Skip to content

Privacy policy

ROLLING CHEESE OY – PRIVACY NOTICE FOR CUSTOMER REGISTER

CONTROLLER

Rolling Cheese Oy
Business ID: 3192789-6
Museokatu 20–22, 00100 Helsinki, Finland
Tel. +358 50 539 5067

CONTACT PERSON FOR DATA PROTECTION MATTERS

Nelli Steer
Email: info@rollingcheese.fi

NAME OF THE REGISTER

Customer Register

PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

Personal data is processed for the purpose of managing and maintaining customer relationships and for invoicing.

This privacy notice applies to personal data provided by customers when placing an order in our online store, creating a user account, subscribing to our mailing list, or acting as an invoiced customer in our physical stores. The notice applies to both private and business customers.

The customer register contains only data provided by the customer. Personal data may be processed in connection with orders, deliveries, complaints, invoicing, debt collection, business development, reporting, marketing, and other activities related to maintaining the customer relationship.

Personal data may be disclosed, within the limits permitted by applicable data protection legislation, to Rolling Cheese’s subcontractors and partners acting on our behalf. An example includes external logistics providers. Data is not sold or disclosed to unrelated third parties.

DATA CONTENT OF THE REGISTER

The register may include the following information:

  • Customer name

  • Company name

  • Email address

  • Billing address

  • Shipping address

  • Telephone number

  • Order details

  • Order history

REGULAR SOURCES OF DATA

Personal data is primarily collected directly from the customer when they enter information into the Rolling Cheese online store while placing an order or creating an account. Customers may also provide or update their information in-store, by email, or by telephone.

TRANSFERS OF DATA OUTSIDE THE EU/EEA

Customer data may be transferred outside the European Union or European Economic Area where permitted by law. Such transfers take place only for the purposes described in this notice and always in accordance with applicable data protection legislation.

Where data is transferred outside the EU/EEA, appropriate safeguards are implemented in accordance with EU data protection requirements, including mechanisms approved by the European Commission.

DATA SECURITY

Access to personal data is restricted to employees who require such access in order to perform their duties. The register is stored electronically and protected by appropriate technical and organisational measures, including firewalls and access controls.

Access requires a personal username and password.

RETENTION PERIOD

Personal data is retained for the duration of an active customer relationship and for five (5) years thereafter.

Personal data may be deleted earlier upon a specific request by the data subject. After the retention period expires, data is manually removed from all systems in which it is stored.

PROFILING AND AUTOMATED DECISION-MAKING

Rolling Cheese may process personal data for profiling purposes. Profiling may involve creating a customer identifier that enables the combination of data generated through the use of services.

Profiles may be compared with profiles created for other customers. The purpose of profiling is to analyse demand, understand customer behaviour, and ensure relevant communication. Profiling may be used, for example, to tailor communications based on order history.

Rolling Cheese does not carry out automated decision-making that produces legal effects concerning the data subject.

RIGHTS OF THE DATA SUBJECT

1. Right of access
Data subjects have the right to access the personal data stored about them in Rolling Cheese Oy’s customer register.

Customers may review their data by logging into their online account. Access requests may also be submitted as described under “Contact”.

2. Right to rectification, erasure, or restriction
Data subjects must correct, delete, or update inaccurate, incomplete, or outdated information where possible without undue delay.

Customers may update or delete their data via their online account. Where this is not possible, a request may be submitted as described under “Contact”.

Data subjects also have the right to request restriction of processing, for example while awaiting a response to a correction or deletion request.

3. Right to object and direct marketing opt-out
Data subjects have the right to object to processing, including profiling, based on their particular situation where processing is based on the customer relationship.

Objections must be submitted as described under “Contact” and must specify the grounds for objection. Rolling Cheese may refuse such requests where permitted by law.

Customers may give or withdraw consent for direct marketing on a channel-by-channel basis, including profiling for marketing purposes.

4. Right to data portability
Where data has been provided by the data subject and is processed based on consent or contract, the data subject has the right to receive that data in a machine-readable format and to transfer it to another controller.

5. Right to lodge a complaint
Data subjects have the right to lodge a complaint with the competent supervisory authority if they believe their personal data has been processed in violation of applicable data protection laws.

6. Other rights

  • Withdrawal of consent: Where processing is based on consent, the data subject may withdraw consent at any time.

  • Right to be forgotten: After the customer relationship ends and where there is no legal basis for further processing, the data subject may request deletion of their personal data.

  • Right to be informed of a data breach: Data subjects have the right to be informed without undue delay of a personal data breach that is likely to result in a high risk to their rights and freedoms.

Notification of a data breach may be made directly to the data subject or, where appropriate, through public communication channels. Any contact details provided to Rolling Cheese may be used for such notification.

CONTACT

For all questions relating to personal data processing or to exercise your rights, please contact Rolling Cheese Oy in writing by email at:

info@rollingcheese.fi

Please clearly state in the subject line:
“Data Subject Request / Rolling Cheese Oy”

Requests must clearly specify the data or processing activities concerned. Rolling Cheese may request additional written clarification and will verify the identity of the requester before taking action.

Requests relating to data subject rights will be fulfilled within one month of receipt. If a request is particularly complex or extensive, Rolling Cheese may extend the response period by up to two additional months as permitted under the GDPR. In such cases, the requester will be informed within one month of receipt.

Rolling Cheese may refuse requests that are manifestly unfounded or excessive, particularly repetitive requests. Exercising data subject rights is generally free of charge; however, a reasonable administrative fee may be charged for repeated requests.

Updated November 2024