Processing of personal data in the sale of products
Recital / Preamble
The Seller acts as the controller of all information and personal data required for the sale, delivery and related activities of the Products which the Buyer discloses to the Seller and which the Seller otherwise collects. As a data controller The Seller is committed to comply with the applicable data protection legislation in force at the time of processing personal data, in particular acknowledging the obligations under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
Information collected by the Seller and how it is used
The personal data processed include contact information (including name, address, email address and telephone number) and order information (including order history) of the Buyer and third parties disclosed by the Buyer, information necessary to organize and ensure the quality of support and advisory services (including customer feedback and customer service transaction information), billing and payment information (including bank account number, paid orders, overdue payments, unpaid invoices and collection information) and the Buyer's consents and prohibitions. The Seller does not process special categories of personal data.
Security and access to personal data
The Seller protects the data by technical and organizational measures. The Seller's employees and any processors of personal data must comply with the Seller's internal data security and personal data processing practices.
Manual material is stored in locked spaces on the Seller's locked premises. Unauthorized access to the premises is prevented. Personal access to the premises is permitted only to those, who are bound by written agreements as members of the Seller. Access to the premises by so-called outsiders is always controlled.
The information stored and processed by the information systems is accessible to limited and designated persons. Access requires logging into the information system. The computer network and the hardware on which the register is located are protected by a firewall and other necessary technical measures. The access codes required to log in to the information system are only disclosed to the Seller's members and selected partners. Such disclosures will be supervised by a contact person. All users of the register are bound by confidentiality.
Only those persons who need the information to fulfil the Purpose will have access to the data. Within the Seller, access to personal data is, as a rule, granted to customer service and sales staff and financial staff, among others. As a rule, third parties do not have access to personal data.
Regular disclosures of data
Information is disclosed to public authorities in cases required by law, such as for the detection and prevention of abuse. Customer data may also be disclosed or transferred to temporary registers, such as event, lottery, contact or research registers, or to the registers of any third-party service providers (such as the carrier), to fulfil an assignment by the Buyer or with the Buyer's consent. Data from these temporary registers will only be processed for the purposes for which they are intended, on an informed basis. The Seller also discloses personal data, for example to a debt collection agency, when it is necessary to monitor payments.
The personal data of the data subject on behalf of the Seller will be processed by:
- ActiveCampaign, LLC.
- Adobe Inc.
- Meta Platforms, Inc.
- Google LLC.
- LinkedIn Corporation
- Microsoft Corporation
- Sendinblue SAS
- Oy DL Software Ab
There are four types of cookies and they are all used on the Seller's website: necessary cookies, preference cookies, statistical cookies and marketing cookies. Necessary cookies help make the website usable by allowing basic functions such as page navigation and access to secure areas of the site. The website will not function properly without these cookies. Preference cookies allow the website to store information that changes the behavior and appearance of the website, such as language choices or user locations. Statistical cookies help the Seller understand how users interact with the sites by collecting and reporting data anonymously. Marketing cookies are used to track visitors to websites. The purpose is to show ads that are appropriate and interesting to individual users, and thus more valuable to publishers and third-party advertisers.
For non-necessary cookies, processing is based on the consent of the visitor. If cookies are wished not to be received, only essential cookies may be allowed or, if necessary, disabled in the browser settings. The use of necessary cookies is based on the legitimate interest of the Seller.
Please note that if cookies are disabled, not all functions on the Seller's website may be available.
The Seller's website (www.duell.fi) provides more detailed information on the cookies used by the Seller.
Direct mail advertising
The Seller uses personal data for direct marketing purposes to provide current/relevant information and offers about the Seller's products, as well as to provide information about when new products in certain product categories will be available.
Transfer of personal data outside the EU-EEA
The Seller processes personal data within the EU-EEA and no personal data is transferred outside the EU-EEA in connection with the processing. However, in exceptional circumstances and where necessary, data may be transferred or disclosed outside the EU/EEA in the ways permitted by the data protection legislation, provided that:
- the data is transferred to a country or organization in the country where the European Commission has determined that there is an adequate level of data protection; or
- contractual arrangements can ensure an adequate level of protection; or
- standard contractual clauses can guarantee an adequate level of protection; or
- where the Buyer has given its consent.
As a general rule, personal data will be processed for as long as the contract, on the basis of which the personal data are processed, is in force and at least 10 years after the expiry of such contract. The data are entered in the register as they are received from the data subject and are updated as the data subject informs the controller. Form data sent from the Seller's website will be automatically deleted five (5) years after sending.
Regular sources of data
The data sources are the initiation of the customer and account relationship in a personal meeting, by e-mail or via an electronic form on the controller's website. In addition, data is collected through publicly available business information sources (such as the CIS) or, in their absence, public data available on the target website will be used where appropriate.
Buyer's rights regarding personal data
The Buyer has the right to:
- be informed about the processing of their personal data
- have access to their personal data
- have inaccurate data rectified
- have the data deleted ("right to be forgotten") if certain requirements are met
- restrict processing if certain requirements are met
- object to processing in certain circumstances
- have data transferred from one system to another where certain requirements are met
- withdraw their consent.
If the Buyer feels that their data has been processed unlawfully, they also have the right to lodge a complaint with the supervisory authority, which is the Seller's home country data protection authority. The contact details of the Finnish Data Protection Ombudsman can be found at www.tietosuoja.fi/en.
Oy Duell Bike-Center Ab
Kauppatie 19, 65610 Mustasaari
tel. +358 (0) 20 118 000