Registry owner and controller
Business ID: 2331443-2
If you would like more information about how we process and protect your data beyond what is laid out in this policy, please contact us via our customer support email: firstname.lastname@example.org
What kind of information do we collect and how do we use it?
Under the General Data Protection Regulation, we are legally required to inform our customers how we use and store your data. We collect your personal information for the purpose of managing customer relationships. This information must be provided by you, and it is our responsibility to ensure that it is secure. You cannot order anything from our online store if you do not provide some personal information, as outlined below.
We also collect personal information for marketing purposes. As an online customer, you give your consent to use your data for these purposes. You can revoke this consent by going to your user profile, or before confirming your order if you do not have a user profile.
Here is a list of personal information we collect:
- First and last name
- Email address
- Phone number
- Order history
- Tracking numbers (for postal services/shipping companies)
Who has access to my information?
Only our employees have direct access to your information. They have been trained to treat information you have provided confidentially, and ensure that your data is secure.
We also upload anonymous information to third parties for marketing and analytics. This means that some of the information you have provided is shared with these parties. In the case of Facebook and Google, such information shared cannot be linked to you personally. We only use trusted and certified partners who abide by the General Data Protection Regulation. Our partners do not have permission to share your information or to use it for any further purposes not explicitly stated.
Here is a list of all parties who handle your information:
- Our employees
- Payment services we partner with (Paytrail)
- Logistics companies who deliver your orders
- Our accountant
- Our web hosting service
- Our marketing partners (Facebook, Google, and Klaviyo)
Our email marketing partner Klaviyo is based in the US, outside the jurisdiction of the General Data Protection Regulation, though Klaviyo is legally required to abide by the EU-US Privacy Shield Framework. We use Klaviyo to analyze and store some of your data, which helps us send you more relevant emails, so as not to clog your inbox with mail you don’t care about. Though the data we give to Klaviyo isn't entirely anonymous, as we must provide your name and email, no one can access any of your data except us and employees of Klaviyo. Klaviyo is not authorized to share your email with any of their affiliates or partners, and we are responsible for managing data provided to Klaviyo. If you would like your data removed from Klaviyo’s system, you may contact us directly at email@example.com, and we will delete it, so you will not need to contact Klaviyo personally.
You can read more about how Klaviyo handles and stores your data here: https://www.klaviyo.com/privacy/dpa
You can read more general information about the EU-US and Swiss-US Privacy Shield Frameworks here: https://www.privacyshield.gov/Program-Overview
Additionally, here is a link that allows you to restrict the use of targeted Facebook ads: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
The data we send to Google is anonymous and doesn’t contain any personal information and all data over 26 months old is automatically removed from Google’s servers.
How long do we store your data?
Legislation requires that we store certain types of data for the following minimum time periods:
- Online store order-related data: minimum of five years
- Email archive: minimum of seven years
- Accounting records: minimum of seven years
You have the following rights regarding your data:
- To access and review your data
- To correct your information (this can be done through your account profile page or by email request here: firstname.lastname@example.org)
- To request restrictions on your data processing (for example, you may limit or restrict the types of email marketing you wish to receive)
- To revoke consent (for example, you may opt-out of email marketing altogether)
- To file a complaint to your local Data Protection Authority (in this event, we request that you let us know so we can correct the error)
- To have your data erased*
*Please note that the right to have your data erased is only applicable if the aforementioned legal obligations regarding the minimum time periods to store your data do not apply to said information.
We store your data in secure servers with password encryption.
We utilise cookies and browser cache in order to make the webstore function better and faster. These cookies are also used to analyze our user preferences. However, we cannot identify you through the use of these cookies.
Additionally, the cookies are used to target our communication and ads. For example, after you’ve visited our webstore you may see ads for products you viewed on your last visit on our partners’ websites.
You may deny the use of these cookies in your browser settings.