Registry and Privacy Statement

PRIVACY POLICY

This is a registry and Privacy Statement in accordance with the 4Beauty Finland Online Store Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).

Prepared on 10.02.2019.

1. The controller

2. Name of the register

3. Purpose of the processing of personal data

4. Legal bases for the proceedings

5. Information content of the register

6. Regular sources of information

7. Retention period of personal data

8. Recipients of personal data and regular disclosures

9. Data transfer outside the EU or the EEA

10. Registry Security Principles

11. Rights of the data subject

12. Google analytics

1. The controller

Avia Line Oy
Ylästöntie 115B, 01690 Vantaa
Business ID: 2211126-2

 

2. Name of the register

Online store 4Beauty Finland customer and direct marketing register

Basis for processing personal data

The basis for the processing of personal data is the customer relationship between 4Beauty Finland and the customer, the customer's consent or other material connection.

3. Purpose of the processing of personal data

The customer's personal data may be processed for the following purposes:

Personal data is processed for purposes related to the management, administration and development of the customer relationship, the provision and delivery of services, and the development and invoicing of services. Personal data will also be processed for the purposes of clarifying possible returns, complaints and other claims.

In addition, personal data is processed in communications to customers, such as for information and news purposes and in marketing, as part of which personal data are also processed for purposes related to direct marketing and electronic direct marketing.

The customer has the right to prohibit direct marketing directed at him.

The controller processes the data itself and utilizes subcontractors acting on behalf and for the account of the controller in the processing of personal data.

Processing tasks may be outsourced to service providers outside the controller in accordance with and within the limits set by data protection legislation.

4. Legal bases for the proceedings

The legal bases for the processing of personal data are the following in accordance with the EU General Data Protection Regulation (hereinafter "GDPR"):

  1. the data subject has consented to the processing of his or her personal data for one or more specific purposes (Article 6 1.a of the GDPR);

  2. processing is necessary for the performance of a contract to which the data subject is a party or in order to take pre-contractual measures at the request of the data subject (Article 6 (1b) GDPR);

  3. processing is necessary for the legitimate interests of the controller or of a third party (Article 6 (1f) GDPR).

The data subject's legitimate interest referred to above is based on a relevant and appropriate relationship between the data subject and the data controller as a result of the data subject's processing and the processing for purposes which the data subject could reasonably have expected at the time of collection.

5. Information content of the register

The register contains the following personal data on basically all registered persons

1. Information provided by the user or personally identifiable

  • Name

  • Contact information such as address, email address and phone number

  • Payment information, including credit agreements and other billing information

  • Information concerning the person's company or other organization and the person's position or job title in question. in a company or organization

  • Permissions and Prohibitions on Individual Marketing

2. Information on the use of the services observed and derived from analytics

  • Purchase history, e.g. ordered products and their price information

  • Delivery information, such as the selected delivery method and delivery address

  • Product Reviews

  • E-commerce usage and browsing information as well as terminal identification information

  • Product recommendation and other information and tags used in targeted content

Providing identification, contact and payment information is mandatory when purchasing through the 4Beauty Finland online store.

6. Regular sources of information

Personal data is collected from the registered person himself.

Personal data shall also be collected and updated, within the limits of the applicable law, from publicly available sources related to the performance of the customer relationship between the controller and the data subject and through which the controller fulfills its responsibilities for the maintenance of the customer relationship.

7. Retention period of personal data

The data collected in the register shall be kept only for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data were collected.

The need to retain personal data is assessed every three years. Accounting documents will be kept for five years from the end of the financial year and emails will be deleted as soon as the matter is deemed closed.

The controller shall regularly assess the need for data retention in accordance with its internal code of conduct. In addition, the controller shall take all reasonable steps to ensure that personal data which are inaccurate, erroneous or out of date for the purposes of processing are deleted or rectified without delay.

At the customer's request, personal data concerning him or her may be deleted or anonymised from 4Beauty Finland's online store systems. The delete and anonymize operation is irreversible, deleted customer accounts can no longer be restored.

8. Recipients of personal data and regular disclosures

We will pass on some of the necessary information to third parties to handle the delivery of your order. The information necessary to handle the delivery includes the name and address and, if necessary, the telephone number and / or e-mail address.

Your information will also be passed on to the payment service providers, depending on the payment method you choose.

9. Data transfer outside the EU or the EEA

Personal data contained in the register will not be transferred outside the EU or the EEA. Usage information for Facebook buttons is sent to Facebook.

10. Registry Security Principles

Materials containing personal data shall be kept in locked premises accessible only to designated and authorized persons.

The database containing personal data is held on a server, which is stored in a locked state, which can only be accessed by designated and authorized persons. The server is protected by an appropriate firewall and technical protection.

Access to databases and systems is only possible with separately issued personal usernames and passwords. The controller has limited the access rights and authorizations to the information systems and other storage media so that the data can only be viewed and processed by persons who are necessary for their lawful processing.

The employees of the controller and other persons have undertaken to observe professional secrecy and to keep confidential the information they receive in connection with the processing of personal data.

11. Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

  1. the right to obtain from the controller confirmation that personal data concerning him or her are being processed or not being processed and, if such personal data are being processed, the right to have access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or groups of recipients to whom the personal data have been or are intended to be disclosed; (iv) where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period; (v) the right of the data subject to request the controller to rectify or delete personal data concerning him or her or to restrict or object to the processing of personal data concerning him or her; (vi) the right to lodge a complaint with the supervisory authority; (vii) if personal data are not collected from the data subject, all available information on the origin of the data (Article 15 GDPR). This described basic information (i) - (vii) will be provided to the registrant on this form;

  2. the right to withdraw consent at any time without prejudice to the lawfulness of the processing carried out prior to the withdrawal (Article 7 of the GDPR);

  3. the right to have inaccurate and incorrect personal data concerning the data subject rectified by the controller without undue delay and the right to have incomplete personal data supplemented, inter alia by providing additional information taking into account the purposes for which the data were processed (Article 16 GDPR);

  4. the right to have the controller delete personal data concerning the data subject without undue delay, provided that (i) the personal data are no longer needed for the purposes for which they were collected or for which they were otherwise processed; (ii) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing; (iii) the data subject objects to the processing on the basis of his or her specific personal situation and there is no valid reason for the processing or the data subject objects to the processing for direct marketing purposes; (iv) personal data has been processed unlawfully; or (v) personal data must be deleted in order to comply with a legal obligation to which the controller is subject under Union law or national law (Article 17 GDPR);

  5. the right to have the controller restrict the processing if (i) the data subject contests the accuracy of the personal data, in which case the processing shall be limited to the period during which the controller can verify their accuracy; (ii) the processing is unlawful and the data subject opposes the deletion of personal data and instead requests that their use be restricted; (iii) the controller no longer needs such personal data for the purposes of processing, but the data subject needs them to establish, present or defend a legal claim; or (iv) the data subject has objected to the processing of personal data on the basis of his or her specific personal situation pending verification that the data subject's legitimate reasons override the data subject's rights (Article 18 GDPR);

  6. the right to have personal data concerning him or her provided to the controller by the data controller in a structured, commonly used and machine-readable form and the right to transfer such data to another controller without the consent of the controller to whom the processing is based on the consent and automatic processing (GDPR 20 art.);

  7. the right to lodge a complaint with the supervisory authority if the data subject considers that the processing of personal data concerning him or her violates the general EU data protection regulation (Article 77 GDPR).

Requests for the exercise of the data subject 's rights shall be addressed to the controller' s contact person referred to in paragraph 1.

12. GOOGLE ANALYTICS

This website uses Google Analytics, provided by Google Inc. ("Google") to track users. The javascript code of the tracking program is run on the service with each page load. Google Analytics identifies the user as. cookies, which are text files that your browser stores on your computer. Information about your use of the Site is transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of compiling reports on the use of the website in order to compile visitor statistics and improve service. At no point will the statistics be combined with the user's registration information or other information entered by the user on the site. Google may provide this information to third parties where required to do so by law, or through any third party subcontractors. The user can block the use of cookies by selecting blocking cookies in their browser settings. In this case, the user may not be able to use all the functionalities of the site. By using these websites, you consent to the collection of data by Google for the purposes set out above.