Updated on 28.03.2019
GameBook Oy (business ID 2407461-0)
Tarvonsalmenkatu 15, 02600 Espoo, FINLAND
(hereafter ”we” or “GameBook”).
2. Contact for register matters
4. What is the purpose and the legal basis of processing personal data?
The purposes of processing personal data are:
- the delivery and development of our products and services,
- fulfilling our contractual and other promises and obligations,
- taking care of the customer relationship,
- analyzing and profiling the behavior of a customer or other data subject,
- electronic direct marketing and
- targeting advertising in our and others’ online services.
We use profiling to identify personal profiles, online behavior, age and consumer habits. We use this information e.g. to target marketing within our online shop, to make your online shopping experience better and to develop our services.
The legal basis of processing personal data is:
- our or third party’s legitimate interest based on customer relationship and/or other relevant connection (balanced against the rights of the data subject),
- the performance of a contract with you, and
- your explicit and freely given (informed) consent.
5. What data do we process?
We, and our subcontractor’s (such as Shopify), process the following personal data relating to an identifiable or identified natural person who visits or engages in transactions through our online shop:
- basic information of the data subject such as name*, date of birth, customer number, username and/or other identifier, password;
- contact information of the data subject such as email address*, phone number*, home/ shipping address*;
- possible prohibitions and consents of direct marketing;
- information regarding the customer relationship and the contract such as past and current contracts and orders, user profile formed based on the customer relationship, call recordings, correspondence with the customer/data subject and other contacts, cookies and data related to using them;
- other possible information gathered with data subject’s consent.
Providing personal data marked with an asterisk (*) is a requirement for our contractual and/or customer relationship. Without this necessary information we are not able to provide the product and/or service and deliver it to you.
6. From where do we receive data?
We receive information primarily from the following sources: yourself, population register, authorities, credit information companies, contact information service providers and other similar reliable sources.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.
7. To whom do we disclose data, and do we transfer data outside the EU or the EEA?
We don’t disclose data from the register to external parties.
Just like many other online store operators, we use subcontractors that process personal data on our behalf. We have outsourced the IT-management and e-commerce platform management to an external service providers, on whose administrated and secured servers the personal data is stored.
We also use third party processor to handle the shipping, tacking and product logistics for us, called Logitrail. The information on how they process your personal details on our behalf may be viewed at: http://logitrail.com/tietosuojaseloste-asiakkaat/.
We may transfer personal data outside the EU/EEA. When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses and/or is covered by the Privacy Shield -system.
8. How do we protect the data and how long do we store them?
Only those of our employees and subcontractors, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons.
We store the data as long as it is necessary for provision of the services to you.
We estimate the need for data storage regularly, taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
9. What are your rights as a data subject?
You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.
You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.
On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
10. Who can you be in contact with?