Information regarding processing of personal data in “Rimi” online store

We care about your privacy

Your trust is important to us. Our aim is that you feel safe when you share your personal data with us. Personal data is any information that can be used to identify an individual.

We take appropriate measures to ensure that your personal data always is safe with us and that the processing of your personal data is compliant with present data protection laws, our internal policies, guidelines and routines. We have also assigned a Data Protection Officer whose task is to monitor that we follow these laws, guidelines and routines.

It is important for us to be transparent with how we handle your personal data. In this information text, we therefore describe how and where we process personal data in the context of shopping in “Rimi” online store.

It is your responsibility to provide only valid and genuine personal data and only such data as are appropriate and necessary for the purpose of fulfilling the objectives mentioned in this information text. If you do not agree to the processing of personal data as described in this information than your online order will be not completed and information provided in profile form will not be saved in any of “Rimi” systems.

In accordance to “Rimi” online store terms and conditions our responsibility is to deliver your placed orders in the online store. To make it possible, we need to process your personal data.

  • Which categories of personal data do we collect and why

    Creation and administration of your profile in “Rimi” online store

    We process your personal data in order to provide you with the opportunity to create your personal profile in “Rimi” online store, so that you can use the information stored in the profile to place order in online store, to choose to receive information about “Rimi” online store new offers, to view your previous order history, save baskets, save your favorite products and see your usually bought products.

    We process your personal data to administer your registration in “Rimi” online store. In order for us to register you and administer your profile, you must provide the personal details required for the conclusion and performance of the contract. Additionally to mandatory fields you will need to enter your birth date, in order for “Rimi” to validate, that you don’t have existing account already in “Rimi” system. Birth data will be used only to complete validation, it will not be stored. If you do not provide the necessary personal information, you will not be able to place order in “Rimi” online store. If you are unable to complete any of the required fields, you must contact Customer Service Center. Your data will be used to assemble and deliver order to you, contact you, respond to your requests, ensure that your information is accurate and up-to-date. For creation and administration of your profile in “Rimi” online store we process and store following data:

    Categories of personal data Legal basis Retention period
    • First Name
    • Last Name
    • Contact information – e-mail and mobile phone number
    • Your choice of communication channels for marketing messages

    Personal data collected from “My Rimi” loyalty program

    • Name
    • Last name
    • Birth date (is used only to validate, that you don't have an existing account in “Rimi” systems)
    • Phone number
    • Purchase history
    • Loyalty program profiling information
    To sign contract with you and execute it See section “For how long my personal data is stored?”

    We use your name and surname, to identify and validate you at order delivery/collection, to find your order in case you contact Customer Service Center and report issues with your order, to process product returns, if you request it.

    We use your phone number to contact you if any issues occur with your placed order and to contact you when delivering your order to your place, send PIN code for order collection. Your phone could also be used to search order or find your profile in our customer database.

    We use your e-mail, to inform you about your order statuses (order confirmed, ready for delivery, delivered, cancelled, failed, waiting for pick-up after failed delivery, etc.), send PIN code for order collection, send new’s e-mails if you have selected it. Your e-mail could also be used to search order or find your profile in our customer database.

    Alternatively, you can choose to use your “My Rimi” loyalty program profile by logging in the “Rimi” online store and providing additional information in order to proceed with orders. For creation and administration of your profile in “Rimi” online store we will process and store only the same data from loyalty program as prescribed in table above. Personal data collected from loyalty program profile will only be used the same way as prescribed in above. Please remember that processing of your personal data within loyalty program is still subject to privacy policy of “My Rimi” loyalty program.

    By logging in with your “My Rimi” profile will enable you to receive benefits, that program offers through profiling:

    • Personal offers (also on your birthday, name day, kids name day and kids’ birthday, pet’s club offers);
    • “My Rimi” card offers;
    • Earn “My Rimi” money;
    • Earn digital “stickers”.

    By registering in “Rimi” online store you confirm that the data is accurate and correct. If personal data is inaccurate, you must correct it immediately.

    Order creation for “Guest” customer

    In order to place order in “Rimi” online store it is not mandatory to create profile. There is also possibility to check-out as guest user by providing personal data that is necessary to complete the order.

    Personal data provided as “Guest user” will not be stored as profile in “Rimi” customer database. But it will be saved and processed with the order and order related documents (for example, Invoice, Credit note):

    Categories of personal data Legal basis Retention period
    • First Name
    • Last Name
    • Contact information – e-mail and mobile phone number
    To sign contract with you and execute it See section “For how long my personal data are stored?”

    We use your name and surname, to identify and validate you at order delivery/collection.

    We use your phone number to contact you if any issues occur with your placed order and to contact you when delivering your order to your place, send PIN code for order collection. Your phone could also be used to search order or find your profile in our customer database.

    We use your e-mail, to inform you about your order statuses (order confirmed, ready for delivery, delivered, cancelled, failed, waiting for pick-up after failed delivery, etc.), send PIN code for order collection. Your e-mail could also be used to search order or find your profile in our customer database.

    By placing order as guest user in “Rimi” online store you confirm that the data is accurate and correct. If personal data is inaccurate, you must correct it immediately.

    To assemble and deliver order

    “Rimi” online store must assemble the order with items that you have ordered, therefore order contents are processed both by systems and by “Rimi” employees.

    If you choose Home Delivery:

    If you choose during placing order Home Delivery as your preferred delivery method, you must enter address to which order should be delivered.

    If you are registered user and have signed-in, then this address will be saved under your profile. If you wish to delete or add new address to your profile, you can do it by entering your profile section in “Rimi” online store or by contacting “Rimi” Customer Service Center and request it to be removed. You can also select if you would like this address to be “Default” and show-up always as your first choice.

    If you are “Guest” user, then your address will not be saved in “Rimi” customer database, but will be saved with your placed order and used in the same way as in case of registered user.

    If you choose during placing order Click&Collect as your preferred delivery method, you must select store in which you would like to collect the order. This information will be stored only with the order.

    You can also select if you would like this store to be your “Favorite” and it will show-up always as your first choice.

    To assemble order and deliver it to you following personal data will be processed:

    Categories of personal data

    Legal basis

    Retention period

    To assemble order:

    • Order ID
    • Order delivery time and date
    • Product list and quantities

    To deliver order to Home address:

    • First Name and Last Name
    • Phone number
    • Order delivery time and date
    • Order ID
    • Address details – Street, Street number, House number, Apartment number, Floor number, District City, Zip, address name, GPS coordinates – Longitude, Latitude
    • Comments to address
    • Address settings (default or not)
    • Product list and quantities

    To deliver order at Click&Collect station:

    • Selected store name and address
    • Store settings (favorite or not)
    • First Name and Last Name
    • Phone number
    • Order delivery time and date
    • Order ID
    • Product list and quantities
    • PIN code
    To execute contract See section “For how long my personal data are stored?”

    Order details are used to enable “Rimi” employees to pick in bags your order.

    Listed data to deliver order to Home address are used to execute contract and deliver your order by “Rimi” couriers to address you have selected.

    Listed data for delivering order to Click&Collect store are used to hand-out your order when you arrive at Click&Collect store.

    All the data mentioned above is also used to inform you about the order statuses via your e-mail and generate Invoice and Credit Note (Order confirmed, ready for delivery, delivered, canceled, failed, ready for pick-up, refund processed).

    To enable Click&Collect order collection via car plate scanning

    Registered customer has ability to add to their profile Car number plates, that can be used in Drive Click&Collect stations, to recognize that you have arrived after your order. It is optional to add this information to your profile.

    If you wish to delete or add new Car Plate number to your profile, you can do it by entering your profile section in “Rimi” online store or by contacting “Rimi” Customer Service Center and requesting it to be removed.

    To enable Click&Collect order collection via car plate scanning we process and store following personal data:

    Categories of personal data Legal basis Retention period
    • Car number plate
    To execute contract See section “For how long my personal data are stored?”

    To process payment of the order

    To create order in “Rimi” online store customer must complete payment. There are three payment options available - payment with credit/debit card, payment with Swedbank BankLink, payment with SEB bank BankLink. Without completing payment customer will not be able to place an order in “Rimi” online store.

    During payment processing following customer data will be processed and stored with order information:

    Categories of personal data

    Legal basis

    Retention period

    Swedbank and SEB Bank Link:

    • Payment amount
    • First name, last name
    • Payment description
    • Payment reference number (for returns only)
    • Transaction reference ID
    • Payer IBAN

    Credit/Debit card:

    • Payment description
    • First name, last name
    • Payment card PAN number
    • Payment card scheme
    • Payment card validity data
    To execute contract See section “For how long my personal data are stored?”

    “Rimi” online store website enables registered customers to save their credit card details in their profile, to enable easier payments in future. This not mandatory by “Rimi”, but it is optional for customer. If you wish to delete or add new payment card to your profile, you can do it by entering your profile section in “Rimi” online store. If you save credit card to your profile following data will be stored and processed in “Rimi” customer database:

    Categories of personal data Legal basis Retention period
    • Payment card PAN number
    • Payment card token (only if you choose to save card)
    • Payment card scheme
    • Payment card validity data
    To execute contract See section “For how long my personal data are stored?”

    Direct marketing

    We process your personal data, to send you marketing information/new’s. For example, to send you update about newest items in assortment, sales or special discounts. Please take into account that marketing information will be sent to you only, if you sign-up for it during registration or select to receive them in your profile. To send marketing messages we use e-mail, phone number, and social media.

    Categories of personal data Legal basis Retention period
    • First Name
    • Company name (if applicable)
    • Contact information – e-mail and mobile phone number
    • Social media
    Your consent See section “For how long my personal data are stored?”

    Management of claims and fraud prevention

    We may process your personal data to defend, establish and exercise legal claims, including to prevent fraud or criminal activity, misuses of our products or services.

    Categories of personal data Legal basis Retention period
    • First Name
    • Last Name
    • Contact information – e-mail and mobile phone number
    • Address details – Street, Street number, House number, Apartment number, Floor number, District City, Zip, address name
    • Comments to address
    • Order Id
    • Company Name
    • Registration number
    • VAT registration number (optional)
    • Legal address (country, city, district, postal code that is optional)
    • Order delivery date and time
    • Product list and quantities prices and promotions
    • Car plate No. (registered user only)
    • Your choice of communication channels
    • Selected C&C store
    • PIN code
    • Invoice information
    • Credit-note information
    • Payment amount
    • Payment description
    • Payment reference number (for returns only)
    • Transaction reference ID
    • Payer IBAN
    • Payment card PAN number
    • Payment card schema
    • Payment card validity data
    • Payment card token
    • Other information in relation to legal claim

    Our legitimate interest to prevent fraud or criminal activity, misuses of our products and services and exercise legal claims

    Till investigation, settlement and implementation of legal claim.

    Statistical and market research purposes

    We process your personal data for the purposes of reporting and statistics, to monitor, evaluate, improve and expand our online services (for example, how many on-time deliveries we have made, how many complains in Customer Service Center we have received). For these purposes, we will not process your name, contact information or any other directly identifiable information that may directly identify you as a specific person.

    Categories of personal data Legal basis Retention period
    • Postal code
    • City
    • Country
    • Selections in user profile (Opt-in to marketing messages, whether credit cards are saved)
    • Orders (product list, quantities, prices, promotions)
    • Order status
    • Delivery method selection
    • Payment method
    • Selected slot times
    • Pickup-up time and delivery times
    • Reason codes for product returns
    • Reason codes for contacting Customer Service Center
    • Ticket and call count in Customer Service Center
    Processing is necessary to accomplish our legitimate interests and to improve and extend our services. See section “For how long my personal data are stored?”

    Information Security Purposes

    We keep audits of user activity. We collect and store information when you (or, upon your request, we) access your profile, make changes to data, or perform other activities under the “Rimi” online store. This is done to identify potential threats, fraud, or illegal activities, and to maintain consistency and protect systems and data from unauthorized changes. Processing is necessary to fulfill our legitimate interest in ensuring information security.

    Management of customer claims

    To process claims you submit in “Rimi” online store via contact form or via e-mail sending it to info.lt@rimibaltic.com or via contacting “Rimi” with phone we must process and store your personal data. For more information on how we process and store your personal data with regards to claims submitted by you, please see Privacy Policy for customers’ complaints and inquiries.

    Creation and administration of Business profile in “Rimi” online store

    We process your personal data in order to provide you with the opportunity to create your Business profile in “Rimi” online store, so that you can use the information stored in the profile, for example, to place order in online store, to receive Advance Invoice and Final Invoice with Business information, to choose to receive information about “Rimi” online store new offers, to view your previous order history, save baskets, save your favorite products, see your usually bought products etc.

    We process your personal data to administer your registration in “Rimi” online store. In order for us to register you and administer your profile, you must provide the personal details required for the conclusion and performance of the contract. If you are unable to complete any of the required fields, you must contact Customer Service Center. Your data will be used to assemble and deliver order to you, contact you, respond to your requests, ensure that your information is accurate and up-to-date. For creation and administration of your profile in “Rimi” online store we process and store following data:

    Categories of personal data Legal basis Retention period

    · First Name

    · Last Name

    · Contact information – e-mail and mobile phone number

    · Company Name

    · Registration number

    · VAT registration number (optional)

    · Legal address (country, city, district, postal code that is optional)

    · Your choice of communication channels for marketing messages

    To sign contract with you and execute it See section “For how long my personal data is stored?”

  • From which sources do we collect personal data?

    Yourself

    We collect the personal data you provide to us regarding yourself when you are creating profile at “Rimi” online store and add additional details for online shopping, place order in “Rimi” online store and contact us via Customer Service Center or Help page in “Rimi” online store.

  • Sharing of personal data

    Service providers

    To fulfil our obligation towards you we share your personal data with companies that provides services to us. For example:

    • Data center services;
    • System development and maintenance services;
    • Client data analysis services;
    • Direct marketing message sending services;
    • "Rimi” loyalty program marketing related activity services (only for existing “Rimi” loyalty program participants)

    These companies can only process your personal data according to our instructions and not use them for other purposes. They are also required by law and our cooperation agreement to protect your personal data.

    Law enforcement authorities, state and local government institutions

    To fulfill our legal obligation, we may transfer your personal data to law enforcement authorities, state and local government institutions upon their request. We may also transfer your personal data to law enforcement authorities, state and local government institutions in order to meet our legitimate interest in establishing, claiming and defending legal claims.

    Where do we process your personal data?

    We always aim to process your personal data within EU/EEA.

    Your personal data is not transferred or processed in a country outside EU/EEA.

  • For how long are my personal data stored?

    Customer profile:

    Until user account is deleted. If customer is inactive (no log-ins detected) for 1 year then profile is deleted.

    If you have “Rimi” online store and “My Rimi” loyalty program account then "My Rimi" loyalty program data storage length is applied.

    Order data:

    5 years from day of order creation

    Return data:

    5 years from return creation

    Credit card token:

    Removed immediately after account deletion

    Financial document (Invoice, credit note):

    10 years from document generation

    Unregistered user personal data in orders (First name, Last name, Delivery address, Phone number):

    5 years

  • Your rights

    Data protection laws give you a number of rights with regards to the processing of your personal data.

    Access to personal data

    You are entitled to request confirmation from us if we process personal data relating to you, and in such cases request access to the personal data we are processing about you. If you have “Rimi” profile you can log in to your profile in “Rimi” website at any time to see certain information we have about you, such as name, contact information, etc. To carry out the mentioned right, you also can provide a written request to us or to our Data Protection Officer.

    Rectification of personal data

    Furthermore, if you believe that information about you is incorrect or incomplete, you have the right to correct it yourself or ask us to do it. If you have “My Rimi” profile you can update some information about yourself by logging in to the “My Rimi” profile. To carry out the mentioned right, you also can provide a written request to us or to our Data Protection Officer.

    Withdrawal of consent

    To the extent that we process your personal data based on your consent, you are entitled to, at any time, withdraw your consent to the personal data processing. To carry out the mentioned right, please, provide a written request to us or to our Data Protection Officer.

    Objection against processing for direct marketing purposes

    You also have the right to object to your personal data processing for direct marketing purposes at any time. You can unsubscribe from direct marketing by logging in to the “My Rimi” profile or by calling Customer Service Center.

    Objection against processing based on a legitimate interest

    You are entitled to object to personal data processing based on our legitimate interest. However, we will continue to process your data, even if you have objected to it, if we have compelling motivated reasons for continuing to process data. To carry out the mentioned right, please, provide a written request to us or to our Data Protection Officer.

    Erasure

    Under certain circumstances, you have rights to ask us to delete your personal data. However, this does not apply if we are required by law to keep the data. To carry out the mentioned right you also can provide a written request to us or to our Data Protection Officer.

    Restriction of processing

    Under certain circumstances, you are also entitled to restrict the processing of your personal data. Please note, that if you request that the processing of your data is limited, it might affect your participation in “Rimi” online store. To carry out the mentioned right, please, provide a written request to us or to our Data Protection Officer.

    Data portability

    Finally, you have the right to receive or transmit your personal data further to another data controller (“data portability”). This right solely covers only data what you have provided to us based on you consent or on a contract and where processing is carried out by automated means. To carry out the mentioned right, please, provide a written request to us or to our Data Protection Officer.

  • Who do I contact if I have any questions?

    If you have any questions about the processing of your personal data, please feel free to contact us.

    If you are not satisfied with the response you received, you are entitled to file a complaint with the Data Inspectorate

    Contact details of company in charge of handling your personal data

    UAB “RIMI LIETUVA” , reg. No. 123715317,

    Legal address: Spaudos g. 6-1, Vilnius, Lietuva, 05132

    Phone No: +370 5 2461057

    Email: info.lt@rimibaltic.com

    Customer Service Center contact details

    Phone number: 8 800 29000

    E-mail: info.lt@rimibaltic.com

    Contact details of the Data Protection Officer

    Email: RimiDPO@rimibaltic.com

    You also can contact our Data Protection Officer by sending a letter to us at the above-mentioned address and addressing it to the Data Protection Officer.

Paskutinis atnaujinimas: 2020-12-03