Artisan café

Privacy Policy

General Provisions

This privacy policy regulates the principles of collection, processing, and storage of personal data. Personal data is processed and stored by Artisan café, who is the controller of the personal data (hereinafter the controller).

For the purposes of this privacy policy, a data subject means the customer or another natural person whose personal data is processed by the controller.

For the purposes of this privacy policy, a customer means anyone who purchases goods or services on the controller's website.

The controller observes the principles relating to personal data processing provided by legislation and processes personal data in a lawful, fair, and secure manner.

Collection, Processing, and Storage of Personal Data

The personal data collected, processed, and stored has been collected electronically, mainly via the website and e-mail.

By sharing their personal data, the data subject grants the controller the right to collect, arrange, use, and administer, for the purpose defined in the privacy policy, the personal data that the data subject shares with the controller either directly or indirectly when purchasing goods or services on the website.

The data subject is liable for the accuracy and integrity of the submitted data and must notify the controller of any changes.

The controller is not liable for any damage resulting from the submission of false data.

Processing of Personal Data of Customers

The controller may process the following personal data of the data subject:

  • Given name and surname
  • Date of birth
  • Telephone number
  • E-mail address
  • Delivery address
  • Bank account number
  • Payment card details

In addition, the controller can collect data about the customer available in public registers.

Legal bases for processing personal data: consent, contract performance, legal obligations, and legitimate interests as per Article 6(1) GDPR.

Processing purposes include:

  • Security and safety (stored per the law)
  • Processing of orders (specify retention period)
  • Functioning of online store services (specify retention period)
  • Customer management (specify retention period)
  • Financial activities, accounting (stored per the law)
  • Marketing (specify retention period)

The controller may share personal data with third parties such as processors, accountants, transport and courier companies, or companies providing transfer services. The controller transmits the personal data necessary for making payments to the relevant payment processor.

The controller implements organizational and technical measures to ensure personal data is protected against destruction, alteration, disclosure, and unlawful processing.

Personal data is stored only as long as necessary for the purpose of processing, but no longer than specify period years.

Rights of the Data Subject

The data subject has the right to access and examine their personal data, obtain information on its processing, rectify inaccurate data, and withdraw consent at any time (if processing is based on consent).

Data subjects can contact customer support at your support email address to exercise their rights.

The data subject can file a complaint with the Data Protection Authority.

Final Provisions

Prepared in compliance with Regulation (EU) 2016/679 (GDPR) and applicable local laws.

The controller may amend the policy at any time, notifying data subjects via https://artisancafe.fi.