Privacy policy

General provisions 

1. The personal data controller who complies with the GDPR regulation is [company owner], business ID [34094 19-9], in [Espoo, Finland]

 2. The data controller's contact information is: e-mail: [sofiansopola@gmail.com], tel: [+358 44 9707131].

 3. Personal data is all information related to an identified or identifiable natural person.

Source of personal data

 1. The controller processes the personal data received with the customer's consent, which has been collected by contract in order to obtain and fulfill the electronic order of the online store.

 2. The registrar only processes the customer's identification and contact information, which are necessary to fulfill the purchase contract.

 3. The registrar processes personal data for sending and accounting purposes as well as for the time required by law to transmit the necessary information to the contracting parties. Personal data will not be made public or transferred to other countries.

Purpose of data

 processing The controller processes the Customer's personal data for the following purposes: 

1. Registration of the website [sofiansopola.com] in accordance with Chapter 4 Section 2 of the GDPR. 

2. Electronic order created by the customer (name, address, e-mail, phone number).

3. Comply with the law and regulations resulting from the contractual relationship between the Customer and the Data Controller. 

4. Personal information is necessary to fulfill the purchase contract. A contract cannot be concluded without personal information.

Duration of personal data storage

 1. The Controller stores personal data as long as necessary to fulfill the rights and obligations arising from the contractual relationship between the Controller and the Customer and for three years after the termination of the contractual relationship. 

2. The controller must delete all personal data after the time required to store personal data. 

Recipients and processors of personal data 

The third parties that process the customer's personal data are subcontractors of the Controller. The services of these subcontractors are necessary so that the agreement on the acquisition and processing of the electronic order in the contract between the Controller and the Customer can be implemented. The subcontractors of the controller are:

-Webnode AG (online shopping system); 

-Cargo company; Posti

-Google Analytics (home page analytics);

Customer rights

 In accordance with the regulation, the Customer has the right to: 

1. the right to access personal data.

2. right to rectification of personal data 

3. the right to delete personal data. 

4. the right to object to the processing of personal data. 

5. the right to data portability. 

6. the right to withdraw consent to the processing of personal data in writing or by e-mail to the address: [sofiansopola@gmail.com]; 

7. the right to submit a complaint to the supervisory authority if a violation of the Regulation is suspected.

Security of personal data 

1. The controller undertakes to implement all technical and organizational precautions necessary to protect personal data.

 2. The registrar has taken technical precautions to secure data storage facilities, in particular ensured access to the computer with a password, used anti-virus software and maintained the computers regularly.

Final provisions 

1. By placing an electronic order on the website [sofiansopola.com], the Customer confirms that he is aware of all personal data protection terms and accepts them in full. 

2. The customer accepts these rules by selecting the checkbox in the order form.

 3. The registrar may update these Rules at any time. A new, updated version must be published on this website.