privacy policy

RETAIL REBELS OY’S CUSTOMER REGISTER PRIVACY POLICY

1. Data Controller

Retail Rebels Oy is responsible for processing personal data as described in this privacy policy.

2. Contact Person for Register Matters

The controller of the register: Retail Rebels Oy (EU VAT ID FI34948692)
Contact person: Virve Arvola / Liisa Hyyrynen
Address:  Kirstinkatu 2 a 6, 00530 Helsinki
Phone: 044-3537210
Email: info(a)retailrebels.net

3. Name of the Register

The register is titled Retail Rebels Oy Customer Register. (Retail Rebels Oy:n asiakasrekisteri)

4. Purpose of Processing Personal Data

Personal data is processed for the following purposes:

  • Managing, maintaining, and developing customer relationships.

  • Providing and delivering services.

  • Improving services and handling billing.

  • Resolving complaints and other claims.

  • Customer communication, including notifications, news, and marketing.

  • Direct marketing and electronic marketing (with the right to opt-out).

Retail Rebels Oy processes personal data internally and may also use subcontractors for data processing.

5. Legal Basis for Processing

The processing of personal data is based on the following legal grounds under the EU General Data Protection Regulation (GDPR):

  1. The data subject has given consent to the processing (Article 6(1)(a)).

  2. Processing is necessary for contract fulfillment or pre-contractual actions (Article 6(1)(b)).

  3. Processing is necessary for legitimate interests, such as maintaining customer relationships (Article 6(1)(f)).

6. Data Content of the Register

The register may contain the following personal data:

  • Name, address, phone number, and email.

  • Company or organization details, including role or title.

  • Marketing preferences (consents and prohibitions).

7. Regular Data Sources

Personal data is primarily collected from the data subject. Data may also be obtained from publicly available sources, where permitted by law, for customer relationship management purposes.

8. Data Retention Period

Personal data is retained only as long as necessary for the stated purposes. The need for data retention is reviewed every five years. Data is deleted three years after the end of the customer relationship unless legal obligations (e.g. accounting laws) require longer retention.

9. Data Transfers and Disclosures

Personal data is not disclosed to third parties unless required by law.

10. Data Transfers Outside the EU/EEA

Retail Rebels Oy uses Squarespace servers, which may be located outside the EU/EEA. Squarespace adheres to the Privacy Shield framework for data protection compliance.

11. Data Security Principles

Personal data is protected through technical and organizational measures:

  • Data is stored in locked premises with access granted only to authorized personnel.

  • Servers are secured with firewalls and other security technologies.

  • Access to databases and systems is restricted via personal login credentials.

  • Employees handling personal data are bound by confidentiality obligations.

12. Rights of the Data Subject

Under GDPR, data subjects have the following rights:

  1. Right to access – The right to know whether personal data is processed and to receive a copy of the data.

  2. Right to rectification – The right to correct inaccurate or incomplete data.

  3. Right to erasure – The right to request data deletion under certain conditions.

  4. Right to restriction of processing – The right to limit data processing under specific circumstances.

  5. Right to data portability – The right to receive personal data in a structured format and transfer it to another controller.

  6. Right to object – The right to object to processing, including direct marketing.

  7. Right to lodge a complaint – The right to file a complaint with the Data Protection Authority.

Requests related to data subject rights should be directed to the contact person mentioned in section 2.

13. Website Analytics

Retail Rebels Oy uses analytics services to collect anonymized data on website visits.

Service Used: Squarespace Analytics

14. Targeted Marketing

Based on website visits, targeted advertisements may be displayed via platforms such as:

  • Facebook

  • Instagram

  • LinkedIn

  • Pinterest

This policy may be updated as needed. Please review it regularly for changes.

Last Updated: 23.03.2025