Personal Data Act(523/99) 10 §
Composition date 20.5.2020
1.1. Data Controller
1.2. Data Protection Officer
1.3. Registry name
Lovanna Lingerie's webshop user registry
1.4. Purposes of processing personal data
Personal data stored in Lovanna Lingerie's webshop user registry is used for customer relations, contancting, billing, shipping and marketing management regarding Lovanna.
1.5. Contents of the registry
Information collected in the registry are provided by users. This includes the following:
- Authentication information
- Contact information
- Payment and payment method information
- Information on consenting or blocking marketing
In addition, registry collects analytical data provided by the use of the service on following categories:
- Purchase and case entries
- Shipping information
- Product ratings
- Browsing and usage information, Terminal identification
1.6. Regular sources of information
Data Controller collects information input by the user when using the webshop, and also purchase and case information.
1.7. Regular data transfers and data transfers outside the EU or the European Economic Area
We can cede some necessary regular data to third parties. Voimme luovuttaa joitain välttämättömiä säännönmukaisia tietoja kolmansille osapuolille. Data transfers outside the EU or the EEA.
We can admit information to the following third parties:
- Shipping Agent (shipping information for a successful delivery)
- Email marketing partner (allows sending our subscription letter to those who have ordered it)
- Payment intermediary
- Google (analytics, information on how our website is used)
- Facebook (targeted marketing)
- Shopify (to ensure functioning of our webshop)
1.8. Registry Security Principles
Lovanna Lingerie's webshop user registry information is saved in data controller's system. Accessing the system requires authentication. Only pre-determined employees of Mercatus Ltd have access to read and use the registry.
1.9. The Data subject's right of prohibition
Data subjects have a right to prohibit data controller from using their personal information regarding direct advertising, remote sales and other marketing related activities such as opinion polls, matriculation or genealogy. Request for prohibition should be done in writing and sent to data protection officer.
1.10. Right of inspection of the data subject
Data subject has a right to inspect the information saved in the register regarding the data subject in question and get a copy of the information. Inspection request should be done in writing and sent to the data protection officer.
1.11. Correcting information
Data controller corrects, removes or supplements data subject's processing-wise faulty, useless, inadequate or obsolete personal information from the register on it's own initiate or by request of the data subject. Data subject should be in contact with the Data Protection officer for correcting information.