Registry owner and controller
Pasilan Puistotie 8
(Business ID / VAT number: 3293635-6)
If you would like more information about how we process and protect your data beyond what is laid out in this policy, please contact us via our customer support email: firstname.lastname@example.org
What kind of information do we collect and how do we use it?
Under the General Data Protection Regulation, we are legally required to inform our customers how we use and store your data. We collect your personal information for the purpose of managing customer relationships. This information must be provided by you, and it is our responsibility to ensure that it is secure. You cannot order anything from our online store if you do not provide some personal information, as outlined below.
We also collect personal information for marketing purposes. As an online customer, you give your consent to use your data for these purposes. You can revoke this consent by going to your user profile, or before confirming your order if you do not have a user profile.
Here is a list of personal information we collect:
Who has access to my information?
Only our employees have direct access to your information. They have been trained to treat information you have provided confidentially, and ensure that your data is secure.
We also upload anonymous information to third parties for marketing and analytics. This means that some of the information you have provided is shared with these parties. In the case of Facebook and Google, such information shared cannot be linked to you personally. We only use trusted and certified partners who abide by the General Data Protection Regulation. Our partners do not have permission to share your information or to use it for any further purposes not explicitly stated.
Here is a list of all parties who handle your information:
Payment services we partner with
Logistics companies who deliver your orders
Our web hosting service
Our marketing partners (Facebook, Google and Klaviyo)
Our email marketing partner Klaviyo is based in the US, outside the jurisdiction of the General Data Protection Regulation, though Klaviyo is legally required to abide by the EU-US Privacy Shield Framework. We use Klaviyo to analyze and store some of your data, which helps us send you more relevant emails, so as not to clog your inbox with mail you don’t care about. Though the data we give to Klaviyo isn't entirely anonymous, as we must provide your name and email, no one can access any of your data except us and employees of Klaviyo. Klaviyo is not authorized to share your email with any of their affiliates or partners, and we are responsible for managing data provided to Klaviyo. If you would like your data removed from Klaviyo’s system, you may contact us directly at email@example.com, and we will delete it, so you will not need to contact Klaviyo personally.
You can read more about how Klaviyo handles and stores your data here:https://www.klaviyo.com/privacy/dpa
You can read more general information about the EU-US and Swiss-US Privacy Shield Frameworks here:https://www.privacyshield.gov/Program-Overview
Additionally, here is a link that allows you to restrict the use of targeted Facebook ads:https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
The data we send to Google is anonymous and doesn’t contain any personal information and all data over 26 months old is automatically removed from Google’s servers.
How long do we store your data?
Legislation requires that we store certain types of data for the following minimum time periods:
Online store order-related data: minimum of five years
E-mail archive: minimum of seven years
Accounting records: minimum of seven years
You have the following rights regarding your data:
To access and review your data
To correct your information (this can be done through your account profile page or by e-mail request here:firstname.lastname@example.org)
To request restrictions on your data processing (for example, you may limit or restrict the types of e-mail marketing you wish to receive)
To revoke consent (for example, you may opt-out of e-mail marketing altogether)
To file a complaint to your local Data Protection Authority (in this event, we request that you let us know so we can correct the error)
To have your data erased*
*Please note that the right to have your data erased is only applicable if the aforementioned legal obligations regarding the minimum time periods to store your data do not apply to said information.
We store your data in secure servers with password encryption.
We utilize cookies and browser cache in order to make the web store function better and faster. These cookies are also used to analyze our user preferences. However, we cannot identify you through the use of these cookies.
Additionally, the cookies are used to target our communication and ads. For example, after you’ve visited our web store you may see ads for products you viewed on your last visit on our partners’ websites.
You may deny the use of these cookies in your browser settings.