Privacy Notice – RELEX Mobile Pro Application
Last updated on December 10, 2024In brief
RELEX Mobile PRO is an application that enables retail stores to manage their replenishment, inventory, and other in-store processes.
In terms of processing personal data, the RELEX Mobile PRO application has the following key characteristics:
- Part of data processing is decided on by RELEX—namely the processing activities related to technical delivery of the solution.
- The solution processes personal data to authenticate and empower users to review proposed orders, place manual orders, manage inventory, and perform other in-store tasks.
- Part of data processing is decided on by RELEX’s customers—namely the processing activities related to authorizing the users and managing their work.
In full
This privacy notice (“privacy notice“) informs you about how Retail Logistics Excellence – RELEX Oy (“RELEX Oy”) and its affiliated companies globally (jointly “RELEX“) processes the information we collect about the individuals interacting with our solutions who plan and manage our customers’ store replenishment, store inventory, and other in-store tasks.
In this privacy notice, “Personal data” or “data” herein refers to data which we can connect to an identifiable individual. “You” refers to the contact person of a RELEX customer and prospective customer whose personal data is processed.
Please note that our customers—your employer—typically also process information related to your employment outside of this specific RELEX solution. This notice only elaborates on the processing of personal data taking place in relation to this specific solution.
Roles and responsibilities
The responsibilities for controllership are split between RELEX and its customers (typically your employer). This means the following:
Our customer (typically, your employer) is the controller responsible for data processing of activities that directly relate to replenishment and store inventory management, and other in-store processes. In this case, RELEX processes the data for the following purposes on our customers’ behalf:
- Replenishment and store inventory management. Data processing relating to order management, inventory management, and other in-store processes.
- User authentication. To make sure only authorized users are permitted to access the solution.
- Support activities. RELEX support personnel may come across your data when solving technical issues with the solution.
- Efficiency metrics. The solution may collect information on the rationale and outcome of optimization activities in an identifiable format.
- Location tracking. To enable geographic planning of activities within and across multiple locations.
RELEX is the controller responsible for data processing of activities that support the provisioning of the solution. In this case, RELEX processes the data for the following purposes in its own name.
- Usage monitoring and metrics collection. Monitoring the solution and its use to provide you with good operational quality, security, usability, while identifying areas for improvement in both the solution and underlying processes and practices. RELEX also collects data similar to Efficiency Metrics collected for the customer to this effect.
- Support ticketing. To provide global support and maintenance services.
Both RELEX and each of our customers operate as independent controllers over their respective areas of data processing. While the customer’s role is referred to in this privacy notice, such references are informational by nature and for the purpose of providing the full picture for the reader. They do not bind the customer company in any way, and the customer is ultimately responsible for the processing of your data which it does in the role of controller.
Categories of personal data
The personal data that is processed under this privacy notice includes the following:
| Data types determined by the customer company as the controller and processed by RELEX on behalf of the customer Customer level control: In the context of the solution, the actual data types collected and processed by the customer are likely to vary, and depending on selected features and functionalities, may be less than all the data types listed below. Individual level control: The solution user interface enables you to adjust the collection of some of the data types listed hereunder. |
| User authentication |
|
| Replenishment and store inventory management, efficiency metrics, and location data |
|
| Support activities |
| Any of the data mentioned herein may be processed when maintaining the solution and when providing support and problem resolution activities. |
| Identifying information |
|
Legal basis
The Customer defines its own legal basis based on which it processes personal data related to the activities supported by the solution.
| Data types which RELEX collects as the data controller |
| Usage monitoring and metrics collection |
| User activity in the solution, such as visited solution spaces, utilized features, timestamps, device set-up and other types of user activity within the solution. This also includes data relating to order management, inventory management, and other in-store processes, such as work and planning activities, which may be attributable to you. Some of such information is collected as solution logs and some in aggregate format. |
| Support ticketing |
|
| Identifying information |
The following data, enabling identification of the individual, may be processed in connection with the above purposes and data types.
|
RELEX processes the personal data under the following legitimate interests:
- To enable RELEX to monitor its service provisioning, adjusting and correcting faults based on such information and further developing the services based on user needs, as well as securing its solutions against a variety of threats.
- To enable RELEX to react to and resolve issues arising from its solutions as part of its global support organization’s activities.
The data processing undertaken by RELEX for the solution and project delivery is mandatory for the efficient delivery and maintenance of its solutions. The usage monitoring is typical and practically a mandatory activity when providing software-based services. These cannot be done without processing the limited amounts of personal data referred to above.
To provide users with a degree of control and where legally required; we collect such data based on and dependant on user consent. Examples of data collected based on your consent include inter alia: precise location data and accessing the devices gallery and camera.
Data movement
Source of data
RELEX may receive personal data from its customers (typically your employer), directly from you (for example; when contacting RELEX support) or user activities (for example; when you are logging into RELEX’s solutions).
Exchanges of data
We exchange some of your data with our customers who have procured our solutions when conducting the abovementioned activities related to our service provisioning. Where we utilize intermediary partners to deliver our solutions, we may also exchange data with such companies for the same purpose. We provide these companies with access to the personal data that they may need for their agreed activities.
Transfers of data to processors
RELEX provides the solution and associated services with the help of its affiliates and vendors.
RELEX maintain a global pool of competent professionals to support, operate, deliver, and maintain the solution and the services. While doing so, for example, when solving a support issue, the support personnel may process, store, or otherwise access your personal data.
Your data may be made accessible to RELEX’s service providers or other vendors that RELEX uses to support, operate, deliver, and maintain its solutions. While doing so, such third-party service provider personnel may, for example, when operating the service, the service provider personnel may incidentally process, store, or otherwise access your personal data.
You can read more about our processors and locations of personal data processing here.
Data processing locations and transfers of personal data outside the European Economic Area (EEA)
The data in the service for our customers in the European and Mediterranean areas, as well as in Asian and Pacific countries, are stored in cloud platforms located in the European Union and the United States. The data in the service for our customers in the Americas are stored in cloud platforms located in the United States.
Some of the RELEX affiliates as well as RELEX service providers are located outside the European Union or the EEA. The employees of such entities may process the data for the purposes specified in this privacy notice.
We only do global or cross-border data transfers for a reason and after assessing the resulting privacy risk.
When transferring your data outside (1) the European Union or the EEA and (2) such countries that the European Commission has decreed having an adequate level of data protection; we ensure that the transfer is legal and safe by concluding an agreement based on the EU Commission’s standard contractual clauses or by taking other measures that may be required under applicable legislation.
You can ask for additional details relating to the transfer and the appropriate safeguards that we have put in place. The fixed content of the EU Commission’s standard contractual clauses is available here, or you can ask for a copy of the related documents from the RELEX contact mentioned below.
You can read more about our processors and locations of personal data processing here.
Other processing activities
M&A activities: Where RELEX takes steps to sell, buy, merge or otherwise reorganize its businesses in certain countries, it may involve disclosing data to prospective or actual purchasers, sellers, or partners and their advisors. In such circumstances, RELEX takes all reasonable steps to ensure that the appropriate measures to protect personal data are taken by such prospective or actual purchasers, sellers, or partners and their advisors.
There may also be circumstances not covered by this notice where processing or disclosure of your data may be justified or permitted. One such example includes complying with a court order, or a warrant issued by the authorities, where we are compelled to produce the information.
Other circumstances in which there may be a justifiable legitimate interest to disclose your data to a third party are where such disclosure is necessary to address an ongoing problem, or where we need to meet other legitimate information requirements of our third parties. In any such action, we act according to the applicable laws.
Retention
Your data is processed by default for the duration of our contractual relationship with the customer. Some data, though, are processed for a shorter or longer time, depending on the need. Examples of shorter need-based retention periods are, for example, solution logs (typically from a few months to a few years, depending on the type of the log). Examples of longer need-based retention periods are support tickets, which are retained for as long as the respective solution is under active maintenance.
Security
RELEX has implemented appropriate technical and organizational measures to protect your data. Security measures are in place to prevent unauthorized access to your personal data and any unauthorized manipulation of it. This includes restricting access to your data and hosting it with service providers that can demonstrate an adequate level of data security.
Exercising your rights
You have the following rights to your personal data that we have gathered:
- You have the right to access and get a copy of the data that we can identify pertaining to you and move the datato a third party in an interoperable format.
- Should you find any errors in your data, you can ask for these errors to be corrected.
- You have a right to object to our collection and the use of your data, where our use of your data infringes on your rights more extensively than what can objectively be deemed as permissible.
- You may request us to cease storing your personal data when we no longer have a defensible need to store it or as otherwise allowed by applicable data protection law.
- If you establish that the data we have on you is incorrect or we have no legal right to use it, you may request us to cease any further processing of your personal data, or only store it, until the issue is resolved.
- Where our collection of data is based on user consent, you may also withdraw your consent via the appropriate settings.
Exercising your rights
To exercise your rights for the data where your employer is a controller, you should contact them. RELEX is not able to directly respond to your requests regarding processing by RELEX on behalf of the customer.
To exercise your rights for the data where RELEX is a controller, our contact information can be found below. If you feel that RELEX is not fulfilling your statutory rights, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman.
Profiling
RELEX does not engage in the profiling of individual users of its solution.
RELEX contact information
The Finnish parent company of RELEX group ‘Retail Logistics Excellence – RELEX Oy’ act as the data controller for personal data covered by this privacy notice. Our contact information is:
Retail Logistics Excellence – RELEX Oy
Business ID FI 1963444-1
Address: Postintaival 7, FI-00230 Helsinki, Finland
Website: https://www.relexsolutions.com/
The contact person for matters relating to this privacy notice at RELEX is:
RELEX Privacy Director: Hannes Saarinen, privacy@relexsolutions.com
Changes
To keep this notice up to date, we will make changes and additions to this from time to time. We publish the changed notice on our website or on any other channel where this privacy notice has previously been made available. If the changes are significant, we may also notify you by other means. Any changes apply from the date we publish the revised notice.