For what purposes is personal data collected and used?
We collect, store and process your personal data only for predefined purposes. The main purposes for processing personal data are:
SALES, DELIVERY AND RETURNS. Our main purpose for collecting and storing personal data is processing customer orders for our products, handling payments, arranging deliveries as well as handling possible returns.
MARKETING. We collect and use personal data for marketing purposes, including marketing analytics, direct email marketing (based on consent) as well as targeting advertising in search engines and social media channels.
CUSTOMER COMMUNICATIONS, FEEDBACK AND HANDLING COMPLAINTS. We use personal data for communicating with existing and potential customers, responding to requests, handling their feedback as well as possible complaints about our products.
DEVELOPING OUR OFFERING AND BUSINESS. We may also use personal data to develop our product range and offering within the area of jewellery business.
FULFILLING OTHER CONTRACTUAL AND LEGAL OBLIGATIONS. Personal data may also be collected and processed for fulfilling legal obligations, such as responding to requests made by authorities.
What data do you collect about me and from which sources?
We collect personal data about you mainly from yourself when you contact us or purchase our products. We may also collect personal data about our website visitors with Google Analytics to analyse our website use, develop it further and for targeting relevant marketing content for our customers and website visitors.
Typically we may get following personal data directly from you or during your purchase of our products:
- Delivery address
- Order and payment information
- Email address
What is the basis for processing my personal data?
We make sure that we always have a legal basis to process your personal data. We may process your data on a several different basis. Firstly, we may process your data to fulfill and execute a contract, such as deliver and collect payments regarding ordered products. Secondly, we may process your data also to further our legitimate interests, which are especially handling customer feedback and developing our jewellery offering. With your consent we may send you email newsletters and marketing messages. Finally, we may also process your personal data to fulfill legal obligations, such as bookkeeping and requests made by authorities.
Who processes my personal data and is it transferred to anyone else?
Primarily your personal data is processed by people within our own organization. However, some subcontractors may process or have access to our personal data based on agreements we have with them. Firstly, our website is hosted and maintained by Finnish service providers. Secondly, we use Mailchimp for sending email newsletters to subscribers. In these situations, we make sure that the confidentiality of your personal data is secured and data is otherwise processed lawfully. We may also disclose information to fulfill our other contractual or legal obligations or when a legal authority requires a disclosure. We may also disclose your personal data if we are a party of a business sale, such as a merger or an acquisition.
Is my data transferred outside the EU?
By default, your data is not transferred outside the EU. Only exception is the use of Mailchimp for sending email newsletters to those who have subscribed for it. Mailchimp is a US-based company and has a EU-US Privacy Shield certification.
How long is my data stored?
We will not store your personal data for longer period than is necessary for its purpose or required by contract or law. The storage times for personal data may vary based on its purpose and the situation. Mainly we store for longer periods email address only.
How is my data stored and kept secure?
Your data is stored on the servers provided by our service providers, which are secured according to general industry standards and practices. We consider and keep your personal data confidential and do not disclose them to anyone else than those who need it for their work or confidentially to our subcontractors based on contracts we have made with them. Access to your personal data has been protected with user-specific logins, passwords and user rights.
Is it mandatory to provide personal data? What happens if I don’t give it to you?
If you don’t provide us some of your personal data or allow processing of it, it is very likely that we cannot serve you and fulfill the purpose of our business, as we sell products online. If you don’t want us to process your data, we ask you to not provide us any personal data.
Usually it is not possible to recognize a person or the user of the website from the data contained in cookies, but if you have previously registered as a user on our website or we otherwise have already personal data about you, the data from the cookies may be incorporated with such data. Therefore, sometimes data in the cookies may be considered as personal data.
THIRD PARTY COOKIES AND APPLICATIONS ON OUR WEBSITE When using our website, we may run third party applications and certain third party services providers may store cookies on your device for the purposes of website and marketing analytics and development as well as targeting of content and advertising. These may include services providers such as Google Analytics, Google Tag Manager, Google Ads, reCAPTCHA, Facebook and other similar services providers and marketing networks. Some of these may be located outside the EU. More information about the cookie and privacy policies of these services providers can be found from their website. We are not responsible on their data processing practices. Third party advertising targeting can also be managed on Your Online Choices website.
We may update our practices relating to cookies due to changes in our business practices or in applicable laws.
What rights do I have relating my personal data?
WITHDRAW YOUR CONSENT. If we process personal data based on your consent, you can at anytime withdraw your consent by notifying us, for instance by sending email to email@example.com.
ACCESS TO DATA. You have the right to have confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.
RIGHT TO HAVE ERRORS CORRECTED. You have the right to request that we correct any inaccurate or outdated personal data we have about you.
RIGHT TO PROHIBIT DIRECT MARKETING. You have the right to request that your personal data is not processed for direct marketing purposes by sending us email to firstname.lastname@example.org.
RIGHT TO OBJECT PROCESSING. If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.
RIGHT TO RESTRICT PROCESSING. In certain situations you have the right to require that we restrict processing of your personal data.
RIGHT TO DATA PORTABILITY. If we process your personal data based on your consent or fulfilling of a contract, you have the right to require transfer of the data you have provided to us to another services provider in a commonly used electronic format.
How can I use my rights?
You can execute and use your rights by contacting us, for instance by sending email to email@example.com. In such case, we ask you to provide us your name, contact details, phone number as well as a copy of valid personal ID, such as a driver’s license or passport, so we can verify your identity. If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervisory authority.
Who can I contact in privacy matters?
Väisänen Design Oy
Business ID: 2843586-6
Myhkyrinkatu 20 A 18