House of Elliott Oy
Business ID: 1951952-3
Address: Meritullinkatu 4 B 28, 00170 Helsinki
2. Contact person responsible for the register
House of Elliott Oy's Data Protection Commissioner
3. What personal information do we store?
We only store personal and order information provided by our customers
- Contact information (postal address, e-mail address, telephone number)
- The content of your orders, the tracking information of your orders and information about your order history, and - information related to complaints and returns
- Information about subscribing to a newsletter or other direct marketing
- Direct marketing authorizations and prohibitions
Information automatically collected by our website:
- IP address, browser type and browsing history
- Date of visit to the website and duration of the session
- Information collected by Google Analytics, Facebook ads, and cookies
- Payment methods
- Delivery methods
4. Purpose of the processing of personal data
We need your personal information to deliver orders and marketing. The processing of certain personal data is also required by law. We cannot deliver your order without for example your address.
- Payment processing
- Customer communication
- Sending order confirmation messages
5. Sources of the register
We automatically collect your personal information when you provide it to us in connection with subscriptions or a newsletter subscription.
6. Legal basis for the processing of personal data
The right to process your personal information is based on the customer and purchase relationship.
- House of Elliott Oy's legitimate advantage in maintaining the customer relationship and delivering orders
- The purpose of the processing of personal data is the processing of orders and payment transactions, sales of products, communication with customers, maintenance of the customer relationship and marketing
- An agreement is signed between House of Elliott Oy and the customer when you accept our delivery terms
7. Consent to data processing
We always ask for your consent e.g. sending newsletters. You can always revoke your consent to direct marketing, either by contacting our Data Protection Officer or by canceling a direct marketing subscription through a link that can be found in the footer of our marketing emails.
8. Data transfers and data transfers outside the EU or the EEA
Personal data collected in connection with orders will not be regularly disclosed to third parties without the customer's specifically requested consent. The data will also not be disclosed outside the EU or the EEA without specific consent. Please note that when ordering, you will also provide your personal information to the payment service provider, Facebook and Google. At the request of the authorities, we are required by law to disclose your information.
Newsletter subscriber information (email and name) is transferred to our newsletter provider Mailchimp. Your information is in a register registered in the name of our company to which third parties do not have access. Mailchimp is committed to complying with internal EU data protection laws.
9. Registry Security Principles
The register shall be handled with due care and the information processed by the information systems shall be adequately protected. When registry information is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it includes.
10. Right of inspection and right to request rectification or erasure of information
Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. A person in the register has the right to request the removal of personal data concerning him or her from the register. If a person wishes to check the data stored about him or her or to request their correction or deletion, the request must be sent in writing (for example via email) to the contact person responsible for the register. If necessary, the owner of the register may ask the applicant to prove his or her identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month).
16. Changes to this Privacy Statement
We may make changes to this privacy statement. We will notify our website if we make any changes.
Privacy statement updated on December 1, 2018