address
- Your activities on our website (e.g. what pages you are viewing)
- The time and duration of your visit
3. Recipients of the personal data
We adhere to legal limitations and requirements when sharing your personal data. We only share your personal data insofar as it is necessary. Your personal data is received by the following individuals/operators:
- Olivia Klein Oy employees, who require the data in order to fulfill their duties (including processing and shipping orders and providing customer services)
- Our payment service provider (Paytrail Oyj) in order to process payments. Olivia Klein Oy does not by itself process or save your payment information
- If and when necessary, competent authorities, who have a legal right to receive the data
4. Transfer of personal data to a third country or international organisation
IP-anonymised tracking data is transferred to the Google Analytics service (https://analytics.google.com/). Google is part of the EU-US Privacy Shield arrangement. We do not transfer any other personal data to third countries or international organisations.
5. Storage period
We store your personal data only for as long as it is absolutely necessary for the operation of our online shop, for the provision of customer services and for fulfilling our contractual and legal obligations. Please see below for the exact periods for which we store different personal data.
Your customer account is active for as long as you use it and the personal data it contains is retained for as long as your account is active. An account that has not been used for one (1) year is deleted from our customer register automatically.
In order to fulfill our obligations under accounting law, we store order information for six (6) years, starting from the end of the calendar year in which the order was placed.
We save information on failed orders for three (3) days, after which they are deleted from our customer register automatically.
In order to fulfill our obligations under accounting law, we store payment information for six (6) years, starting from the end of the calendar year in which the payment was made.
Tracking cookie data
We store personal data collected by Google Analytics tracking cookies for fourteen (14) months, after which they are deleted automatically.
6. Rights of the data subject
As the data subject, you have the following rights under the EU General Data Protection Regulation. You can submit a request to enforce any of your rights by sending us an email or letter. We will provide you with information of the actions we have taken at your request, without undue delay and at the very latest within one (1) month of receiving your request. If necessary, we may ask you to provide further information so that we can verify your identity.
If we received your request by letter, we will send you paper copies of the information you requested to your return postal address. If we received your request by email, we will send you the information you requested in a commonly used digital format.
Right of access
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information contained in Article 15 of the General Data Protection Regulation.
Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
- You withdraw consent for the processing of the data for one or more specific purposes and there is no other legal ground for the processing
- You object to the processing on grounds relating to your particular situation and there are no overriding legitimate grounds for the processing
- We have unlawfully processed your personal data
- The personal data have to be erased for compliance with a legal obligation to which we are subject
Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies:
- You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
- Olivia Klein Oy no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims
- You have objected to processing on grounds relating to your particular situation, pending the verification whether our legitimate grounds override yours
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is carried out by automated means or is based on consent you have given (such as registering a customer account) or a contract (such as abiding by order terms and conditions).
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on consent. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You also have the right to object at any time to processing of personal data concerning you for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority (in Finland, with the Data Protection Ombudsman) if you feel we have infringed upon your legal rights when processing your personal data.
7. Is it necessary to provide personal data?
In order to register an account, we require a valid email address so that it is possible for you to access and manage the account, restore lost passwords, and so that we can verify your ownership of the account if necessary (for example, if you request its removal).
In order to process and ship orders, we require all of the personal data requested on the checkout page. If you do not provide us with this information in full, it is not possible for us to ship your order or process sales.
Securing your personal data is very important to us. Our digital customer register is secured using appropriate technical means and all our site traffic is SSL encrypted. If a personal data breach, which is likely to result in a high risk to your the rights and freedoms, occurs, we will notify you by email without undue delay.
- Using data collected by tracking cookies to analyse visitor traffic (Google Analytics)
- Saving the contents of your shopping cart, so that you can resume shopping at a later time
- Saving your language preference, so that you can browse the website in your preferred language
- Synchronising your language selection and shopping cart, so that it functions in your preferred language
- Keeping your account logged in, if you so wish
- Recording failed log-in attempts for information security reasons
10. Right to make changes