Consumer customer online store data security
Declaration of data security principles
Created February 13th 2019
Summary
Tammer Brands oy (seller) operates online stores for consumers under various brand names. Regular operation of these services requires us to gather personal information, which are handled with care and are used only for the operation of the online store.
Controller data
Tammer Brands oy (VAT FI01536341)
Viinikankatu 36
33800 Tampere, Finland
Phone +358 3 2521 111
email ciso@tammerbrands.fi
Data protection matters are handled primarily by CISO Kyuu Eturautti
List of data files
These principles govern all consumer targeting online stores operated by the seller, starting from the beginning of February 2019. These stores are listed below. The list may be modified as needed, and these modifications are not considered major changes to this document.
- Rento – www.rentosauna.fi
Each online store operates technically as an independent entity, and data is not transferred between them.
Purpose of data files
Customer information is gathered for the purpose of delivering orders, handling payment and to manage any possible immediate disputes retaining to the purchase. Information is stored for a maximum of 6 months time from the purchase event. This retention time may be extended only if required for handling an ongoing dispute, or if valid law requires it.
Data content and source
We will only gather information required to complete the transaction. This includes the customer’s name, address, email address, telephone number, contents of the shopping cart and payment method.
Details of the payment are not handled within the online store, but only via a third party payment facilitator. The online store only contains verification of completed payment.
The source for all data content is information provided by the customer. Additional generic technical information may be logged automatically by the system, including IP address and browser information.
Third party services
Parts of our online store experiences are provided by third parties.
Statistics of the website usage may be gathered via Google Analytics. The customer may choose to opt out of Google Analytics data gathering with a downloadable plugin. For more information, see https://tools.google.com/dlpage/gaoptout?hl=en-GB
Payment services are provided by Paytrail Plc. For more information, see https://www.paytrail.com/en
Facilitation of delivery is processed by Consignor. For more information, see https://www.consignor.co.uk/
Data transfer
Data will not be disclosed to third parties, with the exception of parties listed above, and authorities with the relevant permissions.
Data may be used for long term statistical handling in such a way that individual people can not be identified from this data.
Data from the online store will not be disclosed outside of the European Union or the European Economic Area. The online store technical infrastructure is located in Finland. The third parties providing services as part of this store have additional data security principles, providing information on their methods.
- Google: https://policies.google.com/privacy
- Paytrail: https://www.paytrail.com/en/data-privacy-notice-paytrail-payment-service
- Consignor: https://www.consignor.co.uk/data-security/
Protection and principles of data handling
The data’s physical locations are protected using efficient access control and theft prevention systems.
Right of access
Everyone has the right to request access to any information stored on them on the online store data systems. Please make your request to the controller.
Right to rectification
Everyone has the right to request rectification of inaccurate personal data stored on the online store. Please make your request to the controller.
Other rights
Everyone has the right to request that their personal data be deleted from the online store. The controller will perform the data removal in a reasonable time span, as long as it does not adversely affect the processing of an ongoing product purchase or delivery. Should this be the case, the personal data will be deleted within 30 days from the date that the ongoing purchase and delivery can be considered completed.