PRIVACY POLICY

This policy sets out how we use your information and provides you with information about the personal data we collect, how we keep it secure, how we ensure your privacy is maintained and your rights relating to the personal information we hold about you. This policy applies to you if you purchase or use any of our products or services, if you visit our stores or shop online or use your mobile device and provides you with information about:

WHO WE ARE

THE TYPES OF PERSONAL DATA WE COLLECT

HOW WE USE PERSONAL DATA

WHO WE SHARE PERSONAL DATA WITH

TRANSFERS OF PERSONAL DATA

OUR USE OF COOKIES

HOW WE PROTECT PERSONAL DATA

HOW LONG WE KEEP PERSONAL DATA

YOUR RIGHTS

THE LEGAL BASIS FOR USING PERSONAL DATA

HOW TO CONTACT US

LINKS TO OTHER WEBSITES

POLICY UPDATES

WHO WE ARE

IP-Agency FInland Oy is a company incorporated in Finland (referred to as “we” or “us” in this policy).

We understand that privacy and the security of your personal information is extremely important and we are committed to maintaining the trust and confidence of the visitors to our websites and our customers by keeping your personal data secure and respecting your privacy rights.

We will always handle your data fairly and legally and are committed to being transparent about the data we collect and how we use it.

We don't rent or trade information about you with other organisations and businesses.

THE TYPES OF PERSONAL DATA WE COLLECT

We may collect the following information about you:

• your name

• your age or date of birth

• your gender

• your contact details (postal, billing and delivery addresses, telephone numbers and e-mail address)

• details of your purchases and orders

• information about any services we provide to you

• your on-line browsing activities on our websites

• your account login details, including user name(s) and password(s)

• when you purchase or order products and services, your bank account or payment card details

• your communication and marketing preferences

• your interests, preferences, feedback and survey responses

• your location

• your IP address

• your device ID and other details such as make and model and the apps you use

• your correspondence and communications with us

• publicly available personal data, including any you have shared via public platforms and social media.

The types of data listed above is not exhaustive and, in some instances, we may need to collect additional data for the purposes set out in this policy or to provide you with certain products and services.

We may collect some of the above personal data directly from you, for example when you set up an account on our websites, or send an email to our customer services team. Other personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.

HOW WE USE PERSONAL DATA

The information we collect may be used to:

• provide products and services to you

• process your orders

• take payment from you or provide you with a refund

• manage any account(s) that you hold with us

• manage any reward or loyalty programs you participate in

• verify your identity and ensure that our customers are genuine

• detect and/or prevent crime or fraud, and related purposes

• carry our statistical analysis

• conduct market research

• help us understand more about you as a customer

• personalise your shopping experience

• tailored our websites to you

• improve our services, stores, apps and websites

• contact you about products and services

• provide online advertising

• help answer your questions and solve any issues you have

• manage customer service interactions with you

We will only use your personal data for marketing purposes with your consent. We may do this by post, email, text message, online or through social media, push notifications via apps, or other electronic means and will aim to update you only about those products and services you are interested in or which relevant to you.

You may amend your marketing preferences and have the right to opt out of receiving promotional communications at any time, by:

• changing the marketing preferences on your account(s)

• clicking the “unsubscribe” link in our emails

• contacting us (see HOW TO CONTACT US)

We won't send you marketing messages if you tell us not to, but we will still need to send you occasional service-related messages.

WHO WE SHARE PERSONAL DATA WITH

We work with partners, suppliers, service providers and agencies and may need to share your personal information with them to provide certain services. However, we will only do so where they meet our standards for processing data and have confirmed that they have appropriate data protection and security controls in place. We will only share information with them that is necessary for them to provide services to us or directly to you and our contracts with them prevent them from using your personal information for any other purposes. These include:

• Supplier Partners - trusted partners who supply products and services on our behalf

• Delivery Partners - for you to receive the products you have ordered

• Payment Providers - who take and manage payments

• Credit Reference Agencies - to make sure you can manage the level of credit offered and prevent fraud

• Marketing Companies - who help manage our electronic communications with you

• IT Companies - who support our websites and information systems

We will not otherwise disclose your personal information to anyone else.

We will not sell or rent our customer data to other organisations for marketing purposes

TRANSFERS OF PERSONAL DATA

If you place an order with us and you are outside of Finland we will transfer your personal information to Finland.

Although your personal data will be held in Finnish data centres it is sometimes necessary for us to share your personal information outside of the European Economic Area (or the EEA), so that we can deliver products and provide services to you or to transfer your personal information to our group companies, suppliers or service providers based outside of the EEA for the purposes described in this policy. This will usually be the case when either you, your delivery address or our service providers are located outside the EEA.

If this happens, your personal information will continue to be subject to one or more appropriate safeguards set out in the law. We will ensure that the transfer will be compliant with data protection law and all personal information will be secure. Our standard practice is to use ‘standard data protection clauses’ for such transfers or ensuring that our suppliers sign up to an independent privacy scheme (like the US 'Privacy Shield' scheme). These methods have been approved by regulators to ensure adequate safeguards are in place.

OUR USE OF COOKIES

Our website, as any other, uses cookies to collect information.

This includes information about browsing and purchasing behaviour by people who access our websites. This includes information about pages viewed, products purchased and the customer journey around our websites.

Detailed information is set out in our Cookie Policy.

HOW WE PROTECT PERSONAL DATA

We are committed to keeping your personal information safe and secure and use appropriate security measures to protect your information including:

• encryption of data

• security controls to protect our information systems from external attack

• access controls to our information systems

• logical separation of our systems and information

• penetration testing of systems

• internal information security policies

• personal data and information security training for our employees

• security assessments of all our service providers who may handle your personal information

• never asking you for your passwords

• advising you never to enter your account number or password into an email or after following a link from an email.

We will never ask you for your passwords or to confirm your credit card or payment details via email.

HOW LONG WE KEEP PERSONAL DATA

Unless we are required to by law, we will not retain your data for longer than necessary for the purposes set out in this policy.

Different retention periods apply for different types of data, however the longest we will normally hold any personal data for is 3 years.

YOUR RIGHTS

You have the right to:

access your personal information

You can ask us to confirm what personal information we hold about you and how we use it, where we are obliged to provide copies of this personal information we will do so free of charge.

rectify your personal information

You can ask us to update and correct any out-of-date or incorrect personal data that we hold about you.

erase your personal information

You can ask us to delete information that we hold about you if you have withdrawn your consent, if that information is no longer needed for the purposes for which it was collected, if we are processing it unlawfully or in certain other circumstances.

stop or limit our processing of your personal information

You can object to us processing your personal information if we are not entitled to use it any more or if the processing is based on our legitimate interest (including profiling) where this does not override your rights, to have your information deleted if we are keeping it too long or have its processing restricted where you have contested the accuracy of the data, opposed the erasure of the data, you want us to retain the data so you can establish, exercise or defend legal claims, or you have objected to the processing, whilst a decision on overriding legitimate interests is pending.

withdraw consent

Where you have consented to us processing your personal information you may withdraw this consent at any time, including the right to opt-out of marking communications.

data portability

Where you have provided us with information in a structured, commonly used and machinereadable format which we process by automated means, you can receive this in a standard form or ask us to move or transfer that data to another service provider.

not be subject to automatic decision making

You may not to be subject to a decision based solely on automated processing, including profiling, unless this is necessary for entering into, or performance of, a contract with us, it is authorised by the regulators or it is based on your explicit consent.

If you have any questions about your rights or wish to exercise any of them, please contact us (see HOW TO CONTACT US).

Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

You also have the right to lodge a complaint with a data protection regulator where your personal information has or is being used in a way that you believe does not comply with data protection law. Usually this would be in the country where you live or where your legal rights have been infringed.

THE LEGAL BASIS FOR USING PERSONAL DATA

We are required to set out the legal basis for our ‘processing’ of personal data

We collect and use your personal data because is it necessary:

• for our legitimate interests (as set out below)

• to fulfil our contractual obligations to supply products and services

• to exercise our contractual rights and remedies

• to comply with our legal obligations

Normally, the legal basis for using your personal information is that it is necessary for our legitimate interests. This includes:

• selling and supplying products and services to our customers

• processing orders and dealing with enquiries from our customers

• managing returns and refunds

• protecting our customers, employees and other individuals

• promoting, marketing and advertising our products and services

• sending promotional communications which are relevant and tailored to individual customers

• administering reward or loyalty schemes

• understanding our customers’ behaviour, activities, preferences, and needs;

• improving existing products and services

• developing new products and services

• complying with our legal and regulatory obligations;

• preventing, investigating and detecting crime, fraud or anti-social behaviour

• handling customer contacts, queries, complaints or disputes

• managing insurance claims by customers

• taking appropriate legal action against third parties

• handling legal claims or regulatory enforcement actions taken against us

• fulfilling our duties to our customers, colleagues, shareholders and other stakeholders

HOW TO CONTACT US

If you would like to exercise your rights (see YOUR RIGHTS for further information) or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:

• By email: info(a)hobbyhallen.se

• By post: Data Protection Officer, IP-Agency Finland Oy, Pavintie 2, 01260 Vantaa, Finland

LINKS TO OTHER WEBSITES

We may partner with trusted service providers to make additional products and services available to you and may sometimes provide you with links to other websites that are not under our control.

In these instances, we will not be liable to you for any issues with their use of your personal information, the website content or the products and services offered or provided to you by these websites.

These websites are not owned and operated by us and they are responsible for processing personal data in accordance with their own privacy policies. We recommend that you consult the privacy policy and terms and conditions on each website to see how your personal information will be used.

POLICY UPDATES

This Policy was last updated 26.6.2018