Website Privacy Policy

Website Privacy Policy

• Which categories of personal data do we collect and why

  Management of Rimi website

  When you visit our website, we process data, which is technically necessary for us to display the website to you. We process your personal data in order to manage our website and provide the best experience to you as a user visiting our website.

  • When you interact with our website, for instance, when you view digital leaflets about our offers, page about our job vacancies or access other sections for useful information about Rimi services and products on our website, we process your data in order to provide you with the requested information, incl. service. 
  • During the purely informational use of our website, e.g., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server.
  • To obtain effective user consent for cookies, where applicable, our website uses a consent tool. You can see a cookie banner when visiting our website.
  • Our website may use third-party tools to improve your experience and make it more convenient. For instance:
  • When you interact with videos, e.g., on recipes etc. on our website, including when you start to play a video, it uses the YouTube (Google) function to display and play videos.
  • By interacting with the map and selecting to view the closest store, you will be offered to enter store information or share your location, which will be used by Google maps service to display requested information.
  • More information on Google privacy policy: https://policies.google.com/privacy & https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/  & privacy controls: https://policies.google.com/privacy#infochoices
  • Our website may contain links to external pages, e.g., social networks, e.g., Facebook, Instagram, etc. In order to increase the protection of your data when visiting our website, these buttons are only using a link. This type of integration ensures that when you visit a page on our website that contains such buttons, no connection is yet established with their servers. When you click on the button, a new browser window opens.

  Categories of personal data	Depending on how and to what extent you use our website, we may process information about your visit: Identity information, e.g., IP address. User generated personal data, e.g., interactions and behaviour on our website. Location information, e.g., if a user chooses to interact with website functionality that gives possibility, e.g., to see the closest store based on the user’s location. Connection data, e.g., technical information about device, incl. device type. Information about situation, e.g., data and time of access. Demographic data, e.g., website language. Additional information might be processed, e.g., depending on a user interaction with available functionality on our website.
  Legal basis	Depending on website functionality you choose to use, the legal basis may vary (as different legal requirements may also set additional preconditions): Consent, e.g., in relation to specific cookies, e.g., functional cookies, you choose to accept to and, where applicable, in relation to specific functionality you choose to use, for instance when you choose to show your location to see the closest stores. Our legitimate interests, e.g., in relation to provision of website as such and different website functionalities, incl. tools that our website users might be interested in to get information about our products in more convenient way. Contract (service provision), e.g., in relation to requested service delivery etc.
  Retention period	Up to 14 months. Separate retention period may be set to specific functions, e.g.: In relation to the tool necessary for cookies management – reset is done on a regular basis and not less frequently then each 12 months unless another time limit is required by laws. Cookies are stored according to retention policy stated in cookie banner.

   

  Targeted advertising based on marketing cookies on Rimi website

  We use marketing cookies on our website in order to provide more relevant information to user who might be interested in our brand and our products and promotions. Marketing cookies can help us to deliver more relevant messages when user is outside Rimi website. For example, you can see our ads on other external pages, e.g., news websites, social media networks etc. The aim of this activity is to deliver more value to users and inform users, who could benefit from content of our advertisements.

  Users can always make a choice to accept or reject marketing cookies of our website. We obtain the consent in advance with the help of a consent banner. In case user chooses to accept marketing cookies on our website, we could take that into account and do our best to provide more relevant content offers that users might be interested in. User can always make changes in cookies using setting on the browser.

  In order to deliver our advertising outside Rimi website we cooperate with platform providers, including online media and search engines, e.g., keywords, pictures etc., whose cookies you have accepted in our website via cookies banner. You can find marketing cookies under Marketing cookies section in our website cookies banner.

  Categories of personal data	We may process: Identity information, e.g., user ID. User generated personal data, e.g., information about activities within our information systems, behaviour in digital channels. Order details, e.g., ordered items, product prices. Location information, e.g., general information based on country/region/city level. Connection data, e.g., device type, operation systems, type of browser.
  Legal basis	Consent related to marketing cookies
  Retention period	The overall period for marketing cookies is up to 6 months. Additional information about specific retention periods for cookies is available in our cookies banner.

   

  Statistics of Rimi website

  To improve our website, incl., e.g., services and customer experience, statistics, incl. analytics of user journey in our website is important. For instance, statistics can show how our website performs and how our users engage with our website and advertising content.

  We may cooperate with external partners, for instance, Google Analytics, to gather statistics on user activity on our website.

  In order to collect statistics, the so-called cookies might be employed. Cookies are text files that are stored on your device and facilitate an analysis of your website activity. For more information about cookies, please see our Cookie policy.

  Categories of personal data	Depending on the specific statistical dimension, the following information may be processed: Identity information, e.g., user ID. User generated personal data, e.g., activities within site. Demographic data, e.g., website language. Location information, e.g., general information based on country/region/city level. Order details, only general information, e.g., purchased items and quantities, incl. visits without purchase. Connection data, e.g., device type.
  Legal basis	Consent, e.g., when statistics is collected based on cookies. Our legitimate interests concerning general statistics – certain cases when statistical cookies are not applicable.
  Retention period	Aggregate statistics does not contain personal data. Statistics is deleted as soon as it is no longer necessary for the purpose of its collection. For instance: Retention period for statistics based on cookies consent – 14 months Separate retention period might be set for statistics of certain information based on legitimate interests – up to 38 months

   

  IT security

  In order to protect your personal data, we have taken appropriate technical and organizational measures to ensure our website security. We constantly review and improve our protection measures.

  We may process your personal data, e.g., in order to manage our IT systems maintenance and operations, information security, monitoring and audit, incl., to identify potential threat, illegal or unauthorized activities, violations of terms of use in our IT solutions and to protect our IT environment and data from unauthorized changes and maintain consistency. 

  For instance, our website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content, e.g., orders or enquiries to the data controller. You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser line.

  Additional website protection measures, where applicable, can be used, for instance, to ensure that user requests to website are made by human – to protect website from potential bots and spam. It helps to distinguish between real users and user that is not real.  

  We may process personal data to ensure our IT network and IT solution security, such as firewalls, security certificates and other technical background processes. 

  Categories of personal data	Identity information, e.g., ID. User generated personal data, e.g., information about user activities. Connection data, e.g., device type. Additional information might be processed, e.g., depending on a user interaction with our website.
  Legal basis	Our legitimate interests in relation to IT security, incl. IT security monitoring & audit; IT systems maintenance and operations
  Retention period	up to 18 calendar months unless the law provides for a longer retention period.

   

• From which sources do we collect personal data?

  Yourself

  We collect personal data you provide to us directly and indirectly when interacting with our website, for example, when you visit our website pages etc.

  Information provided by third-party providers

  For instance, if you come from other platform where our website is mentioned, e.g., when you click on our advertisement published on news site, we might see information on the source you are coming from.

• Sharing of personal data

  Service providers

  We might share your personal data with companies that provide services to us, for example:

  • information system development and maintenance services;
  • web/mobile application development and maintenance services;
  • marketing communications agencies that provide us with support regarding marketing activities.

  These companies can only process your personal data according to our instructions and not use data for other purposes. They are also required by law and our cooperation agreement to protect your personal data.

  Third-party providers

  In certain specific cases your personal data might be received by third-party providers.

  For instance, when you use their tools or visit external pages, such third-party providers can act as separate controllers and might collect data when you are using their tools or visiting their pages. If you are logged in to external platforms, your data might be assigned to your account. If you do not wish that third-party providers associate your data with your external platform account, you must log out before activating the button.

  For instance, when you have accepted third-party marketing cookies, such providers can get information that you have visited our website. This information contains only limited information necessary for specific purpose.

  In relation to data processing carried out by third-party providers, security and content of such tools and sites are provided by the particular provider. In such cases their privacy policy and terms and conditions are applicable, and we have no influence on the data collected by providers as separate controllers.

  External advisors and insurance companies

  If it is necessary for the protection of our company´s rights and interests, we might transfer your personal data to insurance companies or external advisors, e.g., auditors, law firms or other independent advisors who act as separate data controllers and whose activities are regulated by law.

  Group companies

  We may share your personal data with relevant Rimi group companies, if it is necessity for pursuit of our legitimate interests or if it is necessary for achieving defined purposes. 

  Law enforcement authorities, state and local government institutions

  To fulfil our legal obligation, we may transfer your personal data to law enforcement authorities, state and local government institutions upon their request. We may also transfer your personal data to law enforcement authorities, state and local government institutions in order to meet our legitimate interest in establishing, claiming and defending legal claims.

• Where do we process your personal data?

  We always aim to process your personal data within EU/EEA.

  In certain cases, your personal data might be transferred or processed in a country outside EU/EEA by contracted service providers. When your data is processed outside the EU/EEA by our service providers, we ensure that there are sufficient technical and organizational safeguards in place in order to ensure that the recipients process the data in a secure way. For instance, for IT and other support, we may use service providers accessing personal data from countries outside the EU/EEA. We may use service providers that are based in a variety of countries outside the EU/EEA and transfers depends on the time of the day (follow-the-sun). In such cases we try to limit the personal data accessed to the specific support case.

  When we transfer your personal data to a country outside the EU/EEA, we use either the standard contractual clauses or an adequacy decision as a transfer mechanism. In rare cases our service provider who acts as data processor may transfer the personal data to a sub-processor outside the EU/EEA with Binding Corporate Rules as a transfer mechanism. Countries with an adequacy decision can be found here and the standard contractual clauses issued by the European Commission can be found here.

  When you access third-party tools and external links, providers of such tools and platforms may act as separate controllers and they may transfer data outside the EU according to their privacy policy.

• For how long are my personal data stored?

  We will erase or anonymize your personal data if it is no longer required in order to comply with the original purpose of storage or due to legal requirements.

  For more detailed information about retention periods for specific purposes, please see the section above: “Which categories of personal data do we collect and why”.

  Retention period of personal data stored by third-party providers is set according to their privacy policies.

• Your rights

  Data protection laws give you a number of rights with regards to the processing of your personal data. However, your rights can be exercised only if we actually process your personal data, e.g., you directly contact us or otherwise provide your data to us. In several other cases we only have access to aggregate information that do not allow the identification of you as a data subject.

  When you access third-party tools or external pages, the respective provider sets the data protection obligations towards you as a user and is the contact person for your rights. Such providers have direct access to your personal data processed on their platforms. You can exercise your data subject rights by reaching out directly to them.

  Access to personal data

  You are entitled to request confirmation from us if we process personal data relating to you, and in such cases request access to the personal data we are processing about you.

  In order to exercise the aforementioned rights, you can write a submission to us or to our Data Protection Officer.

  Rectification of personal data

  Furthermore, if you believe that information about you is incorrect or incomplete, you have the right to correct it by asking us to do it.

  In order to exercise the aforementioned rights, you can write a submission to us or to our Data Protection Officer.

  Withdrawal of consent

  To the extent that we process your personal data based on your consent, you are entitled to, at any time, withdraw your consent to the personal data processing. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  In order to exercise the aforementioned rights, you can write a submission to us or to our Data Protection Officer.

  For instance, in relation to cookies set on our website, you can change your cookie preferences at any time by clicking the "Cookie Settings" button at the bottom of our website.

  Objection against processing for direct marketing purposes

  You also have the right to object to your personal data processing for direct marketing at any time.

  In order to exercise the aforementioned rights, you can write a submission to us or to our Data Protection Officer.

  In relation to our advertisements that are published by online media, incl. social media platform providers, you can use platform settings provided by the particular online media, incl. social media platform provider. More information in our Online media privacy policy.

  Objection against processing based on a legitimate interests

  You are entitled to object to personal data processing based on our legitimate interests. However, we will continue to process your data, even if you have objected to it, if we have compelling motivated reasons for continuing to process data.

  To carry out the mentioned right, please provide a written request to us or to our Data protection officer.

  Erasure

  Under certain circumstances, you have rights to ask us to delete your personal data. However, this does not apply, e.g., if we are required by law to keep the data or the data are necessary for us to establish, exercise or defend legal claims.

  To carry out the mentioned right, please provide a written submission to us or to our Data Protection Officer.

  Restriction of processing

  Under certain circumstances, you are also entitled to restrict the processing of your personal data.

  To carry out the mentioned right, please provide a written submission to us or to our Data Protection Officer.

  Data portability

  You have the right to receive or transmit your personal data further to another data controller (“data portability”). This right solely covers only data what you have provided to us based on you consent or on a contract and where processing is carried out by automated means.

  To carry out the mentioned right, please provide a written submission to us or to our Data Protection Officer.

• Who do I contact if i have any questions?

  If you have any questions about the processing of your personal data, please feel free to contact us.

  If you are not satisfied with the response you have received, you are entitled to file a complaint with the relevant Data Protection Authority:

  In Latvia: Data State Inspectorate or in Estonia: Data Protection Inspectorate or  in Lithuania: State Data Protection Inspectorate

  Contact details of company in charge of handling your personal data

  Each Rimi group company acts as a separate controller regarding its website and is responsible for processing your personal data in accordance with this Privacy Policy and applicable data protection laws. However, in certain specific cases we can act as joint controllers, for instance, in relation to cross-border activities, e.g., if there is a necessity to manage pan-Baltic website-related activities, e.g., in relation to website security or website functionality valid for use in all Baltic countries. In such a case relevant Rimi group companies are responsible for processing your personal data in accordance with the applicable data protection laws. 

  In relation to joint processing, Rimi companies have therefore entered into an arrangement for the protection of personal data among themselves and each Rimi company involved acting as a joint controller in respect of its own processing of personal data is responsible for establishing a lawful basis; providing necessary personal data processing information, incl. on joint processing; ensuring data subject rights and, when necessary, cooperating among themselves to ensure response to the request received; implementation of appropriate technical and organizational security measures; taking appropriate measures in case of a personal data breach etc. You may exercise your rights in respect of and against each of the joint controllers. In order to ensure that any request can be handled as swiftly as possible, contact details of Rimi company that is a contact point for you are mentioned below.  Please contact Rimi company in your respective country and we will make sure that all our companies mentioned below, who might handle your personal data, respects and ensure the exercise of your rights.    

   

  In relation to questions concerning https://www.rimibaltic.com please contact:

  SIA Rimi Baltic, reg. No. 40003592957

  Legal address: 161 A. Deglava iela, Riga, Latvia, LV 1021

  Phone number: +371 67045409

  Email: rimi.lv@rimibaltic.com

   

  In relation to questions concerning other Rimi companies please contact:

  https://www.rimi.lv

  SIA Rimi Latvia, reg. No. 40003053029

  Legal address: 161 A. Deglava iela, Riga, Latvia, LV 1021

  Phone number: +371 67045409

  Email: rimi.lv@rimibaltic.com

   

  https://www.rimi.ee

  Rimi Eesti Food AS, reg. No.  10263574

  Legal address: Põrguvälja tee 3, Pildiküla, Rae vald Eesti

  Phone number: +372 605 6333

  Email: info.ee@rimibaltic.com

   

  https://www.rimi.lt

  UAB Rimi Lietuva, reg. No. 123715317

  Legal address: Spaudos g. 6-1, Vilnius, Lietuva, 05132

  Phone number: +370 85 246 1057

  Email: administration.lt@rimibaltic.com

  Contact details of our Customer service

  https://www.rimibaltic.com

  SIA Rimi Baltic

  Phone number: +371 67045525

  Email: rimi.lv@rimibaltic.com

   

   

  https://www.rimi.lv

  SIA Rimi Latvia:

  Phone number: + 371 80000180

  Email: info.lv@rimibaltic.com

   

   

  https://www.rimi.lt

  UAB Rimi Lietuva:

  Telefono numeris: +370 800 29 000

  El. paštas: info.lt@rimibaltic.com  

   

   

  https://www.rimi.ee

  Rimi Eesti Food AS:

  Telefoninumber: +372 6 056 333

  E-posti aadress: klienditugi@rimibaltic.com

  Contact details of the Data Protection Officer

  Email: RimiDPO@rimibaltic.com     

  You also can contact our Data protection Officer by sending a letter to us at the above-mentioned address and addressing it to the Data protection officer.

• Changes and updates to this privacy policy

  We may update this Privacy Policy from time to time, for example, if a new purpose for personal data processing is added or if new legal requirements are implemented etc. The latest version of this Privacy Policy is available on our website.

Last modified on: March 1, 2024