Volkrannpryxthel

Privacy Policy

Last Updated: January 2025

1. Introduction and Data Controller Information

This Privacy Policy explains how Volkrannpryxthel collects, uses, stores, and protects your personal data when you visit our website or use our services. We are committed to protecting your privacy and ensuring transparency in our data processing activities in accordance with the General Data Protection Regulation (GDPR) and Finnish data protection laws.

Data Controller:

Volkrannpryxthel
Piispansilta 9
02230 Espoo, Finland
Phone: +358 10 4261
Email: partners@volkrannpryxthel.world

The data controller is responsible for determining the purposes and means of processing your personal data. If you have any questions about this Privacy Policy or how we handle your data, please contact us using the information provided above.

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, and postal address when you place an order or contact us
  • Order Information: Details about products ordered, quantities, preferences, and delivery instructions
  • Communication Data: Messages, inquiries, and correspondence you send to us through contact forms or email
  • Payment Information: Billing address and payment method details (note: credit card information is processed by our payment processor and not stored on our servers)

2.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device information, time zone settings
  • Usage Data: Information about how you use our website, including pages visited, time spent on pages, links clicked, and navigation paths
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookies Policy for details)
  • Location Data: General geographic location based on IP address

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Consent (Article 6(1)(a) GDPR): When you provide explicit consent for specific processing activities, such as receiving marketing communications or using non-essential cookies
  • Contract Performance (Article 6(1)(b) GDPR): Processing necessary to fulfill our contractual obligations when you place an order, including order processing, delivery, and customer service
  • Legal Obligation (Article 6(1)(c) GDPR): Processing required to comply with legal obligations, such as tax laws, accounting requirements, and consumer protection regulations
  • Legitimate Interests (Article 6(1)(f) GDPR): Processing necessary for our legitimate business interests, such as fraud prevention, network security, business analytics, and improving our services, provided these interests do not override your fundamental rights and freedoms

4. Purposes of Data Processing

We process your personal data for the following purposes:

4.1 Order Processing and Fulfillment

  • Processing and managing your orders
  • Arranging delivery and shipment of products
  • Communicating with you about your order status
  • Processing payments and preventing fraud
  • Handling returns, refunds, and customer service inquiries

4.2 Customer Service and Communication

  • Responding to your inquiries and requests
  • Providing customer support
  • Sending order confirmations and updates
  • Notifying you about changes to our services or policies

4.3 Marketing and Promotional Activities

  • Sending promotional emails about new products and special offers (with your consent)
  • Personalizing marketing content based on your preferences
  • Conducting customer satisfaction surveys

4.4 Website Operation and Improvement

  • Operating and maintaining our website
  • Analyzing website usage to improve user experience
  • Troubleshooting technical issues
  • Ensuring website security and preventing fraud

4.5 Legal Compliance

  • Complying with legal and regulatory requirements
  • Maintaining accounting and tax records
  • Responding to legal requests and preventing illegal activities

5. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your data with the following categories of recipients:

5.1 Service Providers

We engage trusted third-party service providers who process data on our behalf:

  • Payment Processors: To securely process payment transactions
  • Shipping and Logistics Partners: To deliver products to your address
  • Email Service Providers: To send transactional and marketing emails
  • Web Hosting Providers: To host our website and store data
  • Analytics Providers: To analyze website usage and performance
  • Customer Support Tools: To manage customer inquiries and support tickets

All service providers are contractually obligated to protect your data and use it only for the specified purposes.

5.2 Legal Requirements

We may disclose your personal data when required by law, such as:

  • In response to valid legal requests from authorities
  • To comply with court orders or legal processes
  • To protect our rights, property, or safety, or that of our customers or the public
  • To enforce our terms and conditions

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

6. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for intra-group transfers
  • Your explicit consent for specific transfers

We ensure that any international transfers comply with GDPR requirements and provide adequate protection for your personal data.

7. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations:

  • Order and Transaction Data: Retained for 7 years to comply with accounting and tax regulations
  • Customer Account Data: Retained for the duration of your account plus 2 years after account closure
  • Marketing Consent Data: Retained until you withdraw consent or for 3 years of inactivity
  • Website Analytics Data: Retained for 26 months in anonymized form
  • Customer Service Communications: Retained for 3 years after the last interaction
  • Cookie Data: Retention periods vary by cookie type (see Cookies Policy)

After the retention period expires, we securely delete or anonymize your personal data. In some cases, we may retain data for longer periods if required by law or to establish, exercise, or defend legal claims.

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

8.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation of whether we process your personal data and to access that data. You can request a copy of your personal data in a commonly used electronic format.

8.2 Right to Rectification (Article 16 GDPR)

You have the right to request correction of inaccurate personal data and to complete incomplete data.

8.3 Right to Erasure (Article 17 GDPR)

You have the right to request deletion of your personal data in certain circumstances, such as when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

8.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of data or object to processing.

8.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

8.6 Right to Object (Article 21 GDPR)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

8.7 Right to Withdraw Consent (Article 7(3) GDPR)

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In Finland, the supervisory authority is:

Office of the Data Protection Ombudsman
P.O. Box 800
00521 Helsinki, Finland
Website: tietosuoja.fi
Email: tietosuoja@om.fi

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at partners@volkrannpryxthel.world or write to us at the address provided in Section 1. We will respond to your request within one month, which may be extended by two additional months for complex requests. We may request additional information to verify your identity before processing your request.

9. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

9.1 Technical Measures

  • Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS protocols (HTTPS)
  • Secure Storage: Personal data is stored on secure servers with restricted access
  • Firewalls and Intrusion Detection: Network security measures to prevent unauthorized access
  • Regular Security Updates: Systems and software are regularly updated with security patches
  • Data Backup: Regular backups to prevent data loss

9.2 Organizational Measures

  • Access Controls: Personal data is accessible only to authorized personnel who need it for their job functions
  • Confidentiality Agreements: Employees and contractors are bound by confidentiality obligations
  • Training: Regular data protection training for staff
  • Data Protection Policies: Internal policies and procedures for data handling
  • Incident Response: Procedures for detecting, reporting, and responding to data breaches

While we strive to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but continuously work to improve our security measures.

10. Children's Privacy

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly.

11. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any data analysis we conduct is for internal business purposes such as improving our services and understanding customer preferences, and does not result in automated decisions that affect your rights.

12. Third-Party Links

Our website may contain links to third-party websites, services, or applications. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email if you have an account with us
  • Display a prominent notice on our website
  • Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our website after changes are posted constitutes acceptance of the updated policy.

14. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Volkrannpryxthel
Piispansilta 9
02230 Espoo, Finland
Phone: +358 10 4261
Email: partners@volkrannpryxthel.world

We are committed to resolving any privacy concerns you may have and will respond to your inquiries promptly and professionally.

15. Specific Information for Finnish Residents

As a company operating in Finland, we comply with the Finnish Data Protection Act (Tietosuojalaki 1050/2018) in addition to GDPR. Finnish residents have all the rights outlined in this Privacy Policy and can contact the Finnish Data Protection Ombudsman with any concerns.

16. Cookie Usage

We use cookies and similar tracking technologies on our website. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookies Policy.

17. Marketing Communications

If you have consented to receive marketing communications, we may send you promotional emails about new products, special offers, and other information we think may interest you. You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us at partners@volkrannpryxthel.world
  • Updating your preferences in your account settings

Please note that even if you opt out of marketing communications, we will still send you transactional emails related to your orders and account.

18. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay as required by GDPR Article 34. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Our notification will include:

  • The nature of the personal data breach
  • The likely consequences of the breach
  • The measures taken or proposed to address the breach
  • Contact information for further inquiries