Chomrinncrzleae

Privacy Policy

Last updated: March 2025. This Privacy Policy describes how we collect, use, store and protect your personal data when you use our website and services. It applies in addition to applicable local and international law, including the EU General Data Protection Regulation (GDPR).

1. Data controller and contact details

Data controller: Chomrinncrzleae (the operator of the website chomrinncrzleae.world).

Address: Hietalahdenranta 5-7, 00120 Helsinki, Finland.

Email: managers@chomrinncrzleae.world.

Phone: +358504716993.

For any request related to your personal data or this policy, please contact us using the details above. We will respond within the time limits set by applicable law (e.g. one month under GDPR).

2. Legal basis and purposes of processing

We process personal data only where we have a valid legal basis and for clearly defined purposes.

  • Contract performance: To process orders, deliver products, and provide customer support we need your name, email, phone (if provided), address and other order-related data. Legal basis: performance of a contract (Art. 6(1)(b) GDPR where applicable).
  • Legitimate interests: To improve our website, prevent fraud, ensure security and defend our rights we may process technical and usage data. Legal basis: legitimate interests (Art. 6(1)(f) GDPR), balanced against your rights.
  • Consent: Where we use non-essential cookies or send marketing communications we do so only with your consent. You can withdraw consent at any time. Legal basis: consent (Art. 6(1)(a) GDPR).
  • Legal obligation: We may retain and disclose data where required by law (e.g. tax, consumer or regulatory obligations). Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).

3. Categories of personal data we collect

Identity and contact data: Name, email address, telephone number (optional), postal address when you place an order or contact us.

Order and transaction data: Order details, payment-related information (as needed for the chosen payment method), delivery and returns information.

Technical and usage data: IP address, browser type and version, device type, operating system, referring URLs, pages visited, date and time of access. This may be collected via cookies and similar technologies as described in our Cookie Policy.

Communication data: Content of messages you send us (e.g. via contact form or email) and our replies.

We do not knowingly collect special categories of data (e.g. health, race, religion) unless you voluntarily provide them and we have a lawful basis to process them.

4. How we collect your data

We collect data (a) when you provide it (e.g. order form, contact form, email); (b) automatically when you use our website (e.g. cookies, logs); (c) from third parties only where necessary (e.g. payment or delivery providers) and in line with this policy and the law.

5. Retention periods

We keep your data only as long as necessary for the purposes stated and as required by law.

  • Order and customer data: For the duration of the contractual relationship and thereafter as required by law (e.g. tax and consumer law in Finland, typically at least 6–7 years for accounting and warranty purposes).
  • Contact and enquiry data: Until the enquiry is fully resolved and any follow-up period we reasonably need (e.g. 1–3 years unless longer retention is required by law).
  • Marketing and consent-based processing: Until you withdraw consent or object, or for a defined period stated at the time of consent (e.g. 2 years), after which we will ask again or delete the data.
  • Technical and access logs: As needed for security and troubleshooting, typically up to 12 months, unless a shorter or longer period is required by law or our legitimate interests.
  • Cookie-related data: As set out in our Cookie Policy.

After the retention period, we delete or anonymise your data so it can no longer identify you.

6. Security measures

We implement technical and organisational measures to protect your data against unauthorised access, loss, alteration or disclosure, including:

  • Use of HTTPS and encryption in transit where applicable.
  • Access controls and limitation of access to personal data to authorised personnel only.
  • Secure storage and, where applicable, encryption of sensitive data.
  • Regular review of our practices and, where appropriate, updates to security measures.
  • Contractual safeguards with any processors who handle your data on our behalf.

Despite our efforts, no system can be completely secure. If we become aware of a breach that is likely to pose a risk to your rights, we will notify the relevant supervisory authority and, where required by law, you.

7. Sharing and international transfers

We may share your data with:

  • Service providers: Payment processors, delivery and logistics partners, IT and hosting providers, and support tools, acting as processors under our instructions.
  • Authorities: When required by law or to protect our legitimate interests in legal proceedings.

We do not sell your personal data. Where we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards (e.g. adequacy decisions, standard contractual clauses, or other approved mechanisms) in line with GDPR.

8. Your rights (including under GDPR)

Depending on your location and applicable law, you may have the following rights:

  • Access: To obtain confirmation as to whether we process your data and a copy of your personal data.
  • Rectification: To have inaccurate data corrected.
  • Erasure: To have your data deleted in certain circumstances (e.g. where processing is based on consent and you withdraw it, or where we no longer need the data).
  • Restriction: To request that we restrict processing in certain situations.
  • Data portability: To receive your data in a structured, commonly used format and, where technically feasible, to have it transmitted to another controller.
  • Objection: To object to processing based on legitimate interests or to processing for direct marketing at any time.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Complaint: To lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (tietosuoja.fi).

To exercise any of these rights, contact us using the details in section 1. We will respond within the time limit required by applicable law (e.g. one month under GDPR, extendable where necessary).

9. Children

Our website and services are not directed at children. We do not knowingly collect personal data from persons under 16 (or lower age where applicable). If you believe we have collected such data, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates when it was last revised. We encourage you to review this page periodically. Where changes are material or affect how we use your data, we may notify you by email or a notice on the website where required by law.

11. Additional information for Finland and EEA users

This policy is intended to comply with the EU General Data Protection Regulation (GDPR) and Finnish data protection law. Our main establishment for the purposes of the website is in Finland. For any questions about how we process your data or about your rights, please contact us at the details provided in section 1.