Slozarindrozelon

Privacy Policy

Last updated: 5 March 2025

1. Controller and contact details

The data controller responsible for the processing of your personal data in connection with this website is:

Slozarindrozelon
Stenbäckinkatu 9
00290 Helsinki
Finland

Phone: +358947176610
Email: team@slozarindrozelon.world

If you have questions about this Privacy Policy or the processing of your personal data, or if you wish to exercise your rights under applicable data protection law, please contact us using the details above.

2. Legal basis and applicable law

This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website and services. We process personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR)
  • Finnish data protection legislation, including the Finnish Data Protection Act (1050/2018) and other applicable national laws
  • Any other applicable local or international data protection laws that apply to our operations

We are established in Finland and our main place of business is in Finland. The supervisory authority for data protection in Finland is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). You have the right to lodge a complaint with them or with a supervisory authority in the EU member state of your residence, place of work or place of the alleged infringement.

3. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity and contact data: name, email address, telephone number, and postal address when you place an order, contact us or subscribe to communications.
  • Transaction and order data: order details, payment-related information (to the extent necessary for processing payments and refunds), delivery address and delivery preferences.
  • Technical and usage data: IP address, browser type and version, device type, operating system, referring URLs, pages visited, date and time of access, and similar technical data collected through cookies and similar technologies where you have given consent or where we have a legitimate interest (see our Cookie Policy).
  • Communication data: content of messages you send to us (e.g. via contact or order forms) and records of correspondence.

We do not collect special categories of personal data (e.g. health data, ethnic origin, political opinions) unless you voluntarily provide such information and we have a lawful basis to process it, or where required by law.

4. Purposes and legal bases for processing

We process your personal data only for specified, explicit and legitimate purposes. The main purposes and corresponding legal bases are:

  • Performance of a contract: To process and fulfil your orders, manage deliveries, handle returns and refunds, and communicate with you about your order. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • Legitimate interests: To improve our website, prevent fraud, ensure security of our systems, and defend our legal rights. Legal basis: legitimate interests (Art. 6(1)(f) GDPR), where our interests are not overridden by your rights.
  • Consent: Where we use cookies or similar technologies for analytics or marketing purposes, or send you marketing communications, we do so on the basis of your consent where required by law (Art. 6(1)(a) GDPR). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legal obligation: To comply with accounting, tax, consumer and other legal obligations (e.g. retention of invoices). Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).

5. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

  • Order and customer data: For the duration of the contractual relationship and thereafter for the period required by Finnish law for accounting and tax purposes (typically at least 6 years from the end of the financial year).
  • Contact and enquiry data: Until your enquiry is resolved and for a reasonable period thereafter for follow-up (e.g. 1–3 years), unless a longer retention is required by law.
  • Marketing and consent-based processing: Until you withdraw consent or object, or until we no longer use the data for the stated purpose, subject to any longer retention required by law.
  • Technical and access logs: For a limited period necessary for security and troubleshooting (e.g. up to 12 months), unless a longer period is required for legal or regulatory reasons.

After the retention period, we securely delete or anonymise your personal data so that it can no longer be attributed to you.

6. Recipients and international transfers

We may share your personal data with:

  • Service providers who process data on our behalf (e.g. hosting, payment processing, shipping, email delivery), under strict contractual obligations to protect your data and use it only for the purposes we specify.
  • Public authorities when required by law (e.g. tax, customs, or law enforcement).
  • Professional advisers (e.g. lawyers, auditors) when necessary for our legitimate interests or legal obligations.

When we transfer personal data to countries outside the European Economic Area (EEA), we ensure an adequate level of protection by using mechanisms such as standard contractual clauses approved by the European Commission, or other legally recognised safeguards. You may request details of these safeguards by contacting us.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction, including:

  • Use of HTTPS and encryption for data in transit where applicable.
  • Access controls and authentication so that only authorised personnel can access personal data.
  • Regular review and updating of security practices and, where applicable, use of secure hosting and infrastructure.
  • Training of personnel who handle personal data on confidentiality and data protection.
  • Procedures to assess and respond to incidents that may affect the security of your data.

Despite our efforts, no method of transmission or storage over the internet is completely secure. We encourage you to use strong passwords and to protect your own devices when communicating with us.

8. Your rights

Under the GDPR and Finnish law, you have the following rights in relation to your personal data:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you and information about how we process it.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You may request deletion of your personal data in certain circumstances (e.g. where it is no longer necessary, or you withdraw consent and there is no other legal basis).
  • Right to restriction of processing (Art. 18): You may request that we limit the processing of your data in certain situations (e.g. while we verify accuracy or you object to processing).
  • Right to data portability (Art. 20): Where processing is based on contract or consent and is carried out by automated means, you may request to receive your data in a structured, commonly used and machine-readable format, or to have it transmitted to another controller where technically feasible.
  • Right to object (Art. 21): You may object to processing based on legitimate interests, including profiling. You may also object at any time to processing for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work or place of the alleged infringement. In Finland: Office of the Data Protection Ombudsman.

To exercise any of these rights, please contact us using the contact details in section 1. We will respond within one month as required by the GDPR. We may need to verify your identity before processing your request.

9. Children

Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will take steps to delete such information.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the nature of our services. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically. Where changes materially affect your rights or the way we process your data, we may notify you by email or through a prominent notice on our website where appropriate.

Return to homepage