House of Elliott Oy
Business ID: 1951952-3
Address: Meritullinkatu 4 B 28, 00170 Helsinki
2. Contact person responsible for the register
House of Elliott Ltd Data protection Supervisor
3. What personal information do we store?
We only store personal and order information provided by our customer
- First and last name
- Contact information (postal address, email address, telephone number)
- The content of your orders, your order tracking information, your order history, and your complaints and returns information
- Newsletter or other direct marketing subscription information
- Marketing Permits and Prohibitions
- Information automatically collected by our website:
- IP address, browser type, and browsing history
- The date and duration of the website visit
- Google analytics, ad behavior, and cookie information
- payment information
- Shipping method
4. Purpose of processing of personal data
We need your personal information to receive your orders and to ship them to you. The processing of certain personal data is also legally required. Without your personal and address information, we can't ship your order.
- Delivery of orders
- Payment processing
- Customer communication
- Sending order confirmation messages
5. Sources of the register
We automatically collect your personal information when you make an order or newsletter subscription.
6. Legal basis for the processing of personal data
The right to process your personal data is based on the customer relationship.
- The person's voluntary consent when placing an order
- A legitimate interest in maintaining a customer relationship and delivering orders
- The purpose of processing personal data is to process orders and transactions, to sell products, to communicate with customers, to maintain customer relationships and marketing
- A contract is signed between House of Elliott Ltd and the customer upon acceptance of our terms of delivery
7. Consent to data processing
We always ask for your consent eg. for sending newsletters. You can always revoke your consent, including direct marketing, either by contacting our Privacy Officer or by unsubscribing from the email we send through the link.
8. Disclosure and transfer of information outside the EU or the EEA
Personal data collected in connection with orders will not be routinely disclosed to third parties without the customer's explicit consent. In addition, information will not be disclosed outside the EU or the EEA without prior consent. Please note that when you place an order you will also provide your personal information to the payment service provider. At the request of the authorities, we are legally obliged to disclose your information.
Newsletter subscriber information (email and name) is transferred to our newsletter service provider Mailchimp. Your information is in a register registered with our company that is not accessible to third parties. Mailchimp is committed to complying with EU internal data protection laws.
9. Registry security principles
The records shall be handled with care and the data processed by the information systems shall be appropriately protected. When registry information is stored on Internet servers, the physical and digital security of their hardware is properly taken care of. The data controller shall ensure that the stored information, as well as server access and other information critical to the security of personal data, is handled confidentially and only by the employees whose job description it covers.
10. Right of access and the right to have the data corrected or deleted
Every person in the register has the right to verify their data stored in the register and to request the correction of any inaccurate information or the correction of incomplete information. A person in the register has the right to request the removal of personal data concerning him from the register. If a person wishes to review or request rectification or deletion of the information stored about him or her, the request must be sent in writing to the contact person in charge of the register. If necessary, the controller may ask the applicant to prove his identity. The controller will respond to the client within the time limit set by the EU Data Protection Regulation (as a rule within one month).
Privacy Statement Updated December 1, 2018