Updated on 16.6.2020

In this privacy notice we describe how we process the personal data of the customers and other users, cooperation partners and other stakeholders of our web store in connection with the services we provide.

1. Controller

Mifuko Oy (FI22522395)

Hämeentie 130 A

00560 Helsinki

Finland

Tel + 358 50 593 2044

shop[at]mifuko.fi

(hereafter ”we”)

2 Contact person for register matters

Minna Impiö

Hämeentie 130 A

00560, Helsinki

+358 50 593 2044

Info[at]mifuko.fi

3 For what purposes and on which legal basis do we collect personal data?

The purposes of processing personal data are:

  • providing and maintaining the web store,
  • fulfilling our contractual and other promises and obligations, such as delivering products ordered from the web store to our customers, registering a user as a customer of our web store and fulfilling the agreement with our cooperation partner,
  • processing the feedback we receive and managing our customer service,
  • analyzing and profiling the behavior of a customer of the web store,
  • marketing, advertising and related segmentation of our web store users,
  • carrying out customer communication such as sending newsletters,
  • conducting opinion and market surveys and marketing campaigns,
  • monitoring communication on our social media channels at a general level to develop our web store and to carry out customer service,
  • processing, invoicing and debt collection of returns related to purchases made in our online store,
  • organizing our customer events, and possible related invoicing and debt collection,
  • processing of personal data in connection with a possible business acquisition or other acquisition.

We use automated decision-making (incl. profiling) to identify personal profiles, online behavior, age and consumer habits. We use this information e.g. to target marketing and to develop our services.

The basis of processing personal data is to perform a contract, our legitimate interest based on customer relationship and/or other relevant connection, and consent.

4 What data do we process?

We process the following personal data:

  • contact information and payment details of the customers of the web store such as name, email address, phone number, address, method of payment and billing information if method of payment is invoice
  • contact information of the registered users of the web store such as name, email address, phone number, address;
  • registration information of the registered users of the web store such as username and password and other possible identifiers;
  • email addresses of the orderers of our newsletters;
  • information of the contact persons of a company such as name, phone number, email address and position in the company, other information provided by business customers or cooperation partners, information related to the customer relationship and other information related to the person's tasks and position in business life;
  • information regarding the customer relationship and the contract such as user profile formed based on the customer relationship, correspondence with the customer/data subject and other contacts;
  • cookies and data related to using them (cookie policy);
  • information related to carrying out communication as well as information on the use of the web store, such as browsing and search data;
  • possible information related to profiling and interests given by the data subject;
  • possible permissions, prohibitions and consents of direct marketing and
  • other possible information necessary for the customer relationship gathered with data subject’s consent.

5 From where do we receive data?

We receive information primarily from the following sources: yourself, population register, authorities, credit information companies, contact information service providers and other similar reliable sources.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.

6 To whom do we disclose data, and do we transfer data outside the EU or the EEA?

When ordering from our web store, data is passed on to the payment service provider enabling the web store payment and/or to the companies providing transport services. These web store partners are presented on our web store or in the order confirmation.

We use subcontractors that process personal data on our behalf. We have outsourced the IT-management to an external service provider, on whose administrated and secured server the personal data is stored. We have also outsourced the storing and logistics of the products of our web store to an outside service provider that processes the personal data of the customers of our web store on our behalf.

The personal data of the customers of our web store is transferred outside the EU/EEA such as to the USA or Canada. When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses and/or is covered by the Privacy Shield -system.

7 How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons.

We do not retain personal data for longer than necessary for the purposes of processing personal data and for the period required by mandatory legislation such as the accounting legislation. We assess the need to store data regularly considering the applicable legislation. Additionally, we take all the reasonable measures to ensure that no data, which is incompatible for the purposes of the processing, obsolete or incorrect, is stored in the register. We correct or erase such data without delay.

The retention period of the personal data we collect is affected by the context in which and for what purpose, described in the Section 4 above, the personal data was collected.

In the table below are listed typical retention periods of personal data:

Service Purpose Retention period

Making purchases in the web store

Delivering orders, processing refunds of purchases made and responding to possible complaints

Until the order has been delivered, the product return time and complaint period have elapsed and the information is no longer needed to control the quality of the products, and there is no reason to assume that the customer will contact us regarding the order, and any applicable accounting laws or tax laws no longer require us to retain such data

Participation in a marketing lottery, competition or other marketing campaign of ours

Carrying out the campaign, such as delivering prizes

Until the end of the campaign period and until the post-campaign measures have been completed, such as sending the prizes, and any applicable accounting laws or tax laws no longer require us to retain such data

Direct marketing

Informing about our products, offers and marketing campaigns

As long as we have your consent to direct marketing or you order our newsletter

Responding to a survey, opinion poll or customer survey we conduct

Improving and renewing our services and web store product range

Until the survey or opinion poll is completed and their purpose fulfilled

Responding to feedback, complaints and other contacts

Processing of feedback, complaints and other contacts, as well as clarification of possible legal liability

Until the feedback, complaint and other contact has been processed, the complaint period has expired, the matter has been processed and possible legal liability has been clarified, and any applicable accounting laws or tax laws no longer require us to retain such data

Processing the personal data of Mifuko’s cooperation partners' representatives

Fulfillment of the obligations of the agreement concluded with the cooperation partner, communication related to the contractual relationship, and other communication with the cooperation partners

Until the agreement with the cooperation partner expires or the cooperation with the partner is otherwise agreed to be terminated, and any applicable accounting laws or tax laws no longer require us to retain such data

8 What are your rights as a data subject?

You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.

On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds

9 Who can you be in contact with?

All contacts and requests concerning this privacy notice shall be submitted in writing or in person to the person mentioned in section two (2).