Privacy Policy

Online store [Kultamaja Oy] at [] with the Company ID [2994935-9] in [] handles personal information provided by the customer that complies and confirms the terms of use, electronic order and delivery processing, and the required communication within the time required by law.

General provisions

1. The Personal Data Controller who complies with the GDPR Regulation (hereinafter referred to as "the Regulation") is [Kultamaja Oy], Business ID [2994935-9], at [] (hereinafter "Registrar");

2. The contact details of the controller are: email: [], tel: [+358 400 815 199];

3. Personal information is all information related to an identified or identifiable natural person.

Source of personal detail

1. With the Customer's consent, the Registrar handles the personal data that he has obtained and collected through an agreement to obtain and complete the e-commerce electronic order;

2. The Registrar only processes the customer identification and contact details that are necessary to fulfill the purchase agreement;

3. The Registrar processes personal data for sending and accounting purposes and for transmitting the necessary information to the parties for the time required by law. Personal data will not be disclosed or transferred to other countries.

Purpose of Data processing

The Registrar processes the Customer's personal data for the following purposes:

1. Registration of the homepage in accordance with Section 4, Section 2 of the GDPR ;

2. Electronic order created by the customer (name, address, e-mail, telephone number);

3. Comply with the law and regulations arising from the contractual relationship between the Customer and the Controller;

4. Personal information is a must for purchasing a contract. The agreement cannot be made without personal information.

Duration of personal data storage

1. The Registrar shall store personal data for as long as is necessary to fulfill the rights and obligations arising from the contractual relationship between the Controller and the Customer;

2. The Registrar must delete all personal information after the time required to store the personal data.

Recipients and processors of personal data

Third parties processing personal data of the Customer are subcontractors of the Registrar. The services of these subcontractors are indispensable in order for an agreement to obtain and process an electronic order in the agreement between the Registrar and the Customer.

Controller subcontractors include:

  • Webnode AG (E-commerce system);
  • Freight company ;
  • Google Analytics (Website analytics);

Customer Rights

In accordance with the Regulation, the Customer is entitled to:

1. access to personal data;

2. the right to rectify personal data

3. the right to delete personal data;

4. the right to oppose the processing of personal data;

5. the right to data portability;

6. the right to withdraw your consent to the processing of personal data in writing or by e-mail to: [];

7. the right to appeal to the Supervisory Authority in case of suspected breach of the Regulation.

Security of personal data

1. The Registrar undertakes to take all technical and organizational precautions necessary to protect personal data.

2. The Registrar has made technical precautions to secure the storage of data, in particular by ensuring password access to a computer, using antivirus software and regularly running computers.

Final provisions

1. By placing an electronic order on the website [], the Customer declares that he / she is fully aware of and fully accepts the terms and conditions of personal data protection;

2. The customer accepts these rules by selecting the checkbox in the order form;

3. The Registrar may update these Rules at any time. A new, updated version must be published on this website.

These rules enter into force on [2.5.2019] (2nd of June, 2019)