PRODUCTS DIRECTLY FROM STOCK!

Privacy policy

1. Register description

Date of preparation 24.5.2022

1.1. Controller

US Eagle Oy
Sellukatu 15
33400 Tampere

Business ID: 2769728-2 / VAT: FI27697282 / FINLAND

1.2. Person responsible for register matters

Jan Eriksson / US Eagle Oy
Sellukatu 15
33400 Tampere

1.3. Name of the register

US Eagle Oy's online store user register

1.4. Purpose of processing personal data (purpose of use of the register)

US Eagle Oy processes personal data to manage customer relationships, administer, analyze and develop services such as online services or a client program. US Eagle Oy may utilize the location information of the user's terminal device to provide location-based service components and to display targeted advertising. The user of the mobile service can cancel the use of location data in the settings of the terminal device and application.

US Eagle Oy may use personal data for customer communication and marketing purposes, including direct advertising, distance selling and other direct marketing, as well as market and opinion surveys, however, taking into account the requirements set by law, e.g. consent. Customer communication and services offered to the customer can be segmented and registered customers can be profiled based on, for example, the customer's purchase history or interest information. The information may be provided by the customer, or it may be collected based on the use of the online service.

US Eagle Oy may also use personal data to process and respond to customer feedback.

In addition, US Eagle Oy may use personal data for the planning and implementation of the controller's business.

1.5. Legal basis for processing

US Eagle Oy's right to process the customer's personal data is mainly based on an agreement between US Eagle Oy and the customer, such as a product order and loyalty program.

The processing of personal data is also based on a legitimate interest arising from the customer relationship.

Personal data may also be processed based on consent.

1.6. US Eagle Oy may process the following basic information about all customers (data content of the register):

- first and last name

- postal address

- telephone number

- e-mail address

- year of birth

- personal identification number, when permitted by law (for example, and sales on invoice)

- direct marketing permits and prohibitions.

The following information may also be processed about registered customers/loyal customers:

- information regarding joining as a loyal customer and the termination of the loyal customer relationship

- information about the guardian or other guardian of a minor

- purchase information made while identified as a loyal customer

- information regarding bonus accumulation and other information related to the administration of the bonus system

- loyal customer number and password for the controller's electronic services

- customer communication or direct marketing measures targeted at the customer and information about how the data subject has utilized them.

The following information may also be processed about US Eagle Oy's online store customers and users of the online service www.us-eagle.fi and mobile service:

- information regarding the delivery method and payment method, including the delivery address (if different from the subscriber's information)

- information related to customer communication, including feedback, complaints and calls with customer service
information related to payment, invoicing and collection

- information and technical information regarding the use of US Eagle Oy's online services obtained through cookies or other similar technologies

- information regarding content created by the customer or other activities in the online service, such as updating their own information or product reviews.

1.7. Regular data sources

US Eagle Oy collects personal data mainly from the customer themselves, for example, when the customer registers in various service channels. Cookies and other technologies can be used to form browser audiences from logged-in users in electronic services, from which, however, an individual user cannot be identified. In addition, US Eagle Oy may collect and update personal data from authorities and companies that provide services, such as the population information system and other commonly used address registers.

In order for US Eagle Oy to be able to provide customers with online services, it must process customers' personal data. If the Customer does not want to provide their personal data marked as mandatory in online forms to US Eagle Oy, US Eagle Oy will not be able to provide the service to the Customer.

1.8. Regular data transfers and data transfers outside the EU or the European Economic Area

Personal data is not regularly transferred to third parties or transferred outside the EU or the EEA.

The processing of personal data has been outsourced to selected service providers, such as companies that handle order deliveries and invoicing or companies that carry out direct marketing. With these subcontractors, your data security has been ensured in the manner required by law, such as by drawing up personal data processing agreements.

We transfer personal data outside the EU or the EEA. When personal data is processed outside the EU or EEA, we ensure that the subcontractor is committed to the EU Commission's model clauses for the processing of personal data and/or is covered by the Privacy Shield protection scheme or the Commission has deemed the country to have an adequate level of data protection.

Otherwise, personal data may only be disclosed within the limits permitted and required by applicable legislation.

1.9. Principles of register protection

The user register information of US Eagle Oy's online store is stored in the registrar's system. Access to the system requires entering a username and password. The system is also protected by firewalls and other technical means. Only certain, predefined employees of the registrar have access to and are authorized to use the information contained in the register stored in the system. The information contained in the register is located in locked and guarded premises.

1.10. Retention period of personal data

Personal data may be stored for as long as necessary for the purposes of processing personal data or to comply with the registrar's statutory obligations. Personal data in the customer register is deleted when the period for filing claims and complaints related to a specific customer relationship or service has expired. This period is typically ten (10) years. Personal data contained in a customer account is generally stored as long as the customer account is valid. A customer account may be deleted if it has not been used for 24 months. We will retain information processed for marketing purposes for an indefinite period.

1.11. Security of personal data processing

Personal data is stored in the controller's electronic system, which is accessible only to certain, predefined persons belonging to the controller's staff or acting on its behalf, who need access to the system due to their work duties or other similar reasons. The system is protected by firewalls and other technical means.

US Eagle Oy strives to protect the personal data processed by reasonable means at its disposal, such as firewalls and other technical means, from unauthorized access to data and other unlawful processing.

1.12. Customer rights

Right to access data

The customer has the right to receive confirmation from the controller whether personal data concerning him or her is being processed. The customer also has the right to receive a copy of the personal data concerning him or her and information on the processing of personal data in accordance with the General Data Protection Regulation.

Right to rectification

The customer has the right to request the controller to rectify inaccurate and incorrect data concerning the data subject without undue delay. The customer also has the right to have incomplete personal data completed. If a regular customer has access to their own data, they must primarily ensure the accuracy of their data by correcting their data themselves by logging into their data in the online service.

Right to erasure

The customer has the right to have the controller delete personal data concerning the data subject without undue delay if:

the personal data are no longer needed for the purposes for which they were collected or for which they were otherwise processed;
the data subject withdraws consent if the processing was based on consent
the data subject objects to the processing of their personal data on grounds relating to their particular personal situation and there are no legitimate reasons for the processing or the data subject objects to the processing of their personal data for direct marketing purposes;
the data subject has processed the personal data unlawfully; or
the personal data must be erased in order to comply with a legal obligation to which the controller is subject.
the data concerning the data subject were collected when the data subject was a minor.
The customer has the right to obtain from the controller restriction of the processing of personal data such that, in addition to storage, the personal data may only be processed with the customer's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another person if:

the data subject contests the accuracy of the personal data, in which case the processing shall be restricted for the period during which the accuracy of the data is verified;
the controller processes the personal data unlawfully and the data subject objects to the erasure of the personal data and requests the restriction of use of the personal data instead;
the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
the data subject has objected to the processing of his or her personal data on grounds relating to his or her particular situation and is awaiting a determination as to whether the legitimate interests of the controller override the grounds for the Customer's objection.
If the data subject has provided the personal data to the controller, the data subject shall have the right to receive those personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller, where:

the processing is carried out automatically; and the processing is based either on the Customer's consent or the processing of the Customer's personal data is necessary for the performance of a contract or in order to take steps prior to entering into a contract at the Customer's request.

The right to transfer data from one system to another is limited to a procedure that does not adversely affect the rights or freedoms of others.

Right to withdraw consent

To the extent that the processing is based on the consent given by the Customer, the Customer has the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.

Exercise of rights

A request to exercise rights must be made in writing and must be signed. Alternatively, the request can be made in person at the data controller. If necessary, the data controller may request additional information from the data subject to confirm identity.

If the Customer's requests are manifestly unfounded and unreasonable (e.g. less than one year has passed since the previous request for access to the data), the data controller has the right to charge a reasonable fee for the execution of the request.

1.13. Right to object to the processing of data for direct marketing purposes and otherwise

The customer has the right to object to the processing of his/her personal data for direct marketing purposes and for market and opinion research. The processing of personal data for direct marketing purposes and for market and opinion research purposes will be terminated after exercising the right to object.

The customer has the right to object to the processing of his/her personal data on grounds relating to his/her particular personal situation, if there is no justified reason for the processing.

A ban on direct marketing can be made when doing business in the online store, when becoming a loyal customer, using the ban link provided in the newsletter or by otherwise contacting the controller. A loyal customer can make a ban by logging into his/her own customer information in the controller's online service.

For specific personal reasons, the customer also has the right to object to profiling and other processing operations concerning him/her when the processing of the data is based on US Eagle Oy's legitimate interest. In connection with the request, the customer must identify the specific situation on which the objection is based. US Eagle Oy may refuse to implement a request for objection only on grounds provided for by law.

If the Customer wishes to object to the processing of data also for purposes other than direct marketing, the request must be submitted as described above.

Right to lodge a complaint with a supervisory authority

The customer has the right to lodge a complaint with a supervisory authority, in particular in the Member State where the customer has their habitual residence or place of work or where the alleged infringement has occurred, if the data subject considers that the processing of personal data has infringed the customer's rights under the Data Protection Regulation. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.

Changes to the Privacy Policy

If US Eagle Oy changes this Privacy Policy, the changes will be posted on the policy with the date. If the changes are significant, US Eagle Oy will also inform you of these changes in other ways, such as by email or by posting a notice on its website. US Eagle Oy recommends that customers visit the website regularly and take note of any changes to the policy.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement