GDPR FILE FOR KAIUT
– A STONE ARTISAN COMPANY SHIPPING UNIQUE HANDCRAFTS FROM FINLAND –
VAT number FI32218143
COB – Leila Lehikoinen
Kaiut Oy collects and processes personal data of its customers for the following purposes:
To process orders and shipments of handcrafts from Finland
To communicate with customers regarding their orders and shipments
To provide customer support and handle complaints and returns
To send promotional and marketing communications (with the consent of the customer)
To comply with legal and regulatory obligations
Legal Basis for Processing
The company relies on the following legal bases for processing personal data:
Contractual necessity: processing is necessary for the performance of a contract with the customer (e.g., to process orders and shipments)
Legitimate interests: processing is necessary for the legitimate interests of the company (e.g., to provide customer support and handle complaints and returns, and to send promotional and marketing communications)
Consent: processing is based on the customer’s consent (e.g., for sending promotional and marketing communications)
Personal Data Collected and Processed
The company collects and processes the following categories of personal data:
Contact details: name, address, email address, phone number
Payment information: credit/debit card details, PayPal account information
Order information: order history, transaction details, shipping details
Marketing preferences: consent to receive promotional and marketing communications
The company may share personal data with the following third-party recipients:
DHL or in some rare cases some other delivery company to facilitate the shipment and delivery of orders
The company will retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.
Data Subject Rights
Customers have the following rights with respect to their personal data:
Right to access: customers can request access to their personal data.
Right to rectification: customers can request that their personal data be corrected.
Right to erasure: customers can request that their personal data be deleted.
Right to object: customers can object to the processing of their personal data.
Right to data portability: customers can request a copy of their personal data in a machine-readable format.
The company implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, including the use of encryption and access controls.