1. The owner of the register
House of Elliott Oy
Business ID: 1951952-3
Address: Meritullinkatu 4 B 28, 00170 Helsinki
2. Contact person responsible for the register
House of Elliott Oy's Data Protection Commissioner
3. What personal information do we store?
We only store information provided by our customers
- First and last name
- Contact information (postal address, e-mail address, telephone number)
- Content of your orders, tracking information for your orders and information about your order history, as well as information related to complaints and returns
- Information about subscribing to a newsletter or other direct marketing
- Direct marketing authorizations and prohibitions
- Information automatically collected by our website:
- IP address, browser type, and browsing history)
- Date of visit to the website and duration of the session
- Information related to Google analytics, advertising behavior, and cookies
- Payment methods
- Delivery methods
4. Purpose of the processing of personal data
We need your personal information to deliver orders. The processing of certain personal data is also required by law. We cannot deliver your order without personal and, for example, address information.
- Delivery of orders
- Payment processing
- Customer communication
- Sending order confirmation messages
5. Sources of the register
We automatically collect your personal information when you provide it to us in connection with subscriptions or a newsletter subscription or when you visit our store.
6. Legal basis for the processing of personal data
The right to process your personal information is based on the customer and purchase relationship.
- the voluntary consent of the person at the time of placing the order
- House of Elliott Oy's legitimate advantage in maintaining the customer relationship and delivering orders
- The purpose of the processing of personal data is the processing of orders and payment transactions, sales of products, communication with customers, maintenance of the customer relationship and marketing.
- An agreement will be concluded between House of Elliott Oy and the customer when you accept our delivery terms
7. Consent to data processing
We always ask for your consent e.g. sending newsletters. You can always revoke your consent e.g. direct marketing, either by contacting our Data Protection Officer or by canceling subscription through a link found in the emails we send to you.
8. Data transfers and data transfers outside the EU or the EEA
Personal data collected in connection with orders will not be regularly disclosed to third parties without the customer's specifically requested consent. The data will also not be disclosed outside the EU or the EEA without specific consent. Please note that when ordering, you will also provide your personal information to the payment service provider. At the request of the authorities, we are required by law to disclose your information.
Newsletter subscriber information (email and name) is transferred to our newsletter provider Mailchimp. Your information is in a register registered in the name of our company to which third parties do not have access. Mailchimp is committed to complying with internal EU data protection laws.
9. Registry Security Principles
The register shall be handled with due care and the information processed by the information systems shall be adequately protected. When registry information is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it includes.
10. Right of inspection and right to request rectification or erasure of information
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. A person in the register has the right to request the removal of personal data concerning him or her from the register. If a person wishes to check the data stored about him or her or to request their correction or deletion, the request must be sent in writing to the contact person responsible for the register. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).
16. Changes to this Privacy Statement
We may make changes to this privacy statement. We will notify our website if we make any changes.
Privacy statement updated on December 1, 2018