DATA CONTROLLER Frantsilan Luomuyrttitila Oy (“Frantsila” or “we”) processes personal data of our online store customers for order processing, customer relationship management, and direct marketing purposes. Additionally, we process the data of our website visitors for analytics purposes.
It is important to us that you are informed about how we handle your personal data. Below, we provide more details on the processing of your personal data.
Please note, this privacy policy applies only to the processing of personal data carried out by Frantsila as the data controller.
For payment transactions, the data controller is the payment service provider selected at the time. Privacy policies of the payment service providers can be found on their respective websites:
Data Controller’s contact information:
Frantsilan Luomuyrttitila Oy (“Frantsila”) Business ID: 0775726-8
Tippavaarantie 6, 39200 Kyröskoski
Phone: 03 343 5500 Email: info(at)frantsila.com
Person responsible for the customer register:
Jupiter Cormier E-commerce Manager Email: jupiter.cormier(a)frantsila.com
We collect the following information from registered customers or those who have placed an order:
Also, unfinished orders and the above-mentioned data are stored in our database to allow customers to complete their orders later. Unfinished orders are deleted two months after the creation date.
Additionally, we may process certain technical data from all our online store visitors, which in some cases may be considered personal data. Such data includes:
We use cookies to improve the usability and functionality of our online store. We also use cookies for collecting analytics data and integrating social media accounts into our website.
A cookie is a small text file stored on the user’s computer. If you do not want websites to store cookies on your computer, you can block cookies in your browser settings. However, we cannot guarantee that our online store will function optimally without cookies.
We use the Google Analytics tool. More information on the privacy of Google Analytics can be found in the Google Analytics privacy policy.
Primarily, we collect personal data covered by this privacy policy from the registrants themselves during order placement or registration.
Technical analytics data is automatically collected during visits.
Personal data may also be used for the following purposes, in accordance with the law and consents:
For the execution of order contracts
We process personal data for the processing, confirmation, and delivery of orders. Personal data may also be processed in connection with complaints or warranty issues related to an order or product.
For customer communication and relationship management
Customer data may be used for customer service, communication, and management and maintenance of the customer relationship.
If you contact our customer service, we use the provided information to respond to questions and solve potential issues, as well as to process your message.
For direct marketing purposes
If you have subscribed to our newsletter or otherwise expressed a desire to receive direct marketing material, we may process your personal data to send you direct marketing material, such as information about our products, current offers, and events.
More information on the use of personal data for direct marketing can be found in section 10. You always have the right to refuse electronic direct marketing.
Basis for processing personal data
We process personal data to fulfill our contractual obligations towards the registrant, or to carry out pre-contractual measures. Additionally, we process personal data based on consent when the registrant has given their consent for the processing of their personal data, as well as based on legitimate interest to maintain and develop our business, for example, for collecting web analytics.
The registrant has the right to withdraw their consent at any time by contacting us.
We retain our customers’ personal data only as long as required by law or as necessary for the purposes specified above.
Primarily, we process personal data within the European Economic Area.
However, in some cases, we may transfer personal data for processing outside this area. In such cases, we ensure that international transfers include standard contractual clauses or otherwise take place according to other currently valid arrangements approved by the EU Commission, such as the Privacy Shield framework.
We do not disclose personal data to parties outside the Frantsila organization, except in the following situations:
For legal reasons
We may disclose personal data to parties outside the Frantsila organization if access to personal data is reasonably necessary to (i) comply with applicable law, regulation, or court order; (ii) detect, prevent, or otherwise address fraud, identity theft, money laundering, financing of terrorism, or technical or security issues; or (iii) ensure a purpose required for the general interest under the law.
To authorized service providers
We may disclose personal data to authorized service providers performing services for us, such as the service provider responsible for transportation. Our agreements with service providers include commitments to limit the use of personal data and to adhere to privacy and security standards at least as stringent as those specified in this privacy policy.
With your explicit consent
We may disclose personal data to third parties outside the Frantsila organization for reasons other than those mentioned above, when we have the registrant’s explicit consent. The registrant has the right to withdraw such consent at any time by contacting us.
Right to access information
Registrants have the right to access their personal data that Frantsila processes. If desired, you can contact us to find out what personal data we process and for what purpose these data are used.
Right to request correction of information
You have the right to have incorrect, inaccurate, incomplete, outdated, or unnecessary personal data that we hold corrected or completed by us. By contacting us, you can update, for example, your contact information or other personal data.
Right to request deletion of information
You can ask us to delete your personal data. We will carry out the actions requested by you unless we have a legitimate reason not to delete the information. Such a reason could be an obligation to retain information under accounting law or the need to retain order information to verify a potential warranty claim.
Right to object and right to restrict processing
You have the right to object to the processing of your data or profiling if your data is processed for direct marketing purposes. You also have the right to request the restriction of the processing of your personal data, for example, when the data concerning you is inaccurate. Additionally, in certain specific situations, you have the right to object to the processing of your personal data if the basis is a personal special situation.
Right to data portability
Registrants have the right to receive their personal data from us in a structured, commonly used format and to independently transfer the data to a third party.
Exercising rights
If you wish to exercise any of the above rights, we ask you to send us by mail or email the following information: name, address, phone number, and a copy of a valid ID. To verify your identity, we may request additional information.
We may reject requests that are unreasonably repetitive, excessive, or clearly unfounded.
If you have consented to receive direct marketing, such as by subscribing to a newsletter, we may send you notifications regarding our products, offers, or events.
Registrants always have the right to prohibit us from using their personal data for direct marketing, market research, or profiling by contacting us using the contact details provided above or by using the unsubscribe option provided in direct marketing messages.
We have implemented administrative, organizational, technical, and physical security measures to protect the personal data we collect and process. Our security measures are designed to maintain an appropriate level of confidentiality, integrity, and availability of information.
Personal data can be processed only by those individuals whose job responsibilities justify such processing. Personal data is protected from unauthorized access with appropriate user-specific IDs, passwords, and access rights.
You have the right to file a complaint with the supervisory authority if you believe Frantsila’s processing of personal data is in violation of data protection legislation.
Last updated: October 11, 2023