Version 1.3 – Last updated 24.09.2020
Contact information can be found at the end of this document.
1. What is personal data?
Personal data is information that can be linked to an individual directly or indirectly. Examples include names, addresses, phone numbers, ID numbers, email and IP addresses, or a combination of these which makes it possible to identify an individual.
All use of personal data is considered processing of personal data, including collection, registration, compilation, storage and transfer, or a combination of these.
Biltema Finland Oy, hereafter Biltema, is the controller of personal data that is processed in conjunction with the use of our services and products, as well as personal data that we collect and process for the purposes described in this document. That Biltema is the personal data controller means that Biltema assumes responsibilities and obligations pursuant to the EU's General Data Protection Regulation (GDPR).
All processing of personal data is carried out in accordance with applicable data protection laws.
2. How do we collect information about you and how is it used?
The only information we have about you is information that you provide when creating an account with Biltema or data that is generated when you use our services. This includes page views and information about your device. In addition, we occasionally receive data from other sources and partners. The personal data to which we have access is primarily used to formulate agreements with you, but also to understand and improve our services, optimise our range, create personalised page views, store statistics, understand market trends, and personalise advertisements.
Pursuant to applicable data protection laws, personal data may only be collected for "specific, explicitly stated, and justified purposes". Personal data may not be processed in way that does not conform to these purposes. Furthermore, pursuant to data protection laws, there must be grounds for processing personal data, i.e. a lawful basis.
In order for us to lawfully process your personal data, one or more of the following grounds must exist:
- processing is necessary for us to fulfil our contract with you,
- processing is necessary for us to fulfil our lawful duties (i.e. if we have a legal obligation to do something according to the law),
- processing is necessary for Biltema's legitimate interests provided that your interests for protection do not override these, or
- in specific cases, after you have consented to the processing in question.
In order for us to provide our services and products to you, we need to handle and process your personal data. The purposes for which we process your personal data and the lawful basis for doing so are described in examples below.
Certain personal data processing may require consent as a lawful basis. In such cases, we will request your consent for the processing in question before any processing commences.
Information is collected in several different ways:
Information that you provide to us and information that is collected through the use of services as follows:
Applying for a Biltema card
When you apply for a Biltema card, you provide personal data such as your name, ID number, email address, phone number, annual income and employer. The service is provided in partnership with Resurs Bank AB, which serves as the personal data controller of this information and therefore also the owner. No personal data concerning the Biltema card is saved by Biltema, and enquiries pertaining to the Biltema card must be addressed to Resurs Bank AB.
Biltema serves as an agent for Resurs Bank AB when a member of staff in a Biltema store assists a customer with an application via the store's online application Butiksservice with immediate approval/denial.
Purchase from online store
When you purchase on Biltema Online, you provide information such as your name, phone number and email address. The information together with order history, is stored in our database, primarily to provide the service you have ordered but also to improve our services and to be able to present relevant products to you, as well as to handle any possible claims. If you are logged in with your account the order history is saved to your account.
Purchasing electronic gift vouchers
When you purchase an electronic gift voucher from us, you provide information such as the name, phone number, and email address of both the giver and recipient of the digital gift voucher, payment card details and, if required, a photo. The information is stored in our databases mainly in order for us to provide the services ordered, but also to improve our services and to combat fraud. Biltema itself does not save any payment card details; the purchase is processed by Resurs Bank AB. Resurs Bank will also save your address. Personal data is only processed in order to complete the transaction.
Use of the recommendation program for vehicle registration numbers
When searching for spare parts, you can select to provide your vehicle registration number to make it easier to find spare parts relevant to your vehicle. In order to provide this service, we maintain a database of Nordic vehicle registration numbers, through which the search is performed. We do not save your registration number when you perform a search, and the database is only used to be able to match our products to your needs.
When you subscribe to our newsletter, we save your name and email address in order to send out the newsletter to you. The information is stored in our databases mainly in order for us to provide the services ordered, as well as to provide you with relevant offers and information about special offers and promotions. Personal data is only processed in order to distribute the newsletter. We utilise a third party to distribute our newsletter.
When you have ordered catalogue from Biltemas website, your name, e-mail address, address and zip code will be stored to our database only for sending catalogues. In storing information Biltema co-operates with Netlife Dialog AS (former Bring Dialog). The agreement between Biltema and Netlife Dialog AS moderates how Netlife Dialog AS handles information given by customer. Information will be used only for delivering catalogues.
Contact with Customer Service
We save information when you contact us, such as when you send an email, contact us by telephone or through one of the features on our website or via social media. We do this so as to save your enquiry.
Video surveillance (CCTV)
Biltema strives to be a safe place for our employees and customers. For this reason, we use CCTV in our stores. The purpose of CCTV is to prevent, detect and investigate crimes.
We save CCTV video for up to 30 days, after which it is automatically deleted. The data is only processed to ensure the safety and security of our customers and employees, and to prevent, detect and investigate crimes. This processing is necessary in terms of Biltema's legitimate interests. CCTV video is not shared with other businesses.
Biltema reserves the right to save CCTV video for a longer period if there is a suspicion of impropriety and will hand over the video to authorities upon request.
Returns and claims
When making a return or claim in our stores, we will ask you for your name, phone number, as well as your email address if making a damage claim. We request this information so as to be able to contact you if you have returned a product for repair, or for documentation requirements from authorities in conjunction with monetary compensation, and to be able to process your damage claim. The information is stored locally in the store and in our databases in order to combat fraud. The data is not shared with any other companies.
Information collected through the use of our services
When you make a purchase and use our services, we record information pertaining to which products you have purchased and which products are of interest to you. This makes it possible for us to improve our services, combat fraud, and personalise content and advertisements according to your interests and patterns of use.
The information can be categorised as follows:
Technical data about your device and internet connection
By means of service logs and other tools, we record information about your device and connection to our services, e.g. operating system, web browser, IP address, network operator, cookies, and unique identification files.
If advertising ID is activated on your Android or Apple device, this information is sent from our app for personalised advertisements. Example of use: customisation of our services for the device you are using so that you, for example, access the mobile version of our website when using your mobile phone.
Information about position
We record your geographic position based on your IP address or other forms of geolocation. If you consent to sharing your location in our app, your GPS position will be collected when using the app.
Examples of use: display offers in stores near you or provide relevant advertisements based on a position in which you have been.
Cookies and local storage
When you use Biltema's services, cookies and other data are stored locally (hereafter referred to as local storage of data) on your device. These are text files that are stored in your web browser which can be read by our services.
Locally stored data is used to simplify the use of our services and to provide you with relevant information when you visit our website, which improves your user experience. This is also used to gauge traffic on our website, collect statistics, track behaviour to formulate target audiences for marketing, simplify advertisement management, and to improve our services.
Information from other sources
We receive information from other sources, such as measurement tools or other third-party tools, which help us or the other party to understand user activity and preferences, or to improve the service we offer in general.
3. Storage duration periods
Biltema does not store personal data longer than is necessary to fulfil the purpose of the processing and our legal obligations (for example rules given by Bookkeeping law and other laws)
4. With whom is personal data shared?
Biltema Birgma Group
In certain cases, we use a personal data assistant for the processing of personal data, e.g. in order to enter into contracts or provide services. In such cases, Biltema implements the requisite measures to ensure that the personal data assistant processes the personal data pursuant to our stipulations and in accordance with applicable laws, and we require adequate security measures to be in place.
Personal data may also be shared with various authorities as required by law.
Transfer to a third country
In general, we do not transfer customer information to countries outside of the EU/EES (so-called "third countries"). In the event that this is necessary, we implement appropriate security measures and ensure that the transferred personal data is processed pursuant to applicable data protection regulations. We ensure that the provider enters into a legal agreement with us in which they undertake to adhere to decisions approved by the EU Commission concerning the protection of personal privacy.
If suspicions arise that a crime has been committed in conjunction with the use of Biltema's products or services, the information may be shared with authorities upon request.
We implement appropriate technical and organisational security measures, conforming to industry standards, to ensure that all the information we process is protected from being accessed by unauthorised parties. Only a limited number of employees has access to the information about you, and the way in which they process the information is strictly controlled.
We have implemented technical and organisational measures to protect your information from loss, manipulation, and unauthorised access. We regularly adapt our security measures in line with technological progress and development.
6. Your rights as a registered data subject
Pursuant to the EU's General Data Protection Regulation, you have the right to know what we do with your personal data, such as when, how and why your personal data is processed. Furthermore, you have the right, in certain cases, to access your personal data or have it moved, rectified, erased, or restricted. If, for any reason, we cannot fulfil your wishes, we will provide justification for our failure to do so. Note that we can only provide information that we indubitably know belongs to you.
Your rights are listed below along with how you may exercise them.
Pursuant to the General Data Protection Regulation, as a private person you have a host of rights. Your rights are as follows:
- You have the right to be informed of the personal data Biltema processes about you.
- You have the right to have the personal data Biltema processes about you rectified and updated.
- You have the right to request the personal data Biltema processes about you be erased. If you wish for your personal data to be erased, Biltema will delete all personal data that Biltema is not required by law to save.
- If the processing of personal data is based on consent provided by you, you have the right to withdraw your consent, which means that processing will then cease, except in cases where Biltema has a legal obligation to process the personal data.
- It is important for us that the information we have about you is accurate and up-to-date. If you discover any discrepancies in your personal data, we request that you contact us in order for this to be rectified.
All communication pertaining to your rights will be in writing. To exercise your rights as a registered data subject, use this link: gdpr.biltema.fi.
User data settings in our app
You can, at any time, make changes to data processing in our app via the telephone's settings. You can activate and deactivate notifications, activate and deactivate search history, turn GPS data for location services on and off. This can affect possibilities for receiving notifications and location-based services and offers.
You can select whether to accept local storage of data through your browser settings. Here you can normally specify whether you accept cookies from the websites you visit, from third parties linked to the websites, and whether you wish to be notified each time a cookie is saved.
The exact procedure will depend on your device and the web browser you use. More information about cookies can be found here.
If you feel that our processing of your personal data contravenes the General Data Protection Regulation, you should report this to us as soon as possible. You are also able to contact the Data Protection Ombudsman and file a complaint.
All communication pertaining to your rights will be in writing. To exercise your rights as a registered data subject, use this link: gdpr.biltema.fi
7. Our analysis tools
We utilise analysis tools to collect information on how our services are used. For example, we calculate the number of visitors, which pages are visited, the duration of each visit, and similar.
Statistics about users and traffic are chiefly used in an aggregated form, which is why the statistics do not contain any type of information that can be linked directly to you as an identifiable person.
However, information on products purchased is linked to personal information in certain contexts in order for us to provide better customer service and targeted communication, such as in our customer management system and analysis system for sales pages. IP addresses and geodata are used to create statistics based on geographic criteria.
8. Personal data of children
Biltema does not collect or process the personal data of children under 16 years of age. If a child under the age of 16 provides us with personal information, we will delete this information as soon as we become aware of its existence. Parents/guardians can contact us as indicated below.
Information about changes is communicated on our website www.biltema.se/en-se as well as via the relevant services.
10. Contact information
Biltema has elected to appoint a data protection officer (DPO) who will be involved in all questions concerning the protection of personal data. It is the responsibility of the DPO to inform and offer advice in actual cases, as well as to assess whether the business complies with the GDPR in general.
Biltema has also elected to make the DPO the contact person for all internal and external communication concerning the processing of personal data.
Biltema Suomi Oy (y-tunnus 1560844-9)
All communication concerning data subject rights, i.e. requests pertaining to your personal data such as access, rectification, erasure, portability, processing restriction, must be carried out via the following link: gdpr.biltema.fi.