Your personal data is important to us
We updated our privacy notice to reflect changes in Samuji’s operations. Review our updated privacy notice where we describe in more detail how we safely process and use your personal data.
OUR DATA PROTECTION IN A NUTSHELL
This privacy notice describes how Nosh Project Oy (‘we’, ‘us’ or ‘our’) processes the personal data of customers and potential customers.
• We collect your personal data when you visit our online store, subscribe to our newsletter or otherwise interact with us.
• The data we collect may be data that you yourself provide in connection with making purchases on the online store or participating in a campaign. In addition, we process personal data that are stored when you use our online service (such as cookies, location data and IP addresses). These data can usually be linked to you only with the help of additional information.
• We process your personal data to deliver orders and to implement and develop our customer management and services. Processing the collected data helps us to analyse our customers’ preferences and wishes.
• We process your personal data when we provide you with customer service and send you customer communications. With your consent, we may also send you electronic direct marketing. In addition, processing your personal data enables us to target marketing according to your interests.
• We respect your privacy in all of our processing. We will not process data that can be linked to you unless it is necessary to fulfil the purpose of the processing.
• You can influence how we process your personal data. Below, we describe in more detail your rights as a data subject and how you can exercise them. You have the right to withdraw your consent to the processing of personal data, the right of access to your personal data, the right to rectification and erasure of data, right to restriction of processing and the right to transfer data to another data controller. In addition, you have the right to object to processing of personal data and the right to lodge a complaint with a data protection authority.
• In matters related to data protection, you may contact us by e-mail to the address firstname.lastname@example.org.
1. DATA CONTROLLER
Business ID: 3202539-2
Address: Vilhonvuorenkatu 12, 00500 Helsinki email@example.com
2. WHAT PERSONAL DATA DO WE PROCESS?
We process data related to the following data categories and data on changes thereto in connection with the online store:
2.1 DATA ON ORDERS AND CUSTOMER ACCOUNT:
• First name and surname
• Contact information (postal address, e-mail address, phone number)
• The content and tracking data of your orders and data on your order history
• Complaints, feedback and other interactions, communication and actions related to the customer account, including recorded phone calls and the data subject’s activity in social media services concerning the data controller
• Data on the use of our services, such as data on the subscription to our newsletter and on the participation to sweepstakes and contests
• Consents to and refusals of direct marketing
• Marketing activities targeted at you, their use and data on whether you have opened our newsletters
Not providing certain personal data may lead to a situation where we cannot deliver your order or enter into an agreement with you about selling our products, i.e. we cannot sell you our products.
2.2 AUTOMATICALLY COLLECTED DATA ON THE USE OF OUR WEBSITE
In addition to the aforementioned personal data collected from you, we process your personal data when you visit our online store even if you have not registered as our customer or logged in to our service. When you enter our website, we process the following data by means of cookies and other similar technologies:
• Data on your terminal equipment and online behaviour (such as IP address, browser type and your browsing history on our website)
• Time of browsing and duration of the session
• Which links or advertisements you click and which advertisements or other content you have watched
• Data derived and profiled by using analytics and tracking technologies See below more detailed information on the analytics services we use.
3. FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data especially from you when you provide data while visiting our online store. You may provide data about yourself, for example, when you fill out an order form. We also collect your personal data in connection with customer service situations and when you have subscribed to our newsletter.
In addition, we collect your personal data through the terminal equipment you use by means of cookies or other similar technologies.
4. WHY DO WE COLLECT AND PROCESS YOUR PERSONAL DATA? 4.1 CUSTOMER MANAGEMENT AND PROVISION OF SERVICES
We process your personal data referred to above in section 2.1 to manage and develop the customer relationship. We need your personal data to implement our services, such as delivering or invoicing your orders.
We may also arrange sweepstakes and contests, and to implement them, we need to process your personal data referred to in section 2.1. In addition, we process the aforementioned data to offer discounts and benefits and to investigate complaints, errors and other disruptions.
4.2 CUSTOMER COMMUNICATION, MARKETING AND PROFILING
We also process the personal data referred to in section 2.1 to implement customer communications, for example when we inform our customers about a recall of a product, send order or delivery confirmations and communicate in connection with exchanges and refunds.
In addition, we use the personal data referred to in sections 2.1 and 2.2 for direct marketing and other marketing as well as for market and opinion surveys, including electronic direct marketing.
In order to offer interesting content, we may target our marketing communication by analysing and profiling the data referred to in sections 2.1 and 2.2, such as data on orders and the use of our services. We do not carry out automatic decision making based on profiling or otherwise.
4.3 SERVICE DEVELOPMENT
We also process the personal data referred to in sections 2.1 and 2.2 to analyse and develop our services and other business operations and for statistical purposes.
In addition, we process the personal data referred to in section 2.1 to prevent and investigate any misuse.
5. WHAT IS THE LEGAL BASIS FOR THE PROCESSING? 5.1 LEGITIMATE INTEREST
Our right to process the personal data referred to in section 2.1 is partly based on a legitimate interest created by the customer relationship. We process your data, for example, to provide services, send marketing and sell our products to the extent necessary to perform these actions. We also process your personal data to create profiles and to send marketing based on a legitimate interest.
Our right to process the personal data referred to in section 2.2 is based on our legitimate interest to monitor how our website is used, optimise its functions, fix its errors and target marketing.
We have assessed in the manner required by data protection legislation and authority guidelines that your interests, fundamental rights and freedoms do not outweigh our legitimate interest to process your personal data in the manner described in this privacy notice. You may exercise your rights described in section 11 of this privacy notice if you want to object to or restrict the processing of personal data that we perform.
We process the personal data referred to in section 2.1 to fulfil our agreement with you and to take steps at the request of you prior to entering into the agreement. An agreement will be concluded between you and us when you accept our delivery terms and order our products either from our door-to-door representative or from our online store.
We process the personal data referred to in section 2.1 based on your consent to the extent that we ask for your consent to send electronic direct marketing. We also process the personal data collected by means of cookies and other tracking technologies based on your consent for setting cookies.
You have the right to withdraw your consent for the processing of personal data at any time by contacting the contact person specified in section 2 or, with respect to electronic direct marketing, by clicking the link that is included in marketing messages.
5.4 LEGAL OBLIGATION
We process the personal data referred to in section 2.1 to comply with our legal obligations when we process your data to comply with accounting obligations or disclose data to authorities.
6. TO WHICH PARTIES DO WE DISCLOSE PERSONAL DATA?
We disclose personal data within the limits permitted and required by the legislation in force from time to time.
We disclose personal data to our business partners, such as our payment service provider for making payments for the purchases from the online store. In addition, we may disclose information such as your name and contact details to our partner providing logistics services for delivering orders.
We use the Shopify service as our online store platform. Further information on processing of personal data in the Shopify service is available here: https://www.shopify.com/legal/privacy/customers
We also use the Google Analytics service. The service may have access to some identifiable information such as your IP address. Further information on the personal data collected by the service is available here: https://policies.google.com/technologies/partner-sites.
When necessary, we also disclose personal data to other parties that have the right to obtain data in accordance with the legislation, such as competent authorities.
We transfer personal data to IT service providers to be stored and processed in accordance with our instructions for purposes determined by us and on our behalf.
7. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY
Some of our business partners or service providers referred to above may process your
personal data outside of the EU/EEA. In these situations, we have generally entered into an agreement with the party in accordance with the EU Commission’s model contract clauses that ensure safe data processing in third countries as well. However, if it is necessary to disclose or transfer data to perform an agreement that has been entered into with you or in your favour or if some other legal ground for exemption is applicable, we may not use the model contract clauses. We seek to ensure the safe processing of your data abroad by other means as well. If necessary, we can give you more detailed information on international data transfers.
8. HOW LONG DO WE STORE YOUR PERSONAL DATA?
We store personal data as long as it is necessary with respect to the processing purposes or to comply with our contractual and legal obligations.
• We store order information and data collected in connection with customer service for two (2) years from the end of the calendar year in which you last visited our online store or interacted with our customer service.
• We store personal data necessary for fulfilling our accounting obligations for six (6) years from
the end of the financial period during which the data was collected. The six-year storage period also applies to the personal data of the winners who participated in our sweepstakes and contests. However, the personal data of other participants in sweepstakes and contests are stored for two (2) years after the sweepstake or contest.
• If you have subscribed to our newsletter, we store your personal data as long as the newsletter subscription is active. If you unsubscribe from the newsletter, i.e. withdraw your consent to sending electronic direct marketing, we will stop sending newsletters to you without undue delay but store the information on the marketing prohibition after the withdrawal as long as your personal data are being processed for other purposes, for example based on your visits to the online store.
• We store personal data collected by means of cookies and other tracking technologies for 26 months.
9. RIGHTS OF THE DATA SUBJECT - HOW CAN YOU INFLUENCE OUR PROCESSING OF YOUR PERSONAL DATA?
Data protection legislation provides you with rights that are described below. These rights strengthen your privacy and enable you to control the processing of your personal data.
We will without undue delay and no later than within six months from your contact send you information on the actions that we have taken due to requests related to exercising your rights.
If you make several requests or if your request is particularly complex, we may, if necessary, extend the deadline of our response with two (2) months at most. We will notify you of such delay separately.
You may make a request related to the right described here in section 11 by using the contact information specified above.
Please note that, if necessary, we may ask you to send additional information needed to confirm your identity.
10. RIGHT OF ACCESS TO DATA
You have the right to receive a confirmation from us of whether we process your personal data. In addition, you have the right of access to the data concerning you and the right to receive informa- tion under the General Data Protection Regulation regarding the processing of personal data.
When you exercise your right of access to data, we will send you a copy of your personal data that we process. If you make the request electronically, we will send the information in a commonly used electronic form unless you explicitly ask for another form of delivery that we can reasonably implement.
We may charge a reasonable fee based on administrative costs if you ask for several copies or make requests repeatedly.
We cannot give you information that could disclose business secrets or infringe the rights or freedoms of any other person. For example, we do not disclose the personal data of other people despite your request.
10.1 RIGHT TO RECTIFICATION
You have the right to request that we correct inaccurate data concerning you without undue delay. In addition, you have the right to have incomplete personal data completed by means of providing us with a supplementary statement.
10.2 RIGHT TO ERASURE
You have right to request that we erase the personal data concerning you without undue delay if:
• your personal data are no longer needed for the purposes for which they were collected or for which they were otherwise processed (for example, if your personal data is no longer needed for
customer management, to ensure accounting related to ticket sales or for other similar purposes);
• you object to processing on grounds relating to your particular situation and there are no overriding legitimate grounds for the processing;
• you object to the processing of your personal data for direct marketing purposes; • we have unlawfully processed your personal data; or
• your personal data have to be erased for compliance with a legal obligation to which we are subject.
10.3 RIGHT TO RESTRICTION OF PROCESSING
You have the right to restrict our processing of your personal data in such a way that, in addition to storage, we may only process your personal data with your separate consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another person if:
• you contest the accuracy of your personal data, in which case the processing is restricted for a period it takes to verify the accuracy of the data;
• the processing of your personal data is unlawful but you oppose the erasure of your personal data and request the restriction of their use instead;
• we no longer need your personal data for the purposes of the processing described in section 6 of this privacy notice, but you require them for the establishment, exercise or defence of legal claims;
• you have objected to the processing of your personal data on grounds relating to your particu- lar situation pending the verification whether our legitimate grounds override the grounds for your objection.
10.4 RIGHT TO DATA PORTABILITY
To the extent that you yourself have provided your personal data to us with, for example, a form in our online service, you have the right to receive that personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller in so far as we have processed your personal data automatically and the processing is based on either your consent (such as a consent for electronic direct marketing) or the processing of your personal data is necessary in order to perform an agreement, such as the online store user agreement.
The right to data portability is restricted to procedures that do not adversely affect the rights and freedoms of others. You do not have the right to data portability if the personal data in question are being processed based on our legitimate interest.
11. RIGHT OF OBJECTION
You have the right to object to the processing of your personal data on grounds relating to your particular situation if there are no overriding legitimate grounds for the processing.
In addition, you always have the right to object to the processing of your personal data for direct marketing purposes. After you have exercised this right of objection, direct marketing or the processing of your personal data for direct marketing purposes can no longer be performed.
12. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
You have the right to lodge a complaint with a competent supervisory authority, in Finland the Data Protection Ombudsman, if you consider that the processing of your personal data has infringed your rights under data protection legislation and especially the General Data Protection Regulation.
13. HOW DO WE KEEP YOUR PERSONAL DATA SECURE?
Adequate protection of personal data is extremely important to us. We collect the data into databases that are protected with firewalls, passwords and other technical means. The databases and their backups are located in locked and guarded premises and only a few individuals who have been designated beforehand have access to the data.
We have ensured with contractual means that our business partners that process personal data on our behalf have undertaken to protect personal data with respect to the actions of their own employees as well.
Data set in a physical form are stored in locked business premises that are used by us.
14. COOKIES AND ANALYTICS SERVICE
With cookies, we collect data about the terminal equipment you use and your behaviour in our service, such as data about the website from which you came to our service, which browser you use or when and which part of the service you have browsed. We use this data, for example, to develop the usability of our online service, to analyse visitor data, to carry out customer research, to personalise content, to target communication and marketing and to manage advertising. To determine products that may interest you, we may collect data on the webpages that you open or products that you have bought so that we can advertise relevant services to you.
We use the analytics functionalities of the Shopify online store platform. Further information on
processing of personal data in the Shopify service is available here: https://www.shopify.com/legal/ privacy/customers
We also use the Google Analytics service for the aforementioned purposes. Further information on personal data that the service collects is available here: https://policies.google.com/technologies/ partner-sites.
You can at any time block cookies in full or in part by altering your browser settings. You can also delete previously stored cookies. Please note, however, that blocking cookies may affect the use of our website and services and their parts or functions or even prevent them altogether.
We may occasionally amend our data protection policies, for example based on changes to our own procedures or to legislation and interpretive practices. We recommend that you review our data protection information regularly so that you are fully informed of any changes thereto.
When we amend our data protection policies, we will give a notice about it on our website.