Privacy statement

Data protection statement 4.8.2022

According to the data protection regulation, the controller has an obligation to clearly inform the data subjects. This statement fulfills the obligation to inform.

1. Registrar

Ehea Living (Suunnittelu Roos Oy) PL 18 60100 Seinäjoki

2. Purpose of use of personal data

We collect personal data to manage the customer relationship. The legal basis for the processing of personal data is the agreement between us and the resulting statutory obligations. Providing personal information is a prerequisite for the creation of a contract. In other words, you cannot order goods from our online store if you do not provide your personal information.

We also collect personal data for marketing purposes. The legal basis for processing personal data is consent.

We do not make any profiling or automatic decisions about you.

3. Personal data to be processed (these can be edited)

  1. Information provided by the person himself, such as name, phone number, address, email address, order information, billing information and selected payment method
  2. Information obtained during a visit to the website, such as products ordered or added to the shopping cart, as well as browsing and usage data of the online store
  3. Information obtained by monitoring website analytics, such as movement on the site, or which search words/how the person ended up in the online store

4. Data retention period

Personal data is stored as long as it is needed to implement the contract with the customer or to develop customer service.

5. Regular sources of information

Information is collected in the register: from the person himself via the Shopify online store or the newsletter platform. Data is also collected using the Google Analytics analytics tool.

6. Regular data transfers and data transfer outside the EU or the European Economic Area

Information is not regularly disclosed outside the company. Some of the external service or software providers used by the company may store data outside the EU or the European Economic Area.

7. Protection of personal data and information security

The data is transferred over an SSL-protected connection. Electronic information is protected by a firewall, usernames and passwords. Only those persons employed by the data controller who need the data in their duties have access to the data. Information will not be disclosed to outside parties.

8. Use of cookies

On our website, we use the so-called cookie function, i.e. cookies. A cookie is a small text file that can be sent to the user's computer and stored there, which enables the website administrator to identify visitors who visit the website frequently, to facilitate the login of visitors to the website, and to enable the compilation of composite information about the visitors. With the help of this feedback, we are able to constantly improve the content of our pages. Cookies do not damage users' computers or files. We use them in such a way that we can offer our customers information and services according to the individual needs of each.

If the user visiting our pages does not want us to receive the above-mentioned information with the help of cookies, most browser programs enable the cookie function to be turned off. This is usually done through the browser settings.

However, it is good to take into account that cookies may be necessary for the proper functioning of some of the pages we maintain and the services we offer.

9. Rights of the data subject

The registrant has the following rights, requests for the use of which should be sent to

Right of inspection The registered person can inspect the personal data we have stored.

Right to rectification of information The registered person can request to have incorrect or incomplete information concerning him corrected.

Right to object The registered person can object to the processing of personal data if he feels that the personal data has been processed unlawfully.

Prohibition of direct marketing The registered person has the right to prohibit the use of data for direct marketing.

Right to erasure The registered person has the right to request the erasure of data if data processing is not necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted.

It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.

Withdrawal of consent If the processing of personal data concerning the data subject is based only on consent, and not e.g. customership or membership, the data subject can withdraw consent.

The registered person can appeal the decision to the data protection commissioner. The registered person has the right to demand that we limit the processing of disputed data until the matter is resolved.

Right of appeal The registered person has the right to file a complaint with the data protection commissioner if he feels that we are violating the applicable data protection legislation when processing personal data.

Contact information of the data protection officer: