Privacy Policy

1. Data Controller

Kiuassuola Lumo Oy

  • Business ID: 3497508-4

  • Bastubackantie 213, 10210 Inkoo, Finland

  • Tel: +358 45 102 3288

  • Email: info@kiuassuola.com

2. Contact person for matters concerning the register

Mira Kettunen

3. Register name

Kiuassuolan Lumo Oy - Online store and customer register

4. Purpose and legal basis for processing personal data

Personal data is processed for the following purposes:

Online shopping activities (fulfillment of the contract):

  • Receiving and processing orders

  • Product delivery

  • Payment transaction processing

  • Customer service and complaints handling

  • Invoicing and collection

Managing customer relationships (legitimate interest):

  • Customer data maintenance

  • Contact for customer service matters

  • Warranty and maintenance services

Marketing and communications (consent or legitimate interest):

  • Direct marketing (email, telephone, mail)

  • Newsletters and offers

  • Customer satisfaction surveys

  • Product and service development

Legal obligations:

  • Accounting and taxation

  • Consumerism

  • Product safety

The management of the register and the processing of data may be outsourced to a partner of the controller who has committed to complying with this register description.

5. Data content of the register

The online store register may contain the following information:

Basic:

  • Name (first and last name)

  • Date of birth (when purchasing age-restricted products)

  • Telephone number

  • E-mail address

Address information:

  • Billing address

  • Shipping address

  • Possible other delivery addresses

Corporate customers:

  • Company name and business ID

  • Contact information

  • Billing information

  • VAT number

Order and purchase information:

  • Order history

  • Purchased products and services

  • Price information and discounts

  • Payment method and payment information (but not the full credit card number)

  • Delivery information and methods

  • Returns and complaints

Online store usage information:

  • Login information

  • Cart contents

  • Product wishes and favorites

  • Online store usage history

Marketing and communications information:

  • Marketing authorizations and prohibitions

  • Customer satisfaction data

  • Connection log and customer service contacts

Dealer information:

  • Contact information

  • Billing information

  • Information according to the terms of the contract

6. Regular information sources

The information is collected from the following sources:

  • Information provided by the customer in the online store, by phone or by email

  • Order forms and registration information

  • Customer service contacts

  • Website visitor tracking tools and analytics

  • Information about payment processors and logistics partners

  • Publicly available internet sources

  • Public and paid business information sources

7. Regular disclosure of information

Personal data is disclosed as follows:

Service providers and partners:

  • Payment intermediaries (banks, payment systems)

  • Logistics companies and transport companies

  • IT service providers and hosting services

  • Accounting and legal services

  • Marketing and analytics services

Authorities:

  • Finnish authorities in situations required by law

  • Taxpayer to fulfill accounting obligations

  • Customs and other supervisory authorities

Other situations:

  • Mergers and acquisitions

  • Collection agencies for unpaid invoices

8. Transfer of data outside the EU or EEA

As a general rule, personal data is not transferred outside the European Union or the European Economic Area. If a transfer occurs (e.g. cloud services, analytics tools), we ensure that:

  • The transfer is based on an adequacy decision approved by the EU, or

  • Appropriate safeguards are in place (e.g. standard clauses)

  • The data subject has given their explicit consent

9. Principles of register protection

Personal data is kept confidential and protected by appropriate technical and organizational measures:

Technical safeguards:

  • Network and hardware protected by a firewall

  • SSL encryption to protect data transmission

  • Regular security audits and updates

  • Access control and restriction of access rights

  • Regular backups

Organizational safeguards:

  • Staff training on data protection

  • Confidentiality agreements

  • Regular review of user rights

  • Information security incident handling processes

10. Data retention period

Personal data is only retained for as long as is necessary for the purposes of the processing:

  • Customer information: For the duration of the customer relationship and 3 years after its termination

  • Order and payment information: 6 years in accordance with the Accounting Act

  • Marketing information: Until consent is withdrawn

  • Online store usage data: 2 years

  • Complaints and warranty information: Until the end of the warranty period + 1 year

11. Cookies and tracking technologies

Our online store uses cookies and other tracking technologies:

Essential cookies:

  • Shopping cart functionality

  • Retention of login information

  • Secure payment

Functional cookies:

  • Personalization of user experiences

  • Language options and settings

  • Website performance optimization

Analytics and marketing cookies:

  • Analyzing website usage

  • Targeted advertising

  • Social media integrations

The user can manage cookie settings through their browser or through the cookie banner on our site.

12. Rights of the data subject

You have the following rights regarding the processing of your personal data:

Right of inspection:

You can request information about what personal data about you is being processed.

Right to rectification:

You can request correction of incorrect information

Right to erasure:

You can request the deletion of your data in certain situations

Right to restriction of processing:

You can request suspension of processing in certain situations

Right to portability:

You can request your information in a machine-readable format

Right to object:

You can object to processing, especially for direct marketing purposes.

Right to withdraw consent:

You can withdraw your consent at any time.

Right to file a complaint:

You can file a complaint with the Office of the Data Protection Ombudsman.

Please contact us by email at info@kiuassuola.com or by phone at +358 45 102 3288 to exercise your rights.

13. Contact information and further information

If you have any questions about data protection or the processing of personal data, please contact:

Kiuassuola Lumo Oy

  • Bastubackantie 213, 10210 Inkoo, Finland

  • Tel: 045 102 3288

  • Email: info@kiuassuola.com

We reserve the right to update this privacy policy. Changes will be announced on our website.

Privacy policy updated: 30.06.2025