Spare Parts and Tyre Search

Brands

Processing of personal data in the sale of products

Recital / Preamble

This privacy policy concerns the processing of personal data by the Seller in connection with the sale, supply and related activities of the Seller's Products. The Seller shall mean Oy Duell Bike-Center Ab or its subsidiary that has concluded the contract or issued the order confirmation to the buyer in the relevant sales relationship (hereinafter referred to as the "Seller"); subsidiary shall mean any entity through which Oy Duell Bike-Center Ab carries on business by owning, directly or indirectly, the majority of the shares or voting rights of such subsidiary (hereinafter the "Subsidiary"). Buyer shall mean the company, entity or person with whom the Seller has entered into a contract and to whom the order confirmation is addressed (hereinafter the "Buyer") and product means the product or products sold by the Seller to the Buyer (the "Product" or "Products").

Privacy policy

The processing of the personal data of the data subject, i.e. the Buyer, is necessary for the purposes described in this privacy policy. The specific purposes of the processing, the grounds for processing and other principles of processing of personal data, as well as a description of the data subjects' rights, are described in this section. The purpose of this privacy policy is to describe how the Seller processes the Buyer's personal data in accordance with the requirements of the legislation.

The Seller acts as the controller of all information and personal data required for the sale, delivery and related activities of the Products which the Buyer discloses to the Seller and which the Seller otherwise collects. As a data controller The Seller is committed to comply with the applicable data protection legislation in force at the time of processing personal data, in particular acknowledging the obligations under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

Information collected by the Seller and how it is used

Personal data is processed in connection with the sale, delivery and related activities of the Seller's Products, such as processing of payments, handling claims and returning of Products (the "Purpose"). The legal basis for the processing of personal data is mainly the contract between the Seller and the Buyer, i.e. the processing is necessary for the performance of the purchase and sale contract. In addition, in certain cases, the processing may be based on the legitimate interest of the Seller (such as the development of customer service) and the consent of the Buyer (such as the use of cookies).

The personal data processed include contact information (including name, address, email address and telephone number) and order information (including order history) of the Buyer and third parties disclosed by the Buyer, information necessary to organize and ensure the quality of support and advisory services (including customer feedback and customer service transaction information), billing and payment information (including bank account number, paid orders, overdue payments, unpaid invoices and collection information) and the Buyer's consents and prohibitions. The Seller does not process special categories of personal data.

Security and access to personal data

The Seller protects the data by technical and organizational measures. The Seller's employees and any processors of personal data must comply with the Seller's internal data security and personal data processing practices.

Manual material is stored in locked spaces on the Seller's locked premises. Unauthorized access to the premises is prevented. Personal access to the premises is permitted only to those, who are bound by written agreements as members of the Seller. Access to the premises by so-called outsiders is always controlled.

The information stored and processed by the information systems is accessible to limited and designated persons. Access requires logging into the information system. The computer network and the hardware on which the register is located are protected by a firewall and other necessary technical measures. The access codes required to log in to the information system are only disclosed to the Seller's members and selected partners. Such disclosures will be supervised by a contact person. All users of the register are bound by confidentiality.

Only those persons who need the information to fulfil the Purpose will have access to the data. Within the Seller, access to personal data is, as a rule, granted to customer service and sales staff and financial staff, among others. As a rule, third parties do not have access to personal data.

Regular disclosures of data

Information is disclosed to public authorities in cases required by law, such as for the detection and prevention of abuse. Customer data may also be disclosed or transferred to temporary registers, such as event, lottery, contact or research registers, or to the registers of any third-party service providers (such as the carrier), to fulfil an assignment by the Buyer or with the Buyer's consent. Data from these temporary registers will only be processed for the purposes for which they are intended, on an informed basis. The Seller also discloses personal data, for example to a debt collection agency, when it is necessary to monitor payments.

The personal data of the data subject on behalf of the Seller will be processed by:

  • ActiveCampaign, LLC.
  • Adobe Inc.
  • Meta Platforms, Inc.
  • Google LLC.
  • LinkedIn Corporation
  • Microsoft Corporation
  • Sendinblue SAS
  • Oy DL Software Ab

 

Cookies
The Seller's website contains cookies. These are small text files placed on computer by a web browser. The cookies act as an identifier and make the use of the website optimal. The Seller uses cookies to improve the usability of the page, e.g. so that the Buyer only needs to log in once instead of separately for each page visited, and by storing the Product that the Buyer adds to the shopping cart on the Seller's website.

 

There are four types of cookies and they are all used on the Seller's website: necessary cookies, preference cookies, statistical cookies and marketing cookies. Necessary cookies help make the website usable by allowing basic functions such as page navigation and access to secure areas of the site. The website will not function properly without these cookies. Preference cookies allow the website to store information that changes the behavior and appearance of the website, such as language choices or user locations. Statistical cookies help the Seller understand how users interact with the sites by collecting and reporting data anonymously. Marketing cookies are used to track visitors to websites. The purpose is to show ads that are appropriate and interesting to individual users, and thus more valuable to publishers and third-party advertisers.

 

For non-necessary cookies, processing is based on the consent of the visitor. If cookies are wished not to be received, only essential cookies may be allowed or, if necessary, disabled in the browser settings. The use of necessary cookies is based on the legitimate interest of the Seller.

 

Please note that if cookies are disabled, not all functions on the Seller's website may be available.

 

The Seller's website (www.duell.fi) provides more detailed information on the cookies used by the Seller.

 

Direct mail advertising

The Seller uses personal data for direct marketing purposes to provide current/relevant information and offers about the Seller's products, as well as to provide information about when new products in certain product categories will be available.

Transfer of personal data outside the EU-EEA

The Seller processes personal data within the EU-EEA and no personal data is transferred outside the EU-EEA in connection with the processing. However, in exceptional circumstances and where necessary, data may be transferred or disclosed outside the EU/EEA in the ways permitted by the data protection legislation, provided that:

  • the data is transferred to a country or organization in the country where the European Commission has determined that there is an adequate level of data protection; or
  • contractual arrangements can ensure an adequate level of protection; or
  • standard contractual clauses can guarantee an adequate level of protection; or
  • where the Buyer has given its consent.

Retain period

As a general rule, personal data will be processed for as long as the contract, on the basis of which the personal data are processed, is in force and at least 10 years after the expiry of such contract. The data are entered in the register as they are received from the data subject and are updated as the data subject informs the controller. Form data sent from the Seller's website will be automatically deleted five (5) years after sending.

 

Regular sources of data

The data sources are the initiation of the customer and account relationship in a personal meeting, by e-mail or via an electronic form on the controller's website. In addition, data is collected through publicly available business information sources (such as the CIS) or, in their absence, public data available on the target website will be used where appropriate.

Buyer's rights regarding personal data

The Buyer has the right to:

  • be informed about the processing of their personal data
  • have access to their personal data
  • have inaccurate data rectified
  • have the data deleted ("right to be forgotten") if certain requirements are met
  • restrict processing if certain requirements are met
  • object to processing in certain circumstances
  • have data transferred from one system to another where certain requirements are met
  • withdraw their consent.

If the Buyer feels that their data has been processed unlawfully, they also have the right to lodge a complaint with the supervisory authority, which is the Seller's home country data protection authority. The contact details of the Finnish Data Protection Ombudsman can be found at www.tietosuoja.fi/en.

If the Buyer wishes to exercise their rights in relation to their personal data covered by this privacy policy or if the Buyer has any questions about their rights in relation to personal data, they can contact:

Oy Duell Bike-Center Ab

Kauppatie 19, 65610 Mustasaari

tel. +358 (0) 20 118 000

dataprotection@duell.eu