Privacy policy

1. What personal data do we collect about you?

In our online store, we respect your privacy and are committed to protecting your personal data. The collection of personal data is necessary to provide you with the best possible user experience, customize our services, process your orders, and maintain your account. In this section, we explain what information we collect and how it is used. The personal data we collect may include, but are not limited to: your name, email address, postal address, phone number, date of birth, payment information, and other communication-related information. We may also collect information about your purchase history, browsing behavior, and preferences in our online store. Additionally, in relation to delivering your order, we may collect information such as the delivery address and recipient's contact details. All information we collect is essential for providing our services and is processed strictly in accordance with data protection legislation.

2. What do we use your personal data for?

The personal data we collect is used for several important purposes, which enable us to offer and continuously improve our services. Primarily, your information is used for processing and delivering your orders, including payment transactions and customer service contacts. Personal data may also be used to improve the user experience of our online store, such as developing the usability of our website and offering customized recommendations based on your purchase history and browsing activities. Furthermore, we use the information for marketing communications if you have given your consent, for example by sending you newsletters, offers, and information about new products.

Your personal data may also be used for internal analytics purposes, such as customer and market research, helping us to develop our product range and services. For security reasons, your personal data may also be used to ensure the security of our online store and our customers, such as detecting and preventing fraud. We emphasize that all use of personal data is conducted within the limits allowed and required by law, always following our data protection principles.

3. The basis for processing your personal data

We always follow the applicable data protection legislation in processing your personal data, and the processing is based on clear legal grounds. Firstly, most of the processing of your personal data is based on the fulfillment of a contract: when you make a purchase in our online store, processing is necessary for delivering your order and implementing our contract. In addition, certain processing of personal data is based on legal obligations, such as requirements for accounting and taxation.

The third important basis is consent. Certain processing activities, such as marketing communications, are only carried out if you have expressly given your consent. This consent is always voluntary and can be withdrawn at any time. We also use your personal data based on "legitimate interests" when it is necessary to improve our services and customize the customer experience. This includes analyzing the use of our site and monitoring customer behavior to offer better and targeted products and services.

In all personal data processing situations, we ensure that the processing is necessary and proportionate to the purposes sought and that your personal data is protected with appropriate security measures. Additionally, we are obligated to update, correct, or delete your personal data if it is incorrect, outdated, or if processing is no longer necessary.

4. How long do we keep your personal data?

The retention period for your personal data is determined by several factors related to the purpose of their collection and applicable legal requirements. We retain your personal data as long as necessary to provide contractual services, maintain customer relationships, and comply with legal obligations, such as accounting and tax laws. For example, your order information is usually kept for at least as long as the law requires us to retain commercial accounting materials, which is six (6) years in Finland.

When personal data is no longer needed for the purposes mentioned above, it is securely deleted or anonymized. Information for marketing purposes, such as subscription to our email list, is kept as long as you are an active subscriber and until you withdraw your consent or request the deletion of your data. If you have subscribed to the mailing list but do not have any orders, all data is removed after two (2) years. The retention of data based on our legitimate interest is regularly assessed to ensure it is justified and proportionate.

We reserve the right to retain your personal data for longer if necessary to comply with legal requirements, such as in litigation or for preventing and investigating fraud. In all cases, we follow applicable data protection laws and regulations in processing personal data and ensure that your personal data is adequately protected throughout the retention period.

5. Who can process your personal data?

We are committed to protecting your personal data and limiting its use only to the purposes for which it was collected. The processing of your personal data is primarily carried out by our employees who need the information to perform their duties. This means, for example, members of customer service, order processing, and marketing teams. All our employees who handle your personal data are trained in data protection and are committed to following applicable data protection regulations and our policies.

Additionally, we may share your personal data with subcontractors and partners who act on our behalf and assist us in providing our services. Such parties may include payment service providers, logistics and delivery companies, marketing and analytics service providers, and IT support services. These third parties process your personal data only in accordance with our instructions and data protection policies, and we ensure that they have appropriate security measures and agreements in place to protect your personal data.

In certain cases, we may also be legally required to disclose your personal data to authorities, such as tax or law enforcement authorities, to comply with applicable laws or regulatory orders.

In all cases of personal data disclosure, we strive to ensure that recipients adhere to the same strict data protection standards as we do, and that the processing of your personal data is always in accordance with legislation and our data protection principles.

6. Measures to protect your personal data

We protect your personal data through various technical and organizational measures to ensure its security, confidentiality, and integrity. Key technical measures include data encryption, firewalls, malware protection, and access control systems that prevent unauthorized access to your data. Our systems and processes are designed to ensure that your personal data is handled securely and are accessible only to authorized personnel.

Organizationally, we are committed to a high standard of data protection. This means ongoing training of our staff in data protection practices, adherence to internal guidelines related to the handling of personal data, and regular review of our data protection policies. Additionally, we conduct regular security audits and risk assessments to identify and manage potential security risks.

Regarding cooperation with third-party service providers and partners, we ensure that they adhere to similar strict data protection standards. In our agreements with third parties, we require that they have appropriate data protection measures in place to protect your personal data.

Despite these measures, it's important to note that data transmission over the internet can never be entirely secure. However, we do our utmost to ensure the security of your personal data and respond quickly if any security breaches occur. Additionally, we encourage our customers to be aware of their own data security and protect their information, for example, by using strong passwords and following best practices for data security.

7. Use of cookies

In our online store, we use cookies to improve the user experience and offer customized services. Cookies are small text files that are stored on your device when you visit our website. They help us understand how users interact with the site, enable the functionality of the shopping cart, and help us provide you with targeted content.

We use both temporary (session cookies) and permanent cookies. Session cookies are automatically deleted when you close your browser, while permanent cookies remain on your device for a specified time or until you manually delete them. We use cookies for purposes such as ensuring the functionality and security of the site, saving user preferences, analyzing site traffic and behavior, and implementing targeted marketing.

You can manage and restrict the use of cookies through your browser settings. However, it's important to note that deleting or blocking cookies may affect the functionality of the website and your user experience. We also offer the option to choose and manage which types of cookies you consent to being used when you visit our website.

For more information on the use of cookies, their management, and deletion, please refer to our cookie policy available on our website. We respect your privacy and strive to ensure that the use of cookies is transparent and under your control.

8. Rights of the data subject

According to data protection legislation, you, as the data subject, have several rights regarding your personal data. Your rights include:

  1. The right to access information: You have the right to request confirmation from us on whether personal data concerning you is being processed, and if so, access to this data.

  2. The right to rectification: If you notice that the information we collect is incorrect or incomplete, you have the right to request that we correct or supplement it.

  3. The right to erasure ("right to be forgotten"): In certain situations, you have the right to request the deletion of your personal data, for example, when the data is no longer needed for its original purpose of collection.

  4. The right to restrict processing: In certain circumstances, you can request that we limit the processing of your personal data, for example, if you contest the accuracy of the data.

  5. The right to data portability: You can request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller.

  6. The right to object to processing: You have the right to object to the processing of your personal data in certain situations, such as for direct marketing purposes.

  7. The right not to be subject to a decision based solely on automated processing, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

We respect these rights and offer practices and methods for exercising them. You can exercise your rights by contacting us via email or through our website. We aim to respond to all such requests as quickly as possible and within the timeframe required by law.

9. Changes to the privacy policy

We reserve the right to make changes to this privacy policy from time to time to keep it up to date and reflect changes in legislation, technology, or our business processes. Any changes made to our privacy policy will be published on our website, and if the changes are significant, we aim to inform our customers in a suitable manner, for example, via email or through our website.

We recommend that you regularly check our privacy policy to stay informed about how we process your personal data and what rights you have. The date of the privacy policy is always updated when changes are made, so you can easily see when the last update was made.

If you continue to use our online store after the update of the privacy policy, it is considered that you accept the updated terms. If you do not accept the updated privacy policy, you have the right to stop using our website.