Information regarding the processing of personal data in Rimi e-store

• Which categories of personal data we collect and why

  Creation and administration of your profile in Rimi e-store

  We process your personal data to give you the opportunity to create your personal profile in Rimi e-store, so that you can use the information stored in the profile to place an order in the e-store, to choose to receive information about new offers from Rimi e-store, to view your previous order history, save baskets, save your favourite products and see your usually bought products.

  We process your personal data to administer your registration in Rimi e-store. In order for us to register you and administer your profile, you must provide the personal details required for the conclusion and performance of the contract. In addition to the mandatory fields you will need to enter your date of birth, so that Rimi can verify that you do not already have an account in the Rimi system. Date of birth data will only be used to complete verification; it will not be stored. If you do not provide the necessary personal information, you will not be able to place an order in Rimi e-store. If you are unable to complete any of the required fields, you must contact Customer Support. Your data will be used to assemble and deliver orders to you, contact you, respond to your requests, ensure that your information is accurate and up-to-date.

  For delivery purposes Rimi can use contractors or offer to use the service of other delivery companies to execute express or any other delivery. For these purposes limited amounts of personal data can be shared with our partner who acts as separate data processor or controller, for example, your identity information, contact details, order details and delivery details. If information is shared with other separate data controller, Rimi will provide reference to their privacy policy or privacy statement.

  For the creation and administration of your profile in Rimi e-store we process and store the following data:

  Categories of personal data

  • First name
  • Last name
  • Contact information: e-mail and mobile phone number
  • Your choice of communication channels for marketing messages

  Personal data collected from “Your Rimi” Loyalty programme:

  • First name
  • Last name
  • Date of birth (is only used to verify that you do not already have an account in Rimi systems)
  • Mobile phone number
  • Purchase history
  • Loyalty programme profiling information

  Legal basis

  • To sign and execute a contract with you.

  Retention period

  • See the section “How long will your personal data be stored?”

  We use your first name and last name to identify and validate you at order delivery/collection, to find your order in the case that you contact Customer Support and report issues with your order, to process product returns upon your request.

  We use your mobile phone number to contact you if any issues occur with your placed order, to contact you when delivering your order to your place, and to send the PIN code for order collection. Your mobile phone number could also be used to search for an order or find your profile in our customer database.

  We use your e-mail to inform you of the status of your order (order confirmed, ready for delivery, delivered, cancelled, failed, waiting for pick-up after failed delivery, etc.), send a PIN code for order collection, send newsletters if you have selected it. Your e-mail could also be used to search for orders or find your profile in our customer database.

  Alternatively, you can choose to use your “Your Rimi” Loyalty programme profile by logging in to the Rimi e-store and providing additional information in order to proceed with orders. For the creation and administration of your profile in Rimi e-store we will only process and store the same data from the Loyalty programme as prescribed in the table above. The personal data collected from the Loyalty programme profile will only be used as prescribed above. Please remember that processing of your personal data within the Loyalty programme is still subject to the privacy policy of “Your Rimi” Loyalty programme.

  Logging in with your Loyalty programme profile will enable you to receive benefits that the programme offers through profiling:

  • Personal offers (also on your birthday, children’s birthday);
  • Loyalty card offers;
  • Earn “Your Rimi” money;
  • Earn digital stickers.

  By registering in Rimi e-store, you confirm that the data is accurate and correct and that you are at least 18 years of age. If personal data is inaccurate, you must correct it immediately.

  Order creation for “Guest” customer

  In order to place an order in Rimi e-store it is not mandatory to create a profile. There is also a possibility to check-out as a guest user by providing personal data that is necessary to complete the order.

  Personal data provided as “Guest user” will not be stored as a profile in the Rimi customer database. However, it will be saved and processed along with the order and related documents (for example, invoice, credit note):

  Categories of personal data

  • First name
  • Last name
  • Contact information: e-mail and mobile phone number

  Legal basis

  • To sign and execute a contract with you

  Retention period

  • See the section “How long will your personal data be stored?”

  We use your first name and last name to identify and validate you at order delivery/collection.

  We use your mobile phone number to contact you if any issues occur with your placed order, to contact you when delivering your order to your place, and to send the PIN code for order collection. Your mobile phone number could also be used to search for an order or find your profile in our customer database.

  We use your e-mail to inform you of the status of your order (order confirmed, ready for delivery, delivered, cancelled, failed, waiting for pick-up after failed delivery, etc.), send a PIN code for order collection. Your e-mail could also be used to search for orders or find your profile in our customer database.

  By registering in Rimi e-store as a guest, you confirm that the data is accurate and correct and that you are at least 18 years of age. If personal data is inaccurate, you must correct it immediately.

  To assemble and deliver an order

  Rimi e-store must assemble the order with items that you have ordered, therefore order contents are processed both by the systems and by Rimi employees.

  If you choose Home Delivery:

  If you choose Home Delivery as your preferred delivery method when placing an order, you must enter the address to which the order should be delivered.

  If you are a registered user and have logged in, this address will be saved under your profile. If you wish to delete or add a new address to your profile, you can do so by entering your profile section in Rimi e-store or by contacting Rimi Customer Support and requesting it to be removed. You can also select if you would like this address to be “Default” and always show up as your first choice.

  If you are a “Guest” user, your address will not be saved in the Rimi customer database, but will be saved with your placed order and used in the same way as in the case of a registered user.

  If you choose “Order to Store” as your preferred delivery method when placing an order, you must select the store where you would like to collect your order. This information will be stored with the order only.

  To assemble the order and deliver it to you the following personal data will be processed:

  Categories of personal data

  To assemble the order:

  • Order ID
  • Order delivery time and date
  • Product list and quantities

  To deliver the order to your home address:

  • First name and last name
  • Mobile phone number
  • Order delivery time and date
  • Order ID
  • Address details: street, street number, house number, apartment number, floor number, district, city, post code, address name, GPS coordinates (longitude, latitude)
  • Comments to address
  • Address settings (default or not)
  • Product list and quantities

  To deliver an order at the store or Rimi Drive pick-up point:

  • Selected store name and address
  • First name and last name
  • Mobile phone number
  • Order delivery time and date
  • Order ID
  • Product list and quantities
  • PIN code

  Legal basis:

  • To execute the contract

  Retention period

  • See the section “How long will your personal data be stored?”

  Order details are used to enable Rimi employees to pick your order in bags.

  Listed data to deliver the order to your Home address are used to execute the contract and deliver your order by Rimi couriers to the address you have selected.

  Listed data for “Order to Store” delivery are used to hand out your order when you arrive at the store or Rimi Drive pick-up point.

  All the data mentioned above is also used to inform you about the order statuses via your e-mail and generate the invoice and credit note (order confirmed, ready for delivery, delivered, cancelled, failed, ready for pick-up, refund processed).

  To enable “Order to Store” order collection via car number plate scanning

  A registered customer has the ability to add car number plates to their profile that can be used in Drive pick-up points to recognise that you have arrived to pick up your order. Adding this information to your profile is optional.

  If you wish to delete or add a new car number plate to your profile, you can do so by entering your profile section in Rimi e-store or by contacting Rimi Customer Support and requesting it to be removed.

  To enable order collection via car number plate scanning in Rimi Drive pick-up point, we process and store the following personal data:

  Categories of personal data

  • Car number plate

  Legal basis

  • To execute the contract

  Retention period

  • See the section “How long will your personal data be stored?”

  To process payment of the order

  To create an order in Rimi e-store the customer must complete the payment. There are three payment options available – payment with credit/debit card, payment with Swedbank bank link, payment with SEB Bank bank link. Without completing the payment the customer will not be able to place an order in Rimi e-store.

  The following customer data will be processed and stored along with the order information during payment processing:

  Categories of personal data

  Swedbank and SEB bank link:

  • Payment amount
  • First name, last name
  • Payment description
  • Payment reference number (for returns only)
  • Transaction reference ID
  • Payer IBAN

  Credit/Debit card:

  • Payment description
  • First name, last name
  • Payment card PAN number
  • Payment card scheme
  • Payment card validity data

  Legal basis

  • To execute the contract

  Retention period

  • See the section “How long will your personal data be stored?”

  Rimi e-store website enables registered customers to save their credit card details in their profile, to enable easier future payments. This is not mandatory by Rimi, but optional for the customer. If you wish to delete or add a new payment card to your profile, you can do so by entering your profile section in Rimi e-store. If you save a credit card to your profile, the following data will be stored and processed in the Rimi customer database:

  Categories of personal data

  • Payment card PAN number
  • Payment card token (only if you choose to save the card)
  • Payment card scheme
  • Payment card validity data

  Legal basis

  • To execute the contract

  Retention period

  • See the section “How long will your personal data be stored?”

  Direct marketing

  We process your personal data to send you marketing information/news. For example, to send you an update about the newest items in the assortment, promotional offers or special discounts. Please take into account that marketing information will only be sent to you if you sign up for it during the registration or select to receive them in your profile. To send marketing messages we use e-mail, mobile phone number and social media.

  Categories of personal data

  • First name
  • Contact information: e-mail and mobile phone number
  • Social media

  Legal basis

  • Your consent

  Retention period

  • See the section “How long will your personal data be stored?”

  Management of claims and fraud prevention

  We may process your personal data to defend, establish and exercise legal claims, including to prevent fraud or criminal activity, misuses of our products or services.

  Categories of personal data

  • First name
  • Last name
  • Contact information: e-mail and mobile phone number
  • Address details: street, street number, house number, apartment number, floor number, district, city, zip, address name
  • Comments to address
  • Order ID
  • Order delivery time and date
  • Product list and quantities, prices and promotions
  • Car plate number (for registered users only)
  • Your choice of communication channels
  • Selected “Order to Store” store
  • PIN code
  • Invoice information
  • Credit-note information
  • Payment amount
  • Payment description
  • Payment reference number (for returns only)
  • Transaction reference ID
  • Payer IBAN
  • Payment card PAN number
  • Payment card scheme
  • Payment card validity data
  • Payment card token
  • Other information in relation to a legal claim

  Legal basis

  • Our legitimate interest to prevent fraud or criminal activity, misuse of our products and services and to exercise legal claims

  Retention period

  • Until the legal claim is investigated, settled and implemented.

  Statistical and market research purposes

  We process your personal data for the purposes of reporting and statistics, for monitoring, evaluating, improving and expanding our online services (for example, how many on-time deliveries we have made, how many complaints in Customer Support we have received). For these purposes, we will not process your name, contact information or any other directly identifiable information that may directly identify you as a specific person.

  Categories of personal data

  • Post code
  • City
  • Country
  • Selections in user profile (opt-in to marketing messages, whether credit cards are saved)
  • Orders (product list, quantities, prices, promotions)
  • Order status
  • Choice of delivery method
  • Payment method
  • Selected slot times
  • Pick-up time and delivery times
  • Reason codes for product returns
  • Reason codes for contacting Customer Support
  • Ticket and call count in Customer Support

  Legal basis

  • Processing is necessary to accomplish our legitimate interests and to improve and extend our services.

  Retention period

  • See the section “How long will your personal data be stored?”

  Information Security Purposes

  We keep audits of user activity. We collect and store information when you (or, upon your request, we) access your profile, make changes to your data, or perform other activities in Rimi e-store. This is done to identify potential threats, fraud or illegal activities as well as to maintain consistency and protect systems and data from unauthorised changes. Processing is necessary to fulfil our legitimate interest in ensuring information security.

  Management of customer claims

  To process claims you submit to us through the Rimi e-store contact form, e-mail klienditugi@rimibaltic.com or by contacting Rimi by phone, we must process and store your personal data. For more information on how we process and store your personal data with regard to claims submitted by you, please see Customer feedback/complaint resolution/personal data processing privacy policy.

• From which sources do we collect personal data?

  From you

  We collect the personal data you provide to us regarding yourself when you create the Rimi profile and add additional details for your online shopping, place an order in Rimi e-store and contact us via the Rimi Customer Support or e-store feedback form.

• Sharing of personal data

  Service providers

  To fulfil our obligations towards you, we share your personal data with companies that provide services to us. For example:

  • Data centre services;
  • System development and maintenance services;
  • Customer data analysis services;
  • Direct marketing message sending services;
  • Services related to the marketing activities of the Rimi Loyalty programme.

  Companies providing these services may only process your personal data according to our instructions and cannot use them for any other purpose. They are also required by law and our cooperation agreement to protect your personal data.

  Law enforcement authorities, state and local government institutions

  To fulfil our legal obligations, we may transfer your personal data to law enforcement authorities, state and local government institutions upon their request. We may also transfer your personal data to law enforcement authorities, state and local government institutions in order to meet our legitimate interest in establishing, claiming and defending legal claims.

  Other companies

  For delivery purposes Rimi can offer to use the service of other delivery companies to execute express or any other delivery. For these purposes limited amounts of personal data can be shared with our partner who acts as data controller, for example, your identity information, contact details, order details and delivery details. If information is shared with separate data controller, Rimi will provide reference to their privacy policy or privacy statement. Different retention rules can apply.

  Where do we process your personal data?

  We always process your personal data within the EU/EEA.

  Your personal data is not transferred or processed in a country outside the EU/EEA.

• How long will your personal data be stored?

  Customer profile/account:

  Until the user account is deleted. If the customer is inactive (no log-ins) for one year, the profile will be deleted.

  If you have both a Rimi e-store and a “Your Rimi” Loyalty programme account, “Your Rimi” Loyalty programme data storage length will apply.

  Order data:

  7 years from the date of order creation

  Return data:

  7 years from return creation

  Credit card token:

  Will be removed as soon as the account is deleted

  Financial document (invoice, credit note):

  7 years from the document generation

  Personal data of an unregistered user in orders (first name, last name, delivery address, mobile phone number):

  7 years

• Your rights

  Data protection laws give you a number of rights with regard to the processing of your personal data.

  Access to personal data

  You are entitled to request confirmation from us as to whether we process personal data relating to you, and in such cases request access to the personal data we are processing about you. If you have a “Your Rimi” profile, you can log in to your profile on the Rimi website at any time to view the information we have about you, such as name, contact information, etc. You may also submit a written request to us or our Data Protection Officer to exercise this right.

  Rectification of personal data

  Furthermore, if you believe that information about you is incorrect or incomplete, you have the right to correct it yourself or ask us to do it. If you have a Rimi profile you can update some information about yourself by logging in to the Rimi profile. You may also submit a written request to us or our Data Protection Officer to exercise this right.

  Withdrawal of consent

  To the extent that we process your personal data based on your consent, you are entitled to withdraw your consent to personal data processing at any time. Please make a written request to us or our Data Protection Officer to exercise this right.

  Objection against processing for direct marketing purposes

  You also have the right to object to the processing of your personal data for direct marketing purposes at any time. You can unsubscribe from direct marketing by logging in to the Rimi profile or by calling Customer Support.

  Objection against processing based on a legitimate interest

  You are entitled to object to the processing of personal data based on our legitimate interest. However, we will continue to process your data, even if you have objected to it, if we have compelling motivated reasons to continue processing the data. Please make a written request to us or our Data Protection Officer to exercise this right.

  Erasure

  Under certain circumstances, you have the right to ask us to delete your personal data. However, this does not apply if we are required by law to keep the data. Please make a written request to us or our Data Protection Officer to exercise this right.

  Restriction of processing

  Under certain circumstances, you are also entitled to restrict the processing of your personal data. Please note that requesting the limited processing of your data may affect your use of Rimi e-store. Please make a written request to us or our Data Protection Officer to exercise this right.

  Data portability

  Finally, you have the right to receive or transmit your personal data to another data controller (“data portability”). This right only applies to the data you have provided to us based on your consent or on a contract and where the processing is carried out by automated means. Please make a written request to us or our Data Protection Officer to exercise this right.

• Whom do I contact if I have any questions?

  If you have any questions about the processing of your personal data, please feel free to contact us.

  If you are not satisfied with the response you received, you are entitled to file a complaint with the Data Protection Inspectorate.

  Contact details of the company in charge of processing your personal data

  Rimi Eesti Food AS, registration number 10263574

  Legal address: Põrguvälja tee 3, Pildiküla, Rae Parish, 75301

  Phone number: +372 605 9400

  E-mail: info.ee@rimibaltic.com

  Customer Support contact information

  Phone number: +372 605 6333

  E-mail: klienditugi@rimibaltic.com

  Contact details of the Data Protection Officer

  E-mail: RimiDPO@rimibaltic.com

  You can also contact our Data Protection Officer by sending a letter to us at the above-mentioned addresses and addressing it to the Data Protection Officer.

Viimati muudetud: 26.08.2022