Privacy Policy
Last updated: May 2026. Compliant with EU General Data Protection Regulation (GDPR, 2016/679).
1. Data Controller
[Company Name]
[Street Address, Postcode, City]
Business ID: [VAT/Business ID]
Email: [privacy@company.com]
Phone: [+358 X XXX XXXX]
2. Personal Data Processed and Legal Bases
| Category | Examples | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Customer data | Name, address, email, phone | Performance of contract (6.1.b) |
| Order and payment data | Order history, payment method, invoicing | Contract (6.1.b) and legal obligation (6.1.c) |
| Accounting records | Invoices, receipts | Legal obligation (6.1.c) - Accounting Act |
| Marketing data | Newsletter subscription, marketing consent | Consent (6.1.a) |
| Website logs | IP address, browser type, cookies | Legitimate interest (6.1.f) |
3. Purposes of Processing
- Processing orders, deliveries and customer service
- Invoicing and payment management
- Compliance with legal obligations (accounting, consumer protection)
- Marketing communications based on consent
- Security and service improvement
4. Disclosure of Personal Data
We share data only as necessary: with delivery companies (shipment), payment service providers (payment processing), accountants (legal obligation) and authorities (when required by law). We do not sell personal data to third parties.
5. Transfers Outside the EU/EEA
We do not transfer personal data outside the EU/EEA as a rule. Where necessary, we ensure appropriate safeguards such as EU Standard Contractual Clauses (SCCs).
6. Retention Periods
- Customer data: duration of the customer relationship + 3 years
- Accounting records: 10 years (Accounting Act)
- Marketing consents: until withdrawal of consent
- Log data: 12 months
7. Your Rights as a Data Subject
You have the right to: access your data (Art. 15), rectify inaccuracies (Art. 16), request erasure (Art. 17), restrict processing (Art. 18), data portability (Art. 20), object to processing (Art. 21), and withdraw consent at any time. Submit requests to: [privacy@company.com]. We will respond within one month.
8. Right to Lodge a Complaint
You have the right to lodge a complaint with your national supervisory authority. In Finland: Office of the Data Protection Ombudsman, PO Box 800, FI-00531 Helsinki | tietosuoja@om.fi | +358 29 566 6700
9. Data Security
We implement appropriate technical and organisational security measures including SSL encryption, access controls and regular security audits.