Privacy Policy
Amos Rex Shop online store privacy policy
This privacy policy applies to the personal data of customers of the Amos Rex Museum Shop. In this statement, we explain how and in what way we process your personal data when you purchase products through our online shop.
Data controller
Name: Amos Anderson Glaspalatset AB / Amos Rex
Business ID: 2137480-2
Mannerheimintie 22-24, 00100 Helsinki, Finland
Name of the register
Customer register of Amos Rex Shop
Contact person for matters relating to the register
Kristiina Syssoev Store Manager, kristiina.syssoev@amosrex.fi
Amos Rex Shop, Mannerheimintie 22-24, 00100 Helsinki, Finland
Purpose and legal basis for processing personal data
We collect your personal data in order to charge and deliver the products you have purchased. The personal data collected will be used for the purposes of the Amos Rex Shop online shop. We use your data when you purchase products so that we can:
process and deliver your order
support the site's user experience
receive payment
provide customer support
The legal basis for processing personal data is the execution of a contract. We process your personal data in order to complete a transaction to deliver your order.
To the extent that we process your personal data for marketing purposes, we will always ask for your consent to do so. Consent can always be withdrawn.
Sources of data
Amos Rex Shop collects the personal data processed directly from customers.
Personal data processed
We collect the following information from the registered for the purpose of purchasing a ticket: first and last name, address, telephone number, e-mail address, information on processed orders.
Protection of the register and security measures
Amos Rex is committed to maintaining sufficient security measures to protect personal data in all its activities.
Digital content will be stored in the environment of the service provider. The service is protected by personal passwords and data is transmitted using secure data transmission connections.
Users' access is limited either to viewing only or to updating the data to the extent required by their specific job duties.
Recipients of personal data
The recipients of personal data are the third parties, i.e. the data controllers and processors, to whom the personal data contained in the register are transferred or disclosed.
As we use service providers as partners, we have ensured that all our service providers comply with data protection legislation. We regularly use the following service providers to process personal data:
MyCashFlow (e-commerce platform provider)
Paytrail (payment system provider)
The above mentioned processors are subject to the agreements required by the GDPR.
Personal data may be disclosed to our partners for marketing purposes, provided that the data subject gives his or her explicit consent on our website. This consent can always be withdrawn.
Transferring personal data outside the EU/EEA
Personal data will not be transferred outside the EU/EEA.
Storing and removing of personal data
We will keep the data obtained from ticket sales for 10 years. We will only retain your data for the purposes set out in this policy and for legal purposes binding on us that require us to retain the data. We will securely delete your data when we no longer need it for these purposes in accordance with our company policy.
Disposal will be carried out by technical means and backups will also be destroyed after a specified period.
Automated decision making and profiling
Amos Rex does not use data for automated decision-making or profiling.
Rights of the registered
The registered has the right to see the saved data on them, demand the correction of possibly false data and completion of incomplete data and to be removed if there is no legal basis for storing the data. The registered also has the right to request for their data to be limited, oppose the processing of their data and the right to transfer their data from one system to another.
The data controller may ask for the presenter of the request to prove their identity. The data controller shall respond to the customer within the time frame stipulated by data protection legislation (primarily within a month).
All data check and correction requests shall be made to the contact person in charge of register matters mentioned at the start of this document.
Complaint right
The registered has the right to file a complaint to the supervisory authority if they find that their data has been mishandled. The supervisory authority in Finland is the data protection ombudsman.
This Privacy Policy was last updated on 10.12.2020.