1. Data controller and its contact details
Berner Ltd (hereinafter “Berner”) Business ID: 0107011-5
Hitsaajankatu 24, FI-00810 Helsinki
Switchboard tel. +358 20 791 00
Email address: email@example.com
2. Name of the register
Berner Ltd’s customer register
3. Purposes of processing personal data
The purposes of processing personal data are:
- customer service as well as managing and developing customer relationships
- handling orders and delivering products
- manufacturing and developing products
- ensuring product safety and quality
- customer communications, incl. newsletters and marketing communications
- tracking and analysing product purchasing behaviour as well as segmenting customers
- developing Berner Ltd’s business operations.
4. Grounds for processing personal data
The processing of personal data is based on a relationship between the customer and Berner Ltd or pre-contractual measures. Business development, customer segmentation and customer communications performed for marketing purposes are based on the legitimate interest of the data controller. Processing of personal data may also be based on the consent of the data subject with regard to the customer’s personal characteristics, possibly relating to the state of health.
Profiling is performed based on purchasing behaviour in order to be able to provide customers with targeted marketing communications. Data subjects have the right to withdraw their consent given for newsletter or other marketing communications purposes at any time by using the unsubscribe link provided in these emails or by contacting the data controller.
5. Data content of the register
Depending on the product acquired by the customer, some or all of the following personal data are stored in the register:
- first and last name (regarding corporate customers: the contact person of the company)
- postal address
- phone number
- email address
- customer’s order history
- individuals’ personal characteristics, such as skin or hair type or eyesight, related to the use of cosmetics and hygiene products or instruments
- data concerning the customer’s pet related to the use of products related to the wellbeing of animals.
6. Recipients or recipient groups of personal data
Berner Ltd may disclose personal data as required by claims from competent authorities or other parties, in accordance with the applicable law. No data is disclosed outside the European Economic Area (EEA).
7. Personal data retention periods
As a general rule, personal data is retained for as long as necessary for the fulfilment of the purposes described in this privacy statement or other statutory obligations, such as obligations related to the Finnish Accounting Act. Also, the context in which and the purpose for which your personal data was collected, affect the retention period of your data.
8. Personal data sources
Personal data is collected directly from the data subject in connection with purchasing a product.
9. Rights of the data subject
Data subjects have the following rights:
- right to obtain a confirmation as to whether their personal data is being processed by the data controller and, where that is the case, inspect data concerning them that has been recorded in the register
- right to request rectification of their personal data
- right to request erasure of their personal data (the request shall be performed provided that there is no legal impediment to the erasure, such as the Finnish Product Liability Act)
- right to object to processing of their personal data for direct marketing purposes
- right to request restriction of processing of their personal data or otherwise to object to processing of personal data
- right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes law.
For requests related to personal data, please use the personal data form: https://www.berner.fi/en/contacts/contact-us/?form=personal-data
10. Principles of data protection of the register
The data in the register is stored in information systems that are protected by technical and organisational means, such as firewalls and passwords. Only pre-determined people have access for processing personal data.