Privacy policy

PRIVACY POLICY


Updated: March 13, 2024

General information

Mattokeidas.fi is committed to protecting our customers’ privacy and providing the opportunity to control how your data is processed. On the Account Management page, you can choose to restrict access to your personal information if you wish.

This Privacy Policy explains how we process personal data. By reading this Privacy Policy, you will learn how Mattokeidas.fi handles personal data when you use our services. Consents related to marketing and cookies are requested separately, and providing them is not a requirement for using the service.

The information we collect can be divided into data you provide, data observed from your use of our online services, and analytics-based data.

In addition to our online store, we also process personal data in connection with in-store visits, for example for order pickup, customer service, exchanges/returns, and handling complaints.

We use data to:

  • Provide a user-friendly and secure service
  • Ensure a high-quality customer experience
  • Improve product recommendations and marketing
  • Develop customer service and e-commerce operations

Controller and contact details

The controller of the personal data processed is:

Mattokeidas Oy (Finnish Business ID: 3241095-2)
Possijärvenkatu 1
33400 Tampere, Finland


If you have questions about privacy and personal data processing, contact us by email: verkkokauppa@mattokeidas.fi

What data can be collected about me?

Data provided by the user or personally identifiable data:

  • Identification details such as name
  • Finnish personal identity code, used for identification when entering into a credit agreement
  • Passport details or similar information required by Customs when ordering goods or services tax-free from outside Finland
  • Contact details such as address, email address, and phone number
  • Payment information, including credit agreements and other billing details
  • With your consent, location data may be used to estimate delivery time
  • Email address and authentication credential used for signing in with Google, Facebook, or Microsoft

Data observed from service use and analytically derived data

  • Purchase history, including ordered products and pricing information
  • Delivery details such as selected delivery method and delivery address
  • Product reviews
  • Online store usage and browsing data and device identifiers
  • Data and identifiers used in product recommendations and other targeted content

Providing identification, contact, and payment details is required when purchasing from Mattokeidas.fi online.

The primary data source is you. We may also receive additional data from our partners, such as a credit service provider. We will inform you of personal data received from third parties as required by data protection legislation—at the first contact with you or at the latest within one month of receiving the data.

We do not store the personal identity code or passport details in Mattokeidas Oy’s own systems. They are processed only by the payment service provider, the lender, or an authority in accordance with their statutory obligations.

 

What is my personal data used for?

We use personal data for:

  • Maintaining customer service
  • Delivering, processing, and archiving orders
  • Developing Mattokeidas.fi operations and services
  • Improving the customer experience
  • Analytical and statistical purposes
  • Producing more personalised targeted content and marketing
  • Preventing misuse
  • Providing better customer service

Data is processed based on the customer relationship between you and Mattokeidas.fi, a contract, use of the website, your separate explicit consent, or statutory obligations.

Legal bases for processing

We process personal data on the following legal bases:

  • Contract: processing orders, delivery, payment, customer service
  • Legal obligation: accounting, consumer protection, statutory authority requirements
  • Legitimate interests: developing the online store, preventing misuse, and ensuring information security
  • Consent: newsletters, marketing communications, analytics and marketing cookies, and personalisation insofar as it is based on consent

How is my data stored and protected?

All personal data is protected against unauthorised access and accidental or unlawful destruction, alteration, disclosure, transfer, or other unlawful processing.

We follow good data protection practices when processing personal data and implementing technical solutions, including data combining, minimisation, pseudonymisation, anonymisation, and encryption. Processing has taken into account the requirements of the EU General Data Protection Regulation (GDPR) in force since 25 May 2018.

Access to personal data is monitored in accordance with good practice.

Who processes my personal data?

Customer data is only accessible to Mattokeidas.fi employees, and our staff are trained to use data securely and ethically. Each employee only accesses customer data to the extent necessary for performing their work tasks.

We use trusted contractors to transfer data to third parties. Agreements with all partners take into account the requirements of the GDPR and other legislation. You can read more about third parties in the section “Do we disclose personal data to third parties?”.

Data controller / responsible party:

Mattokeidas Oy (Finnish Business ID: 3241095-2)
Possijärvenkatu 1
33400 Tampere, Finland

Mikko Matilainen, verkkokauppa@mattokeidas.fi

How long is my data retained?

We retain your personal data only for as long as necessary to fulfil the purposes described in this notice. Some data may be retained longer to comply with statutory obligations, such as accounting requirements and consumer sales liabilities, and to demonstrate proper compliance.

If you place an order for pickup in-store without creating an account, the information you provide is stored in our system so we can keep you updated about your order. Your contact details are deleted once the order has been processed.

At your request, personal data relating to you can be deleted or anonymised from Mattokeidas.fi systems. Deletion and anonymisation are irreversible, and deleted accounts cannot be restored.

Certain data must be retained longer under law, for example for:

  • Accounting retention obligations
  • Fulfilling consumer sales liabilities
  • Collecting and storing system logs as required by law to provide lawful and secure e-commerce services
  • Maintaining sufficient backups of databases and systems to protect data, correct errors, and ensure security and continuity

Typical retention periods:

  • Order and billing data: retained in accordance with accounting legislation
  • Customer account: as long as the account is active or until you request deletion, unless a statutory obligation requires longer retention
  • Customer service communications: as long as needed for handling and documenting the matter
  • Cookies and identifiers: as described in the “Cookies” section.


What rights do I have?

As a customer, you have the right to:

  • Access your personal data, including the right to receive a copy
  • Request correction or deletion of your personal data
  • In certain circumstances, request restriction of processing or object to processing
  • If processing is based on consent, withdraw your consent at any time (this does not affect the lawfulness of processing carried out before withdrawal). You can change your settings on the Account Management page.

To exercise your rights, please contact our customer service. Your request must be sufficiently specific so that we can verify your identity. We will inform you if we cannot comply with your request in some respects—for example where we have a statutory obligation or a legal right to retain certain data.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman. You may lodge a complaint if you believe your personal data has been processed unlawfully.

How can I find out what information is stored about me?

You can request information stored in Mattokeidas.fi systems from your account representative or by contacting us by email: verkkokauppa@mattokeidas.fi

See the section “What data can be collected about me?” for more details about the personal data we store.

How can I influence the use of my data?

Mattokeidas.fi is committed to providing customers with ways to influence how their data is processed. You can decide about targeted marketing, value-added services, and whether you wish to receive different marketing messages. You can find these options on the Account Management page.

We continuously develop our services, so features may be added, changed, or removed.

You can also close your customer account at any time and request deletion of your personal data by contacting our customer service.

Note: In some cases, not all data can be deleted, and legislation may require that certain customer-related data be retained.

Do we disclose personal data to third parties?

We may disclose certain necessary information to third parties to ensure delivery and for marketing purposes. Your data is also disclosed to the lender in connection with a credit decision.

Marketing communications are sent only to customers who have given explicit consent. Consent can be documented and may be withdrawn at any time.

We also use customer data with third parties for analytics and personalisation purposes. We utilise purchase behaviour and browsing data to offer you products and offers that better match your interests. Data used for analytics and personalisation is anonymised or pseudonymised whenever possible. Only we can link pseudonymised data to your identity.

Where necessary, we may also provide information to authorities. We will always inform the customer about information requests where permitted by law.

We disclose data to the following third parties:

Some of our service providers process personal data on our behalf (processors). Some act as independent controllers (e.g. payment service providers and lenders) under their own terms and statutory obligations.

  • Analytics and statistics partners
  • Product recommendation and personalisation partners
  • Email marketing partners, where the customer has opted in to weekly newsletters, browsing-based communications, or product review requests
  • SMS partner where sending SMS messages is permitted
  • Carriers, where the chosen delivery method is delivery to a pickup point, nearest post office, or destination address
  • Payment service provider for card payments
  • Lender, when the customer chooses invoice or instalment payments via a credit company
  • Billing operator, where the customer selects invoicing by Mattokeidas.fi
  • Product supplier, when ordering electronic licences or drop-shipped products
  • Certain maintenance providers may receive order-related information in connection with maintenance
  • Customs, when purchasing tax-free
  • Debt collection agency, when invoices become overdue and are transferred to collection

Mattokeidas.fi ensures a high level of security and protection when transferring and processing data in accordance with the GDPR. The level of protection for third-party processing is ensured through the European Commission’s Standard Contractual Clauses, Binding Corporate Rules (BCR), or other approved GDPR mechanisms.

You can restrict data disclosure for marketing and analytics purposes. See the privacy settings on the Account Management page.

Do you use cookies on the shop site and what are they?

Mattokeidas.fi uses cookies and similar technologies, such as your browser’s local storage. Cookies are small text files exchanged between your browser and the server. Cookies and other identifiers have an expiry date after which the browser deletes them.

We use these technologies to provide functionality, personalisation, and to target analytics and marketing. Analytics and marketing cookies are used only based on the user’s consent. You can give or withdraw consent at any time via the cookie settings.

Functional cookies and local storage are used, for example, to recognise the customer, maintain login sessions, estimate delivery times, and enable shopping cart functionality. Use and acceptance of these are necessary for these functions. Functional cookies and local storage set by the server remain in the browser for 15 minutes to 24 months, unless you delete them in your browser settings. Visiting the site resets cookies and local storage variables as permitted by your browser.

To personalise the user experience, we may provide product recommendations that better match your interests. For this purpose, a RichRelevance cookie is placed in your browser. These cookies remain in the browser for 30 minutes to 24 months. Data sent to RichRelevance, such as product page visits and search history, is anonymised, and the partner cannot identify the customer.

Partners and technologies used for analytics and marketing targeting, such as pixel tags and cookies, help us understand customer behaviour and show which products, features, and services interest our customers. Data is anonymised whenever possible. Otherwise, we process the data as personal data to the extent that an identifier contains customer targeting information such as an IP address. Identifiers that can be linked to a customer are also processed as personal data. Identifier lifetimes range from 30 seconds to 24 months.

We use Google Analytics, Google Tag Manager, Google Ads, the Google Display Network, and Google DoubleClick to analyse site usage, popular products, trends, and sales and, with your consent, to target marketing. Data sent to Google contains only anonymised or pseudonymised information. You can learn more about Google’s data processing in Google’s own privacy policies.

We may use profiling (e.g. segmentation based on purchase history and browsing behaviour) to target product recommendations and marketing. Profiling does not produce legal effects concerning the data subject or similarly significantly affect the data subject.

In addition to account privacy settings, you can manage identifiers used for marketing targeting via cookie settings and your browser settings.

Do Not Track is a technical browser signal that may not be supported by all services and technologies. Cookie and marketing consents given by the user, as well as account privacy settings, are primary and govern the processing of personal data.

Can this Privacy Policy be changed?

Due to service development and legislative changes, we reserve the right to amend this Privacy Policy. Material changes will be communicated to registered customers when the terms are updated.

Who can I contact?

For any questions regarding privacy, data processing, or this Privacy Policy, please contact us by email at: verkkokauppa@mattokeidas.fi

For all other inquiries, our customer service is happy to help:
by email at info@mattokeidas.fi or contact us