KAIUT - Privacy Policy

GDPR FILE FOR KAIUT

– A STONE ARTISAN COMPANY SHIPPING UNIQUE HANDCRAFTS FROM FINLAND –

Kaiut Oy

Rautalammintie 22
77600 Suonenjoki
Finland

VAT number FI32218143

Data Controller

COB – Leila Lehikoinen
mail: info(at)kaiut.eu

Processing Activities

Kaiut Oy collects and processes personal data of its customers for the following purposes:

To process orders and shipments of handcrafts from Finland

To communicate with customers regarding their orders and shipments

To provide customer support and handle complaints and returns

To send promotional and marketing communications (with the consent of the customer)

To comply with legal and regulatory obligations

Legal Basis for Processing

The company relies on the following legal bases for processing personal data:

Contractual necessity: processing is necessary for the performance of a contract with the customer (e.g., to process orders and shipments)

Legitimate interests: processing is necessary for the legitimate interests of the company (e.g., to provide customer support and handle complaints and returns, and to send promotional and marketing communications)

Consent: processing is based on the customer’s consent (e.g., for sending promotional and marketing communications)

Personal Data Collected and Processed

The company collects and processes the following categories of personal data:

Contact details: name, address, email address, phone number

Payment information: credit/debit card details, PayPal account information

Order information: order history, transaction details, shipping details

Marketing preferences: consent to receive promotional and marketing communications

Third-Party Recipients

The company may share personal data with the following third-party recipients:

DHL or in some rare cases some other delivery company to facilitate the shipment and delivery of orders

Data Retention

The company will retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

Data Subject Rights

Customers have the following rights with respect to their personal data:

Right to access: customers can request access to their personal data.

Right to rectification: customers can request that their personal data be corrected.

Right to erasure: customers can request that their personal data be deleted.

Right to object: customers can object to the processing of their personal data.

Right to data portability: customers can request a copy of their personal data in a machine-readable format.

Data Security

The company implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, including the use of encryption and access controls.

Contact

Customers can contact the company with any questions or concerns regarding the processing of their personal data.