Register description

Privacy statement

Ninja Customer Database Registry Description

This is a register and privacy statement in accordance with the Ninja Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Drafted 21.5.2018.
Registrar

No8nik Oy is the controller and is responsible for the processing of personal data. For this service, you can contact the controller in the following ways:

Ninja / No8nik Oy
Y-2957453-4
Eteläkatu 14
13100 Hämeenlinna

tel. 010-3272700 (call price 8.4snt/min)
Email: customer service@ninja.fi

Contact person for the register:
Ninja / No8nik Oy
Eteläkatu 14
13100 Hämeenlinna

The name of the register

Ninja customer register

The legal basis and the purpose of processing personal data

The legal basis for the processing of personal data in accordance with the EU General Data Protection Regulation is 1) the implementation of the contract, (2) a statutory obligation regarding eg. Accounting Act and Consumer Trade Responsibility, 3) consent or 4) protection of vital interests.

Personal information is used to manage and develop customer relationships, marketing planning and targeting, customer service development. Personal data will also be processed in connection with the customer's contacts, business, customer surveys and other customer relationship management measures.

Information content of the register

Ninja Customer Register processes the information contained in the following groups:

Customer Basic Information:

  • First name
  • Last name
  • Postal address
  • Mobile number
  • Email address
  • Customer Additional Information
  • Marketing permits and prohibitions
  • Customer Customer Care and targeted Marketing Measures
  • Orders
  • Orders Tracking Codes
  • Membership
  • Return and Exchanges
  • Change Information Information Identified above
  • Customer profiling

Regular sources of information

Customer information can be obtained from the customer himself at the time of the order of the Ninja.fi online store and during the customer relationship with the information provided by the customer. In addition, information on customer purchases at the product group level, product returns and exchanges, and customer communications are collected in the register. Personal data may also be collected and updated from the registers of the controller and the companies belonging to the same chain, as well as from authorities and companies providing personal data services.

Data processing

Customer purchasing information will be processed to provide customer orders. Compliance with the contract requires first name, last name, mail address, mobile phone number, email address, customer information, order information, and order tracking codes.

The company has a statutory obligation to retain some information, for example. In order to fulfill the accounting law and the liability of the consumer trade. Such information includes first name, last name, postal address, mobile phone number, email address, customer information, order information, and order tracking codes.

With the customer's consent, the company also collects roads from the customer for electronic direct marketing: first name, last name, email address, order information, consent and language selection.

Due to the bets on possible products, the company collects information from customers: first name, last name, postal address, mobile number, email address, order information, and order tracking codes to protect vital benefits.

Data retention period

Your personal data retention times for Ninja's services are as follows:

  • Purchase History: 10 years
  • Customer Service Events: 10 years
  • Direct Marketing: Information is deleted immediately when a customer resigns from the mailing list
  • Accounting Break: Personal data documentation containing personal data is retained under section 2:10 of the Accounting Act for six years from the end of the calendar year during which the financial year ends.

Your right to cancel your consent

When the processing of your personal data is based on the consent you have given, you can cancel your consent at any time, the processing of your personal information is based on consent, for example, when you have authorized electronic direct marketing. You can cancel your consent by notifying Ninja's customer service or clicking on the cancellation link in the email.

Other rights

You have the right to find out if the registrar will process your personal information on your request. If we process your information, you have the right to obtain a copy of the information we process. If we do not process your information, you have the right to get confirmation here too.

You have the right to repair or supplement your personal information that is incorrect or incomplete for processing.

You may have the right to delete your personal information in certain situations referred to in the Regulation. We will delete the information on your request if the criteria specified in the legislation are met. You have the right to delete your personal information from our system if:

  • Personal data is no longer required for the purposes for which they were collected or for which it was otherwise processed or
  • You have canceled your consent on which the processing has been based and there is no other legal justification or
  • You are opposed to personal reasons, which is necessary to implement the legitimate interests of the controller or the third party, such as profiling;
    • In this case, the controller shall no longer process personal data, unless the controller may demonstrate that there is a remarkably important and legitimate reason for the processing of the benefits, rights and freedoms of the data subject, or if it is necessary to draw up, present or defend the legal claim.
  • personal data has been processed unlawfully;
  • Personal data shall be deleted in order to comply with the statutory obligation of the lawyer under the law of the Member State or the legislative of the Member State;
  • Personal information has been collected from the child in connection with the provision of information society services.

You may have the right to restrict the processing of your personal data. We will restrict processing on your request in the case of situations specified in the legislation. To limit the processing of your personal data if:

  • You dispute the accuracy of your personal information, whereby the processing is limited to the period during which we can ensure their accuracy;
  • The processing is illegal and you are opposed to the deletion of personal data and you will instead require them to restrict their use
  • As a controller, we no longer need that personal data for the purposes of the processing, but you need it to draw up, present or defend a legal claim;
  • You have objected to personal reasons for the processing of personal data, which is necessary either to perform the general interest or exercise the public authority of the controller, or to implement the legitimate interests of the controller or the third party, whether it is verifying whether the legitimate grounds for the recruiters will dispose of.

When the processing of your personal data is restricted, they may only be dealt with, except for the retention, for your consent or the preparation, presentation or defense of the legal claim, or to protect the rights of another natural or legal person or to be important for the general interest of the Union or Member State.

In certain situations, you have the right to transfer your own personal information to yourself or to another controller. The right applies to the personal information you have provided to us and which we process under your consent or implements an agreement in which you are involved. The right applies to information that is processed by automatic data processing. Some of the information is a paper copy and the right is not affected by such documents.

You may have the right to oppose the processing of your personal information. We will stop processing personal data at your request in the case of situations specified in the legislation. To oppose the processing of your personal information:

  • In order to implement the legitimate interests of the controller or the third party, such as profiling, invoking your personal cycle;
    • In this case, the controller shall no longer process personal data, unless the controller may demonstrate that there is a remarkably important and legitimate reason for the processing of the benefits, rights and freedoms of the data subject, or if it is necessary to draw up, present or defend the legal claim.
  • At any time, if your personal information is processed for direct marketing, including pro loring when it is related to such direct marketing.

Exercise of rights

You can send us a request to exercise your rights by email asiakaspalvelu@ninja.fi. Alternatively, you can send the request you signed in person by letter to the address mentioned above.

If the answer contains your personal information, we will provide the information, depending on the incident, either encrypted electronic or as a personal recorded letter. The letter cannot be acknowledged by anyone other than the person who is marked as a newcomer. This will ensure the confidentiality of the correct recipient of the letter.

About personal data recipients

As a controller, he processes personal data himself, but also uses various service providers. The controller strives to use the best and reliable partners and is responsible for the operation of the service providers of their choice when processing personal data.

Ninja uses the following outside services:

  • Shopify
  • Paytrail, Stripe
  • Klaviyo
  • Post, Matkahuolto
  • Facebook
  • Google

Personal data shall be deemed to be transferred outside the EU and EEA areas in connection with the provision of information technology services when the personal data is available (outside the EU and EEA) manual. This transfer has been made with the service provider in accordance with the EU Commission's model contract clauses.

Some authorities also have a statutory access to information. Such authorities include: Police, customs, border guards and tax authorities.
Essential information for service

In order to provide you with the benefits or services mentioned in the agreement, we need to process the personal data necessary to implement the agreement. Such information includes: Name, contact information and information about purchases.

Consent to electronic marketing is not necessary, but without consent, we cannot provide electronic and generally targeted direct marketing.

If you do not allow proprieties, we will not be able to target the marketing messages sent to you. Then you only get general marketing communications, you will not be informed of the products that we could use pro loring to determine that you are interested in.

Information on automatic decision incl. profiling

Profiling refers to the processing of personal data where personal data assesses some of your personal qualities. We profile customers to target marketing. However, we consider that such profiling do not have the legal effects or otherwise significant effects on the subject of profiling.

When registered, you have the right to oppose profiling based on the legitimate interest of the controller on the basis of a personalized basis. You can also oppose profiling at any time to target direct marketing.

Use of data for other purposes

We do not use the information for non -purposes of the purposes stated here. If you later have new uses, we will inform you and inform you about the legal processing criterion or, if necessary, ask you for consent to processing your personal data for new uses.
The transfer of data outside the EU or EEA

Personal data will not be transferred outside the EU or the EEA unless it is necessary due to the technical implementation of the data processing.
The principles of protection of the register

The register is collected only electronically. Ninja's customer register is kept electronically. The customer register is protected by firewalls and other technical means. Only named persons subject to the confidentiality obligation have the right to use and maintain the register information. The register will not be disclosed to bystanders except for technical management measures (eg server or e-commerce platform management).
Appeal

If you consider that we do not process your personal information in accordance with the EU General Data Protection Regulation, you can make a complaint to the supervisory authority in the EU Member State in which your residence or job is or where you consider the breach of the regulations have occurred. In Finland, the authority in question is the Data Protection Officer.