Data Controller and contact person
(Business ID: 2657359-5)
Pohjoisesplanadi 21 A
Kristina Pentti-von Walzel
c/o Laponie Oy
Tel.: +358 40 653 6649
Section 1 – What do we do with your information?
We process your personal data only to the extent it is necessary for us to provide you the services you have requested. We process your personal data primarily in order to offer you the opportunity to use our website, to deliver the order you place on our online store, and to fulfil any possible subsequent warranty measures. We also process your personal data to send you updates about your order and may send you questionnaires to measure your satisfaction with our online store or the products ordered by you.
When you purchase something from our online store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. We will also collect information about your order and other information relevant to your customership, such as type and amount of products you ordered, purchase price, date of placing the order, status of your order, method of payment, specifics related to your payment, product returns and customer service requests.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address and certain other metadata such as your browser type, time of visit and the content viewed in order to provide us with information that helps us improve our website.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
Section 2 – Legal Bases for Processing
The legal bases for processing your personal data are either compliance with the agreement entered into between us, compliance with legal obligations to which we are subject, our legitimate interest, or your consent as further described below.
- Contractual and statutory obligations: Processing of your personal data to certain extent is necessary to enable us to fulfil the agreement we have concluded with you. For example, when you place an order in our online store, it is necessary for us to process your personal data so that we can carry out our contractual obligations and deliver your order. Your placing of order also creates certain statutory obligations to us related to e.g. product safety, quality of our products and product returns.
- Our legitimate interest: We process your personal data based on our legitimate interest in particular for administrative purposes and to preventing and resolving possible misconduct that may take place on our website.
- Consent: Based on your consent, we can process your personal data to send you direct electronic marketing.
How do you get my consent?
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org.
Section 3 – Disclosures and Transfers
We may disclose your personal data to our partners within the limits permitted by law, e.g. for purposes of carrying out deliveries. For example, to execute your orders, we use services of our partners (such as payment services providers or shipping and delivery services offered by our logistics partners). We will only provide these partners the information they need to provide the services agreed.
We may also disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
Our store is hosted on Shopify. Shopify acts as our data processor and processes your personal data on our behalf. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. Shopify store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help to ensure the secure handling of credit card information by our store and its service providers.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than you or we are. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
In no circumstances are we, Laponie Ltd, liable for any actions or privacy policies of third parties.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Section 4 – Cookies
Section 5 – Minors and Our Website
Our website is not intended to be used by persons under the age of 18 or other minors. By using this website, you represent that you are at least the age of 18 or majority in your state or province of residence, or that you are 18 or the age of majority in your state or province of residence.
Section 6 – How long will we retain your personal data?
Where the personal data is processed on the basis of an obligation based on applicable law, the retention period may also be subject to explicit statutory requirement. For example, we are obliged to retain any personal data included in accounting material for up to six years. We may also retain certain personal data after the termination of the initial processing purpose, should such retention of personal data be necessary to comply with other applicable laws or should we need the personal data to establish, exercise or defend a legal claim, on a need to know basis only.
Where the processing has been based on your consent, for example in case you have subscribed to our newsletter, we will retain your personal data for as long as you withdraw your consent.
When we no longer need the collected personal data, the data will be safely destroyed or irrevocably anonymized.
Section 7 – Your Rights
The extent of your rights is subject to the legal basis for processing and exercising your rights requires identification.
- Right of access: You have the right to obtain a confirmation from us on whether we processes personal data relating to you and the right to access such data. We may ask you to specify your access request.
- Right to rectification: You have the right to obtain from us the rectification of inaccurate personal date relating to you and processed by us, or to have incomplete personal data processed by us to be completed.
- Right to be forgotten: You have the right to obtain from us the erasure of personal data related to you and we have the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding us related to the storing of the personal data has ended or, where you have withdrawn your consent to the processing of your personal data.
- Restriction of processing: In certain cases, where so prescribed by law, you have the right to obtain from us the restriction of processing of your personal data.
- Right to data portability: Subject to certain conditions prescribed by law, you have the right to receive the personal data relating to you and processed by us in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from us.
- Right to object to processing of your personal data: In certain cases, you may have the right to object to processing of your personal data concerning you. The right to object is applicable in such situations in particular where the processing of personal data is based on our legitimate interest. In such situations we are obliged to follow your request, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the data are needed for the establishment, exercise or defense of legal claims.
In addition, you have the right to lodge a complaint with the supervisory authority regarding our processing of your personal data should you consider that our processing of your personal data is not lawful. The complaint shall be made to the competent supervisory authority, in Finland the Data Protection Ombudsman, in accordance with his instructions. The website of the Data Protection Ombudsman can be found here.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Questions and Contact Information
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer Kristina Pentti at Kristina@laponieskincare.com.