DATA PROTECTION STATEMENT - MYSODA OY
This general Data Protection Statement describes how the company (hereinafter referred to as the Controller) processes and safeguards the personal information specified herein in accordance with current legislation, applicable official guidelines, and a careful data protection policy.
2. Controller and contact information
Holkkitie 6, 00880 Helsinki
Puh. +358 (0)20 712 1590
3. Contact person
Mysoda Oy, Jussi Aura
4. Purpose and basis of processing
Depending on the processing operation, the basis for data processing is:
- the necessity of processing based on our agreement with you (customer relationship or cooperation/sales agreement) or statutory obligations;
- your consent, such as granting permission for marketing in certain circumstances, participating in our campaign or competition, or providing feedback;
- a legitimate interest in customer communications and marketing in certain circumstances; or
- a legitimate interest and, in specially defined circumstances, consent to the development of our online shop and business as further specified below.
We shall request your prior consent and separately inform you of the processing and its grounds when necessary if we collect your personal information for other purposes.
5. Personal information
We, or our trusted partners, collect and process the following details:
- Details of customership or cooperation: Name, address, telephone number and login credentials (e-mail address and password), transaction language, marketing permissions and purchase history. We also collect information from you concerning methods of delivery and payment when you place an order at the online shop. We also retain information concerning agreements.
- Customer service and order information: The information collected during a contact that is required for discharging a customer service request and processing orders.
- Other communication with you: We record details of communications with you. You may also be invited to participate in market research or to provide feedback.
- Marketing competitions and campaign information: We may collect your contact details (e-mail and postal address, telephone number) for the purpose of sending prizes when you enter a competition or complete a customer survey, depending on how the competition or survey is arranged. Details of winners will be retained until the prize has been delivered, and for the period required by law, and information may be disclosed to public authorities for taxation and other reasons. Further details will be available for specific competitions and campaigns where necessary.
- Website usage information: Website transactions, such as page views, ordering information, shipping and payment methods, login details, and selected optional permissions displayed on the website. Further details on our cookie page.
- Website development information: We use information collected from our customers to develop our products and services, and to improve our customer service. We analyse the activities of visitors to the online shop, using this information to improve the shop. We mainly use aggregated or anonymous data for such analyses. Further details are available on our cookie page.
- Online shop orders and customer account management: We use personal information related to online shop purchases for processing and delivering orders, and for maintaining customer accounts in the online shop. The information is processed on the Shopify online store platform. The systems used for processing orders enable picking, inspection, delivery, additional platform services and customer service related to your order from our online shop. These systems may process all personal details related to online shop orders.
- Picking and order processing, and logistics information: We use the information in order printouts, for example. To be able to deliver your order, we release a name and contact details to our partners. The telephone number or other contact details that you provide at the time of ordering are used for communications related to delivering the order, such as arrival notifications. The Shopify e-commerce platform uses various applications to provide additional e-commerce services.
- Other digital marketing: We use personalisation for such purposes as digital advertising outside our online shop, for example in our marketing via social media channels. Digital marketing involves the use of various digital advertising networks and advertising technologies, such as cookies. Further details and options are available on our cookie page. We also use feedback collected through the feedback application for marketing.
- Payment service providers: We use external suppliers for processing payments. This personal data processing is necessary for us to deliver the products that you have ordered.
- IT partners and suppliers: Some systems are installed locally for us, so that only our own staff can access information. Some systems are cloud services, in which case we transfer personal information to the service provider concerned. The service provider or IT supplier then becomes our personal data processor assigned to process the data in accordance with our instructions. We process customer information internally in our loyal customer system, ERP system, e-commerce system, and customer account management and marketing system.
- Public authorities: We may be required in some cases to disclose your personal information by law or official regulation at the request of a public authority, such as in the course of a criminal investigation or legal proceedings.
6. Cookies, cookie selections and analytics
7. Further details concerning recipients of your personal information
As the Controller, we rely on services provided by external partners or service providers. These services may involve granting access to your personal information to our partners, both inside and outside the EU and the EEA. Any transfer or disclosure of information is governed by applicable statutory security measures. Such transfer or disclosure is either subject to an agreement with our partner in accordance with the standard contract clauses and other conditions established by the European Commission, or there are other lawful grounds for the transfer, such as the preparation, filing or defence of a legal claim. As the Controller, we may also transfer and disclose information, for example at the time of a corporate transaction or acquisition.
8. Retention periods
Our customer account management and marketing system retains your customer information for a default period of five (5) years since the account was last active. The system defines account activity as one of the following measures: purchasing from an online shop, logging into the account, communicating with us, or subscribing to a newsletter. The My Account section of our online shop retains the personal information that you provided for as long as your user account remains active. If you subscribe to our newsletter, then your contact information will be retained for as long as you wish to continue receiving the newsletter.
Customer service information is processed for the time required to deal with the case, and for as long as the parties may file legal claims against one another. The contact details of entrants to individual marketing and campaign competitions are deleted after the winners have been contacted and the prizes have been delivered.
The details of cooperation agreements are retained for the duration of cooperation under the agreement, and for as long as the parties may submit claims based on the agreement and the Controller has a duty to retain the information based on legislation or official guidelines from the authorities.
Information collected during your visit to our website (such as IP address, browser, language, city of location) is retained for the purposes of analysis and reporting for a default period of 26 months. Further details are available in our cookie statement.
9. Protection of personal data
Information is protected against unauthorised access and accidental or unlawful destruction, alteration, disclosure, transfer or other unlawful processing. Protection is arranged by technical, administrative and electronic means, and through data security functions.
10. Rights of a Data Subject and issues related to processing of personal data
As a Data Subject under applicable law, you are entitled to:
- receive information concerning the processing of your personal information
- access your information
- correct errors in your information
- delete the information and be forgotten
- restrict processing of your information
- transfer your information between systems
- object to processing of your information
- not be subject to automated decision-making
Please contact our data protection contact person in all matters related to processing your personal information and exercising your rights. The right of inspection is free of charge when exercised once a year.
We shall provide an individual solution within one (1) month of submission of any request to exercise rights. The rights of a Data Subject cannot all be exercised without restriction under all conditions. The exercise of rights may be subject to restrictions. Factors affecting the situation include the grounds for processing your personal information. A Data Subject is nevertheless always entitled, for example, to prohibit the use of information for direct marketing purposes.
As the Controller, we correct or delete any personal information in our records that is incorrect, unnecessary, incomplete, or outdated for the purpose of processing, either spontaneously or at your request and without undue delay, unless we have a duty to retain the information.
11. Right to lodge a complaint with a supervisory authority
If you believe that your personal information is not being processed in accordance with the General Data Protection Regulation (EU) 2016/679 or with other applicable legislation, and you are unable to resolve the matter through contact with us, then you may lodge a complaint with the supervisory authority in the EU Member State where you are domiciled or employed, or where you consider that the breach of provisions occurred.
The supervisory authority in Finland is the Data Protection Ombudsman:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, FI-00530 Helsinki
Telephone (switchboard): + 358 29 566 6700
12. Changes and updates to the privacy statement
We may amend this Data Protection Statement from time to time, among others, due to updates to our data processing policies or changes in legislation. This statement was last updated on 14 December 2021. The current Privacy Statement is always available on our website.