Privacy Policy

Data Controller

T:mi Lotta Karoliina Kangas (FI26357999)
Museokatu 46, 00100 Helsinki
lotta@lottatan.com
+358 40 772 8705

Data Protection Officer

Lotta Karoliina Kangas
Museokatu 46, 00100 Helsinki
lotta@lottatan.com
+358 40 772 8705

Information We Collect

We collect and process the following types of personal information:

Information You Provide

  • Contact Information: Your name, email address, phone number, and shipping/billing address.
  • Order Information: Details about the products you purchase, payment information, and transaction history.
  • Communication Information: Information you provide when contacting us, such as inquiries or customer support requests.

Information Automatically Collected

When you visit our Shopify store, certain information is automatically collected through cookies and similar technologies:

  • Device Information: Your device's Internet Protocol (IP) address, operating system, browser type, and device identifiers.
  • Website Usage Information: Pages visited, links clicked, and other actions taken on our website.

Purpose and Legal Basis for Processing

We collect and process your personal information for the following purposes, based on the legal bases identified under the GDPR:

Order Fulfillment and Customer Service

We use your personal information to process and fulfill your orders, arrange for shipping, provide customer service, and communicate with you regarding your orders and inquiries. The legal basis for this processing is the performance of a contract.

Marketing Communications (with Consent)

With your consent, we may send you marketing communications about our products, promotions, and updates. You have the right to withdraw your consent at any time. The legal basis for this processing is your consent.

Legal Compliance

We may process your personal information to comply with legal obligations, such as tax or accounting requirements. The legal basis for this processing is compliance with a legal obligation.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Sharing and Transfers

We may share your personal information with third parties in the following circumstances:

  • Service Providers: We engage service providers who assist us in operating our business, such as shipping carriers or payment processors. These service providers are authorized to use your personal information only as necessary to provide their services to us.
  • Legal Requirements: We may disclose your personal information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government investigations).
  • Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction.

In certain cases, the recipients of your personal information may be located outside the European Economic Area (EEA). We will ensure that any such transfers comply with applicable data protection laws and take appropriate safeguards to protect the privacy and security of your personal information.

Your Rights

Under the GDPR, you have the following rights:

  • Access: You can request access to the personal information we hold about you.
  • Rectification: You can request that we correct inaccurate or incomplete personal information.
  • Erasure: You can request the deletion of your personal information.
  • Restriction: You can request that we restrict the processing of your personal information.
  • Objection: You can object to the processing of your personal information for certain purposes.
  • Data Portability: You can request a copy of your personal information in a structured, commonly used, and machine-readable format.
  • Withdraw Consent: If we process your personal information based on your consent, you have the right to withdraw your consent at any time.

To exercise your rights or if you have any questions or concerns about our privacy practices, please contact us using the information provided at the beginning of this Privacy Policy.

Data Security

We implement reasonable security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. However, please be aware that no method of transmission over the internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security.

Third-Party Links

Our website contains links to third-party websites or services. We are not responsible for the privacy practices or the content of such third-party websites. We encourage you to read the privacy policies of those third parties before interacting with their websites or services.

Updates to this Privacy Policy

Effective Date: 28.6.2023

We may update this Privacy Policy from time to time to reflect changes in our privacy practices. The updated version will be indicated by an updated "Effective Date" at the beginning of this Privacy Policy. We encourage you to review this Privacy Policy periodically for any changes.