1 Registrar

The registrar of the register isVintage Shave(business ID number 2821840-7)

The contact person for registry matters is: Tommi Hartikainen / info@vintageshave.fi

Vintage Shave

The address of our website is: https://www.vintageshave.fi
Social security number: 2821840-7
Tel: +358 40 7487659 / Hartikainen
Email:info@vintageshave.fi
www.vintageshave.fi
Tuusula – Uusimaa

2 Register name

The name of the registry isVintage Shave's customer register.

3 Purpose of personal data processing

Personal data is processed for purposes related to managing, managing and developing customer relationships, providing and delivering services, and developing and invoicing services. Personal data is also processed for the purposes required to settle possible complaints and other claims.

The data controller processes the data itself and uses subcontractors acting on behalf and on behalf of the data controller in the processing of personal data.

When you visit this site, we track:

  • Products you have viewed: We use this, for example, when we show you products you have recently viewed.
  • Location, IP address and browser type: We use these to estimate the amount of taxes and shipping costs
  • Shipping address: We ask this so that we can -for example- estimate the shipping costs before you place the order and finally send the order.

We also use cookies to save the contents of the shopping cart when you browse the site.

When you buy from us, we ask for information such as name, billing address, shipping address, email address and phone number. We use this information for purposes such as:

  • Send information about your account and order
  • Respond to your requests, including refunds and complaints
  • Create a user account in our shop

If you create an account, we save your name, address, email address and phone number, which are used at the checkout to fill in the fields in future orders.

When using a social media account to log in, your social media user icon that you use as an avatar is saved in your site account.

We also save shop comments and product reviews if you write them.

4 Legal grounds for processing

The legal bases for the processing of personal data are the following bases according to the EU General Data Protection Regulation (hereinafter also "GDPR"):

  1. the data subject has given his consent to the processing of his personal data for one or more specific purposes (GDPR 6 art. 1.a);
  2. the processing is necessary for the implementation of an agreement to which the data subject is a party, or for the implementation of pre-contractual measures at the request of the data subject (GDPR 6 art. 1.b);
  3. the processing is necessary to fulfill the legitimate interests of the controller or a third party (GDPR 6 art. 1.f).

The above-mentioned legitimate interest of the data controller is based on a meaningful and appropriate relationship between the data subject and the data controller, which is a consequence of the fact that the data subject is a customer of the data controller, and when the processing takes place for purposes that the data subject could reasonably expect at the time of the collection of personal data and in connection with the relevant relationship.

5 Data content of the register

The register basically contains the following personal information about all registered persons:

  1. the person's basic information and contact information:[first name, last name, address, phone number, e-mail address];
  2. purchase history

6 Regular sources of information

Personal data is collected from the registered person himself.

Personal data is also collected and updated within the limits of the applicable legislation from generally available sources, which are related to the implementation of the customer relationship between the controller and the registered person and with which the controller fulfills its obligations related to maintaining customer relationships.

If you leave a comment, the comment and its metadata will be stored for the time being. This is done so that we can recognize and approve subsequent comments automatically, rather than keeping them in the moderation queue.

We store the user profile information of registered users (if any). All users have the opportunity to see, modify and delete their own personal data at any time. Only the username cannot be changed. The website administrator can see and edit user profile information.

7 Personal data retention period

The information collected in the register is stored only for as long and to the extent necessary in relation to the original or compatible purposes for which the personal information was collected.

The controller evaluates the necessity of storing data regularly in accordance with its internal code of conduct. In addition, the controller takes all possible reasonable measures to ensure that personal data that is inaccurate, incorrect or outdated in relation to the purposes of the processing is deleted or corrected without delay.

8 Recipients of personal data (recipient groups) and regular transfers of data

We may disclose some information to third parties for payment and delivery of orders. We can also use customer data with the personal data processors we use for analytics purposes.

9 Data transfer outside the EU or EEA

Personal data included in the register will not be transferred outside the EU or EEA.

10 Principles of registry protection

Materials containing personal data are stored in locked rooms, to which only designated and authorized persons have access due to their duties.

The database containing personal data is on a server, which is kept in a locked state, to which only designated and authorized persons have access due to their duties. The server is protected by an appropriate firewall and technical protection.

Access to databases and syhandles is only possible with separately issued personal user IDs and passwords. The registrar has limited access rights and authorizations to information syhandles and other storage platforms in such a way that the data can be viewed and processed only by persons necessary for their legal processing. In addition, the usage events of databases and syhandles are registered in the log data of the controller's IT syhandle.

The employees and other persons of the registrar are committed to observe the obligation of confidentiality and to keep secret the information they receive in connection with the processing of personal data.

11 Rights of the data subject

The registrant has the following rights according to the EU General Data Protection Regulation:

  1. the right to receive confirmation from the controller that personal data concerning him or her is being processed or that it is not being processed.
  2. the right to withdraw consent at any time without affecting the legality of the processing carried out on the basis of consent before its withdrawal (GDPR art. 7);
  3. the right to demand that the data controller correct inaccurate and incorrect personal data concerning the data subject without undue delay, and the right to have incomplete personal data supplemented, for example by submitting an additional explanation taking into account the purposes for which the data was processed (GDPR art. 16);
  4. the right to have the data controller delete the personal data concerning the data subject without undue delay, provided that (i) the personal data is no longer needed for the purposes for which it was collected or for which it was otherwise processed; (ii) the data subject withdraws the consent on which the processing was based, and there is no other legal basis for the processing; (iii) the data subject objects to the processing on grounds related to his personal special situation and there is no justified reason for the processing, or the data subject objects to the processing for direct marketing purposes; (iv) personal data has been processed unlawfully; or (v) personal data must be deleted in order to comply with a legal obligation applicable to the data controller based on Union law or national legislation (GDPR art. 17);
  5. the right to have the data controller limit the processing if (i) the data subject disputes the accuracy of the personal data, in which case processing is limited to a period during which the data controller can verify their accuracy; (ii) the processing is illegal and the data subject opposes the deletion of personal data and instead demands the restriction of their use; (iii) the controller no longer needs the personal data in question for the purposes of processing, but the data subject needs them to prepare, present or defend a legal claim; or (iv) the data subject has objected to the processing of personal data on grounds related to his personal special situation pending verification of whether the legitimate grounds of the data controller supersede the grounds of the data subject (GDPR art. 18);
  6. the right to receive the personal data concerning himself, which the data subject has provided to the data controller, in a structured, commonly used and machine-readable format, and the right to transfer said data to another data controller without hindrance from the data controller to whom the personal data has been delivered, if the processing is based on the consent referred to in the regulation and the processing is carried out automatically (GDPR 20 art.);
  7. the right to file a complaint with the supervisory authority if the data subject considers that the processing of personal data concerning him violates the EU General Data Protection Regulation (GDPR art. 77).

Requests regarding the exercise of the data subject's rights are addressed to the controller's contact person mentioned in point 1.

12 Network analytics

The services below collect anonymized information about website visits without personal information.

Google Analytics

13 Cookies

If you leave a comment on the site, you can choose to save the name, email address and url address in a cookie. This function increases the convenience of use, because you do not have to fill out the form again every time you add a comment. Cookie information is deleted from the browser after one year.

If you have an account and log in to the site, we set a temporary cookie that determines whether your browser supports cookies or not. This cookie does not contain personal information and is deleted when the browser window is closed.

When you log in, we set several cookies that save your login and display settings. Login cookies are deleted within two days, cookies related to display settings are deleted after a year. If you select "Remember me" when logging in, your login information will be stored for two weeks. If you log out, the cookies related to logging in will be deleted at the same time.

If you publish an article or edit an existing one, we save a cookie in the browser that contains the ID of the article to be edited. The cookie expires in one day.

14 Payment information

We accept Visma, PayPal and Stripe payments. When payments are processed, some of your information is transferred to the payment service. This information includes e.g. information that is needed to implement or support the payment, for example the total amount of purchases and invoicing information.

Lookhere is more about PayPal privacy protection.
Look here is more about Visma privacy protection.
Look here is more about Stripe privacy protection.