Privacy policy
Privacy Policy Notice for Oy Roberts Ab Customers
Updated 1.4.2020
Controller
Company name (company ID)
Oy Roberts Ab
Inkilänkatu 3
20300 Turku
(hereinafter “we”)
Contact person for customer registration matters
Siv Böhling
Name of the register
CUSTOMER REGISTER
What is the purpose and legal basis for the processing of personal data?
The legal basis for the processing of personal data is our legitimate interest based on the customer relationship.
The purposes of processing personal data are:
the delivery and development of our products and services;
the fulfillment of our contractual and other promises and obligations;
the management of customer relationships.
What data do we process?
In the customer register, we process the following personal data of customers or other data subjects:
the data subject’s basic information*, such as first name, customer number, surname, address, telephone number, mobile phone number, email address, order history, and order tracking information;
information about the company and the company’s contact persons*, such as company ID, names of contact persons, and contact information;
information about customer relationships and contracts, such as previous and current contracts and orders.
The personal data marked with an asterisk is mandatory. Without the required information, we cannot provide the product and / or service.
Where do we obtain the data from?
We mainly obtain information from the following sources: personal data provided by the customer, the population register, government authorities, credit information companies, contact information service providers, and other similar reliable sources.
For the purposes described in this privacy notice, we may also collect and update personal data from publicly available sources, based on information received from authorities or other third parties, within the limits of applicable legislation. Such data updates are carried out manually or automatically.
To whom do we disclose the data and do we transfer the data outside the EU or EEA?
We do not disclose data from the customer register to external parties. We may disclose your personal information, with your consent, to external parties with whom we cooperate in matters related to claims and complaints.
We use subcontractor services that process personal data on our behalf. We have entrusted IT management to an external service provider that stores our customers’ personal data on its secure and well-managed server.
Personal data is not transferred outside the EU / EEA.
How do we protect the data and how long do we keep it?
The controller’s database and files are protected by standard technical measures. Access to the customer register requires a personal username and password, which are granted only to those of our employees who are authorized to process customer data as part of their duties.
We store data only for as long as it is necessary for the purpose of the data processing.
We assess the necessity of data retention in light of applicable legislation. In addition, we ensure that the register does not contain incompatible, outdated, or inaccurate personal data in relation to the purpose of the processing. If an error is detected, we immediately correct or delete such data.
What are your rights as a data subject?
You have the right to inspect the personal data stored about you in the register and the right to request the correction or deletion of such data. If you have access to your data, you may also edit it yourself. Insofar as the processing of data is based on your consent, you also have the right to withdraw or change your consent. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal of consent.
You have the right to object to or request the restriction of the processing of your data and to lodge a complaint with a supervisory authority.
In a special situation, you also have the right to object to other processing activities where the legal basis for processing is legitimate interest. In your request, you must identify the specific situation on the basis of which you object to the processing of data. We may reject such a request only on legal grounds.
Who is your contact person for data processing matters?
All questions and requests concerning this privacy policy may be submitted in writing or in person to the person mentioned in the second (2.) section of this Privacy Policy.
Payment processing is provided by the payment platform makecommerce.lv, therefore our company transfers the personal data necessary for the execution of payments to the platform owner, Maksekeskus AS.