Privacy policy
Updated 9.2.2021
This is a report on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).
Register owner
FTAvintage Oy
Y-tunnus: 3148623-4
Address: Fredrikinkatu 43, 00120 Helsinki
Contacts regarding data protection issues
In all matters regarding the processing of personal data and in situations related to one’s own rights, the data subject must contact the data controller in writing by sending an e-mail to customer service at: info@ftavintage.com
Grounds and purpose of the processing of personal data
The reasoning for the processing of personal data is:
- Consent of the data subject to the processing of personal data
- Contractual relationship between the data subject and the controller
- The register owner’s statutory obligations
We process your personal information for customer relationship management, administration, and development. We need your personal information to carry out our services, such as the delivery and invoicing of your orders. Personal data may be used for certain purposes, these purposes are:
- For customer service, feedback and support
- Processing of payment transactions
- Mail handling
- Direct marketing and advertising
- User analytics and statistics
- Compliance with laws and regulations
Personal data processed
The controller will only collect personal data from data subjects that are relevant and necessary for the purposes described in this privacy statement.
The following information is processed about registrations:
- Full name
- Address information
- Telephone number
- Email address
In addition to the personal information we collect from you as described above, we process your personal information when you do business in our online store. When you go to the FTA Vintage online store, we process the following information about you using cookies, Facebook pixel, Google analytics and other similar tools.
Data collected automatically from the use of the FTA Vintage online store:
- Information about your terminal and network behavior (eg IP address, browser type, operating system, browsing history, time of visit and online store activity)
- Information derived and collected using analytics and tracking techniques
Disclosure of personal data
We disclose personal information to the extent permitted and required by applicable law.
We provide personal information to our partners, such as the payment service providers, in order to make payments for purchases made in the ftavintage.com online store. You can read more here how Klarna uses your information.
If necessary, we also disclose personal data to parties who are legally entitled to access the information, such as the authorities.
Transfers of personal data to third countries
Personal data is not transferred outside the EU and the European Economic Area. However, if this is done for a specific reason, the transfer will take place in accordance with the European Commission’s decision on adequacy.
Data retention period
FTAvintage Oy does not store personal data for longer than it is legally permitted and necessary for the above-mentioned purposes. The storage time of the data depends on the nature of the data and the purposes of the processing. Accounting materials are retained for six years in accordance with the Accounting Act. When the data is no longer needed, we will delete it within three months at the latest.
If you have subscribed to our newsletter, we will retain your personal information for as long as the newsletter subscription is valid. If you unsubscribe from the newsletter, ie cancel your consent to send direct e-marketing, we will stop delivering the newsletter to you without undue delay, but will retain the marketing ban for as long as your personal information is processed for other purposes, such as online shopping.
The controller may be required to process some of the personal data contained in the register for longer than stated above in order to comply with legislation or regulatory requirements.
Rights of the data subject
Right to access own personal data
The data subject has the right to receive confirmation that personal data concerning him or her are being processed and, if so, the right to receive a copy of his or her personal data.
Right to rectification of data
The data subject has the right to request that inaccurate and incorrect personal data concerning him or her to be corrected. The data subject also has the right to have incomplete personal data supplemented by providing the necessary additional information.
Right to delete data
The data subject shall have the right to request the deletion of personal data concerning him or her if:
a. personal data are no longer required for the purposes for which they were collected;
b. the data subject withdraws the consent on which the processing of personal data is based and there is no other legal basis for the processing; or
c. personal data has been processed unlawfully.
Right to restrict processing
The data subject has the right to restrict the processing of personal data concerning him if:
a. the data subject disputes the accuracy of his personal data;
b. the processing is unlawful and the data subject opposes the deletion of his or her personal data and instead requests that their use be restricted; or
c. the controller no longer needs personal data for the original purposes of the processing, but the data subject needs them to draw up, present or defend a legal claim.
Right to withdraw consent
The data subject shall have the right to withdraw his consent to the processing at any time, without prejudice to the lawfulness of the processing carried out on the basis of that consent.
The right to transfer data from one system to another
The data subject shall have the right to obtain personal data concerning him or her which he or she has provided in a structured, commonly used and machine-readable form and to transfer such data to another controller.
Right to appeal to the supervisory authority
The national supervisory authority for personal data matters is the Office of the Data Protection Commissioner attached to the Ministry of Justice. You have the right to refer the matter to the supervisory authority if you consider that the processing of personal data concerning you violates the relevant legislation.
Changing privacy policies
The controller is constantly evolving its operations and may need to change and update its privacy policy as necessary. Changes may also be based on changes in data protection legislation.
If the changes involve new purposes for the processing of personal data or otherwise change significantly, the controller shall give prior notice and, if necessary, request consent.