1. Data controller
Dollydust Oy (ID FI28135417)
2. Name of the personal data file
Dollydust Oy’s register based on customer relationship
3. What Personal Information do we collect and how we use it?
We only collect Personal Information that is necessary for enabling our customers to create, save and order products made with Dollydust’s book editor and to have access to other services, such as subscribing to Dollydust’s newsletter. We collect information from the data our customers have supplied themselves in their accounts and from the orders they have placed. We also collect Personal Information when a customer participates in contests and similar promotions. The following types of information are processed in the personal data file:
Basic information of the data subject, such as
- First and last names
- Contact information
- Country of residence
- Payment method used. We do not have access to or collect any data from the PayPal or credit card information of our customers, as the payments are processed by PayPal (www.paypal.com) and Stripe for credit cards (www.stripe.com).
Information related to customer relationship and other relevant connection, such as:
- Identification data related to the use of services (e.g. customer number, user ID and passwords)
- Date of the beginning of the customer relationship
- Data on purchases made as an identified customer (e.g. purchases in online store)
- Use of services (e.g. subscription to newsletter or reminders)
- Benefits and campaigns targeted at the data subject and their use
- Information related to invoicing and collection
- Interests and other information entered by the data subject themselves (e.g. for reminders)
- Communication related to customer relationship and other relevant connection (such as notices of defect and other feedback and emails with customer service)
- When purchasing a gift card, the gift recipient’s name and contact details in order to be able to link the gift card to the correct person.
- Any images our customers download to Dollydust’s book editor are saved on our servers for as long as book creation is in progress. Images are automatically removed from our servers after 60 days of order delivery and before that our customers can reorder the book they’ve ordered and make modifications to it. Books that have not been edited for more than 10 months will be deleted along with the image files.
We may collect personal information from our customers to allow them to participate in sweepstakes, contests and similar promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose Personal Information.
Other saved data
- Data concerning for instance accounting and consumer transactions required by law may need to be retained for a longer period of time.
- To prevent data loss and to assure security, we are compelled to make backups of our online systems data.
4. Website visitors
Like most website operators, Dollydust collects non-personally identifying information, such as the browser type, language preference, referring site, and the date and time of each visitor request. Dollydust’s purpose in collecting non-personally identifying information is to better understand how visitors use its website. We use tools like Google Analytics to measure traffic to our site and how users interact with our site. At various times, we may use other tools to measure the efficacy of our marketing campaigns. The Google Analytics terms specify that no personally identifiable information may be collected through the Google Analytics software.
5. Emails and newsletters
Our customers can subscribe to our newsletter and reminders for writing a baby book. Instructions for unsubscribing is provided at the end of each email.
6. Co-operation partners and third parties
Our main partners are:
- Payment processing: PayPal (www.paypal.com) and Stripe (www.stripe.com)
- Logistics: Posti Group Corporation: (www.posti.fi/private); and GLS / General Logistics Systems Finland Oy (www.gls-group.eu)
7. Storing and protecting personal data
We maintain a very high level of technical and organisational security across our data centres, processes and online storefront data systems. Our servers are protected against unauthorised access and denial of service attacks.
We protect Databases by computer firewalls. We also use passwords and other technical safeguards to prevent unauthorized access. The databases and manually processed documents are located in locked premises to which unauthorised access is prevented. Access to the data is only provided to such employees of Dollydust Oy or companies working on behalf of Dollydust Oy that require access in order to perform their duties.
In order to create an account and to use our services, our customers need to be at least eighteen (18) years of age, or the age of legal majority in your jurisdiction.
9. How does the GDBR affect customers outside Europe and do we transfer data outside Europe?
10. Revisions and updates
11. Data subject’s right of access, prohibition and rectification
The data subject is entitled to review what Personal Information has been saved in the personal data file and to rectify any possible inaccurate personal data. Our customers are able to access and correct their personal information by signing in to their account. Instructions for unsubscribing newsletter is provided at the end of each email. The data subject can also request personal information to be removed and ask us to terminate their Account.
In order to provide access to the saved data, requesters need to identify themselves appropriately and make a signed request for inspection in writing to our customer support: hello(at)dollydust.com. We will process the request within 30 days of receiving it.