Phia Design (”Phia” or ”we”) processes online customers’ personal data for the managing and processing of orders and deliveries, managing customer relations and for direct marketing purposes. We also process the information of online visitors for trend detection and analytics.
Your chosen payment service provider is the controller in regard to any payment transactions data. The Privacy Policies of these service providers are available on their websites:
2. CONTACT DETAILS
Controller’s contact details:
Business ID: FI20164256
00330 Helsinki, Finland
3. COLLECTED PERSONAL DATA
We collect the following information of our users or online customers:
first and last name
order and delivery history
possible communication history
returns, complaints or claims
direct marketing opt-ins or restrictions
company name and business id of business customers.
We may also process technical data of all the online visitors that may in certain situations identify you and qualify as personal data, including the following:
products searched in the online store
browsing history and URL route in the online store.
4. COOKIES AND ANALYTICS TOOLS
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
A cookie is a small text file saved in the user’s computer. If you don’t want to save cookies on your computer, you can prevent cookies in your browser settings. In that case we cannot guarantee that our site will functions in the best way possible.
Our site uses Squarespace Analytics. More information regarding Cookies used and the privacy of Squarespace Analytics is available on https://support.squarespace.com/hc/en-us/articles/360001264507.
5. SOURCES OF PERSONAL DATA
We primarily receive personal data directly from you in connection with your order or registration. Technical analytics data is saved automatically from online visits.
6. THE PURPOSES AND LEGIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA
Personal data may be used for the following purposes of use in accordance with legislation and applicable consents:
Entering into an Agreement with Customer
Facilitating orders and deliveries
We process personal data to process, confirm and deliver orders. Personal data may also be processed in situations concerning order’s or product’s reclamation.
Customer communication and customer care
The customer’s data may be used for customer service, communication and to control and maintain customer relationship.
If you contact our customer service, we will use the given data to response to questions and solve possible problems and processing of your message.
Direct marketing and market research
If you have in any way expressed you want to receive direct marketing material, we may process your personal data in order to send you direct marketing material such as information about our products and current offers and events. With your consent we may also contact you for market research purposes.
More information about the process of personal data in direct marketing is available in section 10. You always have a right to prohibit electronic direct marketing.
Legal grounds for processing personal data
We process personal data to take care of our obligations based on a contractual relation towards you or to facilitate pre-contractual steps. In certain cases we process personal data to fulfil our legal obligations, for example when we are obliged to store order and transactions data for accounting purposes. We also process personal data on the basis of consent when you have given your consent for the processing of personal data and on the grounds of our legitimate interests to maintain and develop our business, for example for the purposes of collecting website analytics.
7. STORAGE PERIOD
We do not store personal data longer than is legally permitted or as it is necessary to meet the purposes of use above. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use.
Storage periods reflect the time reasonably necessary for our legitimate interests for example for claims handling, internal reporting, marketing and reconciliation purposes.
Due to accounting legislation we are also required to store all material relating to our transactions for the period as defined by the law.
8. INTERNATIONAL TRANSFERS OF PERSONAL DATA
We primarily store personal data inside the European Economic Area.
However, in some situations we may transfer personal data to be processed outside of this area. In these cases we will ensure that your data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements such as the Privacy Shield framework.
Squarespace and Squarespace Analytics stores data in the United States. Squarespace have self-certified to the EU-US Privacy Shield, which allows the transfer of personal data lawfully from EU to the US. More information about Squarespace participation in Privacy Shield is available: https://www.privacyshield.gov/participant?id=a2zt0000000GnjcAAC&status=Active
9. THE RECIPIENTS OF PERSONAL DATA
We do not share your personal data with third parties outside of Phia Design’s organization unless one of the following circumstances applies:
For legal reasons
We may share personal data with third parties outside Phia Design’s organization if access to the personal data is reasonably necessary to: (i) meet applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, identity theft, money laundering, terrorism financing or information security or technical difficulties; or (iii) ensure any other purpose required by public interest in accordance with the law.
To authorized service providers
For other legitimate reasons
With your explicit consent
We may share personal data with third parties outside Phia Design’s organization for other reasons than the ones mentioned before, when we have your explicit consent to do so. You have the right to withdraw such consent at any time by contacting us.
10. THE RECIPIENTS OF PERSONAL DATA
Right to access
You have the right to access your personal data processed by Phia Design. You may contact us to find out what personal data we process and for which purpose we use it.
Right to correct
You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored corrected or completed. By contacting us you can update for example your contact information or other information.
Right to deletion
You may ask us to delete your personal data. We will comply with your request unless we have a legitimate ground to not delete the data. Such ground may be for example an obligation to keep certain data due to accounting legislation or a requirement to store order information to verify the purchase of your product and contractual responsibilities of Phiastore.
Right to object and right to restrict
You have a right to resist the processing of your personal data or profiling, if your data is being processed for direct marketing. You have a right to demand the limitation of your personal data among other things when the data concerning you is not true. Furthermore, in certain special situations you may have a right to resist the processing of your personal data on the grounds of personal reasons.
Right to data portability
You have the right to receive your personal data from us in a structured and commonly used format and to independently transmit data to a third party.
How to use your rights
If you want to use any of the above-mentioned rights, please send us a letter or a secure e-mail with the following information: name, address, phone number and a copy of a valid ID. We may request additional information to confirm your identity.
We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
11. DIRECT MARKETING
If you have given your consent to receive direct marketing we may send you marketing material such as but not limited to notices concerning our products, offers and events.
You have the right to prohibit us from using personal data for direct marketing, market research or profiling by contacting us through the contact information mentioned above.
12. INFORMATION SECURITY
We apply reasonable safeguards to protect the personal data we collect and process. Our security measures are designed to maintain an appropriate level of data confidentiality, integrity, and availability.
Access to personal data is limited to authorized persons on a need-to-know basis. The personal data is protected with appropriate access controls, user rights and passwords.
Should despite of the security measures, a security breach occur that is likely to have negative effects on your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.
13. LODGING A COMPLAINT
You have the right to lodge a complaint to the data protection authority, if you consider Phia Design’s processing of personal data to be inconsistent with the applicable data protection laws.