GDPR (General Data Protection Regulation)
Rusta Finland Oy (business ID: 0750 66-6)
FI-01200 VANTAA, Finland
Telephone: +358 (0)75 3255 750
Call charge €0.088/min, incl. VAT
2. Contact person for matters related to data security
Rusta Finland Oy
Telephone: +358 (0)75 325 5000
3. Name of the file
The customer register of Rusta Finland Oy (hereinafter “Happy Angler”)
4. Purpose of processing and legal basis of processing
Personal data is processed under article 6(1)(a–c) and (f) of the General Data Protection Regulation of the EU in situations related to customership, agreements, consent or other relevant contexts. The most typical of these situations consist of the membership of the Happy Angler Club and its operation, different stages of making purchases in-store or online, providing feedback or other communication or business with Happy Angler.
The data is processed for the purposes of maintenance, management, analyses, and development of the relationships mentioned above, the creation and maintenance of classifications and rules regarding data subject groups, the planning and development of the business operations of the controller and other companies belonging to the same group, and for customer communication and marketing.
The register is used to store data according to the data content section of the register for the purchase behavior of the users of services that require registration and other information related to the use of the services provided by Happy Angler. The data regarding purchases, usage, and access are used to analyze and classify the activities of data subject groups and to develop, modify, and target the benefits, offers, and customership content offered to data subjects to increase their attractiveness to the data subjects. The careful customization of services and communication based on the analyses of customer data is an essential part of the Happy Angler customership and the improvement of customer experience. Happy Angler does not perform other automated decisions within the meaning of article 22 of the General Data Protection Regulation of the EU except the verification of credit card information related to online purchases by a payment service provider, which is described in further detail in the payment-related customer information section of the website.
5. Register data content
The register contains the following types of data:
General information, such as
• first and last names
• contact information (postal addresses, telephone numbers, email addresses)
• date of birth (day and month)
• payment instruments and the necessary information related to them
Information related to customership or other relevant contexts, such as
• user IDs and passwords to the electric services provided by the controller
• measures related to the management and maintenance of customership
• contact and communication related to customership, such as recordings of customer service phone calls, feedback, complaints, including information related to product warranties
• information related to invoicing and collections
• consent and restrictions regarding direct marketing and other necessary information related to the exercise of the data subject’s rights
Information related to the usage of and access to customership and services, such as
• interests specified by the data subject
• marketing measures targeting the data subject, their use, and the information provided in said context
• product-specific purchase information regarding the data subject
• information regarding the usage of and access to content and elements related to the services provided by Happy Angler, the website, communication or other relevant contexts
• content produced by the data subject for the services (such as product reviews) and the related data
• technical information sent by the browser of the data subject to the server of the controller (such as IP address, browser, browser version)
• cookies sent to the browser of an identified data subject and the personal data related to them – information regarding the use of anonymous cookies is provided separately on the Happy Angler website.
Information regarding modifications to the data specified above.
6. Standard sources of information
The data subject while providing and updating their personal data in the stores of the controller, in online services, in the context of marketing and other measures performed by the controller or in customer service interfaces.
Information regarding the data subject’s purchases, use of services, and behavior is collected from the point of sales systems of the controller and the electronic systems of the controller.
Personal data may also be collected and updated from the registers of the controller and companies belonging to the same group with it at any given time as well as from authorities and businesses that provide services related to personal data.
7. Disclosure, transfer, and removal of data
Data may be disclosed within the limits of currently effective legislation, for example, for such marketing purposes by partners carefully selected by the controller that support the purpose of the register and to produce targeted and interesting content to the data subjects. Partners do not have the right to further disclose the data they have received.
Personal data is only stored for as long as it is justified within the context of processing purposes under the regulations. The personal data of online store customers who have not registered as Club members will be deleted after four years from the last transaction at the latest. The data for customers who have ended their Club membership will be deleted with consideration to warranty, complaint and other similar periods, however at the latest after four years from the last transaction. However, the controller may transfer data included in the customer register into their direct marketing registers maintained under article 6(1)(f) of the General Data Protection Regulation of the EU after the customership and relevant context has ceased to exist.
Personal data is primarily processed within the EU/EEA. Due to the technical implementation of the data processing, personal data is also transferred to third-party subcontractors of Happy Angler. Happy Angler ensures the necessary level of protection for personal data as required by the General Data Protection Regulation of the EU. Partners of Happy Angler who transfer personal data to the United States are certified under the Privacy Shield data protection scheme.
Security of the file
The databases related to the register are protected by firewalls, passwords, and other technical measures against external data breaches. The databases and backup copies thereof are stored in locked facilities.
Only identified employees of the controller and companies working on its behalf and account that comply with the General Data Protection Regulation of the EU have access to the data stored in the register using a personal access right issued by the controller.
9. Rights of the data subject
Under the General Data Protection Regulation of the EU, the data subject has the right to verify the information stored in the register regarding them. Written and signed verification requests must be delivered to the person in charge of matters related to the register. The verification request may also be issued to the controller in person. The members of the Happy Angler Club have constant access to the general information regarding customership and their purchase history on their Club pages.
The data subject has the right to prohibit the processing and transfer of their data for direct marketing purposes by contacting the controller. The right of prohibition does not apply to customer communication related to the customership or advertising and communication regarding benefits included in the content of services that require registration or other explicit subscription.
Under the General Data Protection Regulation of the EU, the data subject has the right to request the rectification of inaccurate personal data or the restriction of data processing, the right to request that their data is deleted when basis for processing does not exist, and the right to obtain the data regarding them they have provided based on contractual or consent-based processing in electronic format (transferability of data). Requests related to the rights of the data subject are issued by contacting the controller.
The data subject has the right to issue a complaint to the data protection agency if they consider that the processing of their personal data breaches the General Data Protection Regulation of the EU. If a request related to the enforcement of a data subject’s rights is manifestly unreasonable or without basis, it can be refused or a fee corresponding to the cost of its implementation may be charged.