“Warranty and marketing register”
Combined data protection statement and information document in compliance with the Data Protection Act (2018/1050) and the EU General Data Protection Regulation (2016/679/EU).
- CONTROLLER
In accordance with the applicable Data Protection Act and the data protection regulation, Rex Nordic Oy and its subsidiaries are Joint Controllers who jointly determine the purposes and means of the processing. The term “Controller” is used instead of “Joint Controller” in the text below. The data subject’s contact point is Rex Nordic Oy, which is responsible for ensuring that your personal data is processed in accordance with this statement and applicable data protection laws.
Company details:
Rex Nordic Group
Rex Nordic Oy
Mustanlähteentie 24 A
07230 Askola, Finland
Business ID: 2646942-1
Telephone: +358 40 180 1111
www.rexnordic.eu
- PERSON AND/OR CONTACT RESPONSIBLE FOR REGISTER ISSUES
Ville Metsälampi
ville.metsalampi@rexnordic.com
Telephone: +358 40 578 0368
- NAME OF THE REGISTER:
Rex Nordic Oy – “Warranty and marketing register”
General information on the processing of personal data
To the extent that the Customer Register contains personal data, the Data Protection Act and other laws, regulations, decrees and official instructions in force at any given time regarding the processing of personal data shall be complied with. Personal data refers to data that can be linked to a specific person. This document describes in more detail the procedures for the collection, processing and disclosure of personal data, and the rights of the data subject.
- LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA
Personal data stored in the warranty register is used for the following purposes: arrangement of warranty-based maintenance activities, collection, storage and statistics of warranty and maintenance data, and collection and processing of complaints and customer feedback. The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is the Controller’s legitimate interest based on customer relationship. The purpose of processing personal data is to maintain customer relationships, improve customer service and experience, manage and process orders, and marketing. In addition, the information is used for maintenance service and any recall and other measures covered by the warranty. Customer data can be used for automated decision-making or profiling.
Customer data may also be disclosed for the purposes of development of business and internal operations within Rex Nordic Oy’s group companies and related party companies.
The data is stored in the register within the framework of the customer relationship or warranty period. Unless the data subject requires otherwise, the Controller is also entitled to retain the existing data after the warranty period for business improvement and operation analyses purposes.
- WHAT DATA WE COLLECT
We only collect personal data that is necessary for the purposes mentioned in section 4 above. Particular care is exercised in the processing of personal data.
We collect the following personal data:
- first and last name
- e-mail address
- telephone number
- address
- order history
- device identification and purchase data
- intended purpose
- customer feedback and complaint information
- information about maintenance activities performed on the device
- IP address
- device serial number.
- REGULAR SOURCES OF DATA
Data stored in the register is obtained from the messages sent by the customer in connection with an order or using the forms on the website. We also store customer data obtained from the following sources: e-mail, telephone, social media services, contracts, customer meetings and other situations where the direct source of the data is the customer itself.
- PROCESSORS
Companies belonging to the same group as Rex Nordic Oy may process personal data for administrative purposes in accordance with and within limits set by the data protection legislation in force at the time.
Rex Nordic Oy may also partially outsource the processing of personal data to a third party, in which case Rex Nordic Group guarantees by contractual arrangements that personal data will be processed in accordance with this privacy policy and valid applicable data protection legislation.
Subcontractors of Rex Nordic Oy take care, for example, of the following: delivery of products ordered from the online store, development and consultation of digital services, data storage and technical infrastructure management, payment transaction management, invoicing, analytics and data management, market research and consumer surveys, marketing services and advertising technologies.
- REGULAR DISCLOSURE OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR THE EEA
Data will not be disclosed regularly to other parties or outside the EU or the EEA unless it is necessary for the technical implementation provided by Rex Nordic Oy or its partner. Rex Nordic Oy will only do so based on a legal basis, such as when the recipient is located in a country that provides an adequate level of protection for personal data, or when the recipient is bound by an agreement that covers EU requirements for the transfer of personal data outside the European Union. Data may be disclosed to the authorities as required by existing legislation. Warranty registration is provided using the importer’s systems that offer the same level of data security.
- PRINCIPLES OF DATA FILE PROTECTION
The processing of the register is carried out with due care, and the data processed by means of information systems is appropriately protected. The data file is stored on Internet servers. The physical and digital data security of the hardware is arranged appropriately.
The Controller takes care to ensure that the saved data, server access rights and other information critical to the security of personal data are processed confidentially and only by the employees whose duties require it. In addition to the employees, online service administrators also have access to the register. The manner in which online service administrators may process the data is specified in a data processing agreement concluded with them.
- DATA RETENTION PERIOD
We retain personal data in the warranty register for the duration of the warranty, after which the data is erased from the register.
- RIGHTS OF THE DATA SUBJECT
You have the right to receive information on the processing of your personal data or a copy of your personal data and request rectification of inaccurate personal data and supplementation of incomplete personal data. You also have the right to request us to erase your personal data unless their retention is necessary on the basis of, for example, the Accounting Act or customer relationship. You also have the right to prohibit direct marketing by sending an e-mail to
info@rexnordic.com.
You also have the right to request us to restrict the processing of personal data during the following situations:
verification of legitimate interest; rectification of inaccurate personal data and verification of their accuracy. If you believe that the processing of personal data is carried out improperly, you also have the right to lodge a complaint with a supervisory authority, which as a rule, in this case, is the Data Protection Ombudsman. You can also request the transfer of your personal data if we process personal data that you have provided yourself based on the contract you have entered into. In this case, we will provide your personal data in a machine-readable format that you can store yourself or transfer to another controller.
Data file enquiries should be submitted using the data request form provided. In addition, the data subject must verify his or her identity and right to access the register data at the Controller’s office in order to disclose the data. The data shall be provided in the most appropriate way within six (6) weeks of the submittal of the data request and the required identity verification.
- DATA SECURITY
Our website is built to be safe. We use a secure SSL connection, firewalls and logging in with usernames and passwords. Regular updates further strengthen the data security of the website.
- COOKIES
Our website contains cookies that collect data on the users of the website.
The cookies enable, for example, Google Analytics and Facebook marketing tracking. We use this data to improve our website and target our marketing more efficiently. You can disable cookies in your browser settings to prevent the tracking of your visit to our website.
- CONTACT
Data file enquiries should be submitted using the data request form. In addition, the data subject must verify his or her identity and right to access the register data at the Controller’s office in order to disclose the data. The data subject must contact personally or in writing the address given under the ‘Company details’ section. The data shall be provided in the most appropriate way within six (6) weeks of the submittal of the data request and the required identity verification.
- CHANGES TO THE DATA PROTECTION STATEMENT
This data protection statement may be updated from time to time due, for example, any changes in legislation. This data protection statement was last updated on 15 September 2020.
CRM Customer Relationship Management (“Customer Register”)
Combined data protection statement and information document in compliance with the Data Protection Act (2018/1050) and the EU General Data Protection Regulation (2016/679/EU).
- CONTROLLER
In accordance with the applicable Data Protection Act and the data protection regulation, Rex Nordic Oy and its subsidiaries are Joint Controllers who jointly determine the purposes and means of the processing. The term “Controller” is used instead of “Joint Controller” in the text below. The data subject’s contact point is Rex Nordic Oy, which is responsible for ensuring that your personal data is processed in accordance with this statement and applicable data protection laws.
Company details:
Rex Nordic Group
Rex Nordic Oy
Mustanlähteentie 24 A
07230 Askola, Finland
Business ID: 2646942–1
Telephone: +358 40 180 1111
www.rexnordic.eu
- PERSON AND/OR CONTACT RESPONSIBLE FOR REGISTER ISSUES
Ville Metsälampi
ville.metsalampi@rexnordic.com
Telephone: +358 40 578 0368
- NAME OF THE REGISTER:
Rex Nordic Oy – CRM Customer Relationship Management (“Customer Register”)
General information on the processing of personal data
To the extent that the Customer Register contains personal data, the Data Protection Act and other laws, regulations, decrees and official instructions in force at any given time regarding the processing of personal data shall be complied with. Personal data refers to data that can be linked to a specific person. This document describes in more detail the procedures for the collection, processing and disclosure of personal data, and the rights of the data subject.
- LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA
When we process your personal data to fulfil our customer relationship obligations, or when you make purchases in our online store, the processing of your personal data is based on a contract.
When we process your personal data for customer service purposes and marketing, the legal basis for the processing of your personal data is legitimate interest.
When we process your personal data in the context of electronic direct marketing, the legal basis for the processing of your personal data is consent. You have the right to withdraw your consent at any time.
When we process your personal data to fulfil our statutory obligations, the legal basis is statutory obligation.
The purpose of processing personal data is to maintain customer relationships, improve customer service and experience, manage and process orders, and marketing. In addition, the information is used for maintenance service and any recall and other measures covered by the warranty. Customer data can be used for automated decision-making.
- DATA RETENTION PERIOD
Personal data is generally processed for as long as the customer relationship for which we need the data is valid or until the time the customer’s contact person changes. After the end of the customer relationship, personal data is stored for a maximum of five (5) years on the basis of Rex Nordic Oy’s legitimate interest, such as possible defence against legal claims. Personal data may also be retained for longer than this if the applicable legislation or Rex Nordic Oy’s contractual obligations to third parties require a longer retention period. Otherwise, personal data will be erased when there is no longer a need to retain it or to verify, exercise or defend the legal rights of the parties.
Personal data may also be retained for a longer period if the applicable legislation or the company’s contractual obligations to third parties require a longer retention period. The data is stored in the register within the framework of the customer relationship or warranty period. Unless the data subject requires otherwise, the Controller is also entitled to retain the existing data after the warranty period for business improvement and operation analyses purposes.
- WHAT DATA WE COLLECT
We collect your personal data in order to provide our products and services in the best possible way, to create a smooth purchasing experience, and to ensure the efficient operation and maintenance of our websites and services. Particular care is exercised in the processing of personal data.
We collect the following data:
- first and last name
- identification code, e.g. date of birth
- e-mail address
- telephone number
- address
- order and purchase history
- dealer used
- website behaviour
- activation of a warranty
- data related to customer relationship management and contact
- other data specified on a case-by-case basis based on consent.
Data related to purchases:
- data on your orders, deliveries, payment methods, invoicing addresses and delivery addresses, as well as other data on transactions with Rex Nordic Oy
- contacts with our customer service and the related communication
- participation in promotion campaigns and competitions.
Data collected from other sources:
- If you have connected to our website, service or social media channel using a personal social media profile, we may collect public data available on that profile.
- We may collect updated delivery and contact data from transport companies.
- REGULAR SOURCES OF DATA
We only collect and process personal data that is necessary for conducting our operations and managing our customer relationship.
Data stored in the register is obtained from messages sent by the customer in connection with an order. We also store customer data obtained from the following sources: e-mail, telephone, social media services, contracts, customer meetings and other situations where the direct source of the data is the customer itself.
- PROCESSORS
Companies belonging to the same group as Rex Nordic Oy may process personal data for administrative purposes in accordance with and within limits set by the data protection legislation in force at the time.
Rex Nordic Oy may also partially outsource the processing of personal data to a third party, in which case Rex Nordic Group guarantees by contractual arrangements that the personal data will be processed in accordance with this privacy policy and valid applicable data protection legislation.
Subcontractors of Rex Nordic Oy take care, for example, of the following: delivery of products ordered from the online store, development and consultation of digital services, data storage and technical infrastructure management, payment transaction management, invoicing, analytics and data management, market research and consumer surveys, marketing services and advertising technologies.
- REGULAR DISCLOSURE OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR THE EEA
If you have placed an order in our online shop, we may disclose personal data necessary for the delivery of the order, such as your name, address, e-mail address and phone number, to the logistics company.
Depending on your payment preference, we may use an external service provider to process payments for online shop orders, in which case you will be redirected to a third-party website. In this case, the terms and conditions of the third-party website apply. We do not collect payment data, such as credit card data. All payment data is processed by authorised external payment service providers.
For the purposes of operational development and business analysis and development, customer data may be disclosed internally within Rex Nordic Oy’s group and related party companies. Individual persons cannot be identified from the reports.
Data will not be disclosed regularly to other parties or outside the EU or the EEA unless it is necessary for the technical implementation provided by Rex Nordic Oy or its partner. Rex Nordic Oy will only do so based on a legal basis, such as when the recipient is located in a country that provides an adequate level of protection for personal data, or when the recipient is bound by an agreement that covers EU requirements for the transfer of personal data outside the European Union. Data may be disclosed to the authorities as required by existing legislation.
- PRINCIPLES OF DATA FILE PROTECTION
The processing of the register is carried out with due care, and the data processed by means of information systems is appropriately protected. The data file is stored on Internet servers. The physical and digital data security of the hardware is arranged appropriately. We have taken technical and organisational measures to ensure that your personal data is not altered, lost, destroyed or accessed without authorisation.
The Controller takes care to ensure that the saved data, server access rights and other information critical to the security of personal data are processed confidentially and only by the employees whose duties require it. In addition to the employees, online service administrators also have access to the register. The manner in which online service administrators may process the data is specified in a data processing agreement concluded with them.
Manual material is stored in locked premises with special care and caution.
- RIGHTS OF THE DATA SUBJECT
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Also, as a general rule and in accordance with the applicable data protection legislation, the data subject may at any time choose to exercise the following rights:
Right to be informed about the processing of your personal data. You have the right to receive a copy of your personal data and request rectification of inaccurate personal data as well as supplementation of incomplete personal data. You also have the right to request us to erase your personal data unless their retention is necessary on the basis of, for example, the Accounting Act or customer relationship. You also have the right to prohibit direct marketing by sending an e-mail to
info@rexnordic.com.
You also have the right to request us to restrict the processing of personal data during the following situations:
verification of legitimate interest; rectification of inaccurate personal data and verification of their accuracy.
You can also request the transfer of your personal data if we process personal data that you have provided yourself based on the contract you have entered into. In this case, we will provide your personal data in a machine-readable format that you can store yourself or transfer to another controller.
If you believe that the processing of personal data is carried out improperly, you also have the right to lodge a complaint with a supervisory authority, which as a general rule, in this case, is the Data Protection Ombudsman in the location of the main establishment.
- USE OF COOKIES
Cookies are short text files that are stored in your device’s browser and by the Internet browser on the terminal device in order to identify and re-identify the user. Cookies are used to identify the browser used and to use the data thus obtained to calculate the number of browser visits to the website and analyse the use of our website for statistical monitoring purposes, for example. We also use cookies on our websites to improve the user experience. Cookies do not harm or interfere with your device, and the data will not be disclosed to third parties.
If you choose not to accept the use of cookies on the websites, you can clear and disable cookies altogether. Cookie settings can be managed in your web browser’s security settings. If cookies are disabled, we cannot guarantee the functionality of the website.
We receive from Facebook the name of an individual user, their public profile picture and other information that has been defined as publicly visible. You may also provide us with other personal data in the comments on the pages or in the instant messaging service during, for example, a customer service situation. We do not process your personal data outside of Facebook or integrate the data into any other registers.
- DATA SECURITY
Our website is built to be safe. We use a secure SSL connection, firewalls and logging in with usernames and passwords. Regular updates further strengthen the data security of the website.
- CONTACT
Data file enquiries should be submitted using the data request form. In addition, the data subject must verify his or her identity and right to access the register data at the Controller’s office in order to disclose the data. The data subject must contact personally or in writing the address given under the ‘Company details’ section. The data shall be provided in the most appropriate way within six (6) weeks of the submittal of the data request and the required identity verification.
- CHANGES TO THE DATA PROTECTION STATEMENT
This data protection statement may be updated from time to time due, for example, any changes in legislation. This data protection statement was last updated on 15 September 2020.