Privacy Policy

 

1. CONTROLLER

Phia Design (”Phia” or ”we”) processes online customers’ personal data for the managing and processing of orders and deliveries, managing customer relations and for direct marketing purposes. We also process the information of online visitors for trend detection and analytics.

It is important to us that you know how we use your data. This Privacy policy aims to clarify how we process your personal information.

Please note that this Privacy Policy only applies to the data processing carried out by Phia Design as a data controller.

Your chosen payment service provider is the controller in regard to any payment transactions data. The Privacy Policies of these service providers are available on their websites:

Stripe

Paypal

2. CONTACT DETAILS

Controller’s contact details:

Phia Design 

Business ID: FI20164256

Rahapajankatu 3 D 28 

00160 Helsinki, Finland

contact@phiastore.com

www.phiastore.com

3. COLLECTED PERSONAL DATA

We collect the following information of our users or online customers:

  • first and last name

  • email address

  • postal address

  • phone number

  • order and delivery history

  • payment method

  • possible communication history

  • returns, complaints or claims

  • direct marketing opt-ins or restrictions

  • company name and business id of business customers.


We may also process technical data of all the online visitors that may in certain situations identify you and qualify as personal data, including the following:

  • IP address

  • operating system

  • device type

  • products searched in the online store

  • browsing history and URL route in the online store.

4. COOKIES AND ANALYTICS TOOLS

We use cookies and similar technologies to improve the usability and functionality of our website. We also use third party cookies to collect analytics data and to integrate our social media accounts to our website.

Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

A cookie is a small text file saved in the user’s computer. If you don’t want to save cookies on your computer, you can prevent cookies in your browser settings. In that case we cannot guarantee that our site will functions in the best way possible.

Our site uses Squarespace Analytics. More information regarding Cookies used and the privacy of Squarespace Analytics is available on https://support.squarespace.com/hc/en-us/articles/360001264507.

5. SOURCES OF PERSONAL DATA

We primarily receive personal data directly from you in connection with your order or registration. Technical analytics data is saved automatically from online visits. 

6. THE PURPOSES AND LEGIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA

Personal data may be used for the following purposes of use in accordance with legislation and applicable consents:

Entering into an Agreement with Customer

Facilitating orders and deliveries

We process personal data to process, confirm and deliver orders. Personal data may also be processed in situations concerning order’s or product’s reclamation.

Customer communication and customer care

The customer’s data may be used for customer service, communication and to control and maintain customer relationship.

If you contact our customer service, we will use the given data to response to questions and solve possible problems and processing of your message.

Direct marketing and market research

If you have in any way expressed you want to receive direct marketing material, we may process your personal data in order to send you direct marketing material such as information about our products and current offers and events. With your consent we may also contact you for market research purposes.

More information about the process of personal data in direct marketing is available in section 10. You always have a right to prohibit electronic direct marketing.

Legal grounds for processing personal data

We process personal data to take care of our obligations based on a contractual relation towards you or to facilitate pre-contractual steps. In certain cases we process personal data to fulfil our legal obligations, for example when we are obliged to store order and transactions data for accounting purposes. We also process personal data on the basis of consent when you have given your consent for the processing of personal data and on the grounds of our legitimate interests to maintain and develop our business, for example for the purposes of collecting website analytics.

7. STORAGE PERIOD

We do not store personal data longer than is legally permitted or as it is necessary to meet the purposes of use above. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use.

Storage periods reflect the time reasonably necessary for our legitimate interests for example for claims handling, internal reporting, marketing and reconciliation purposes.

Due to accounting legislation we are also required to store all material relating to our transactions for the period as defined by the law.

8. INTERNATIONAL TRANSFERS OF PERSONAL DATA 

We primarily store personal data inside the European Economic Area. 

However, in some situations we may transfer personal data to be processed outside of this area. In these cases we will ensure that your data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements such as the Privacy Shield framework. 

Squarespace and Squarespace Analytics stores data in the United States. Squarespace have self-certified to the EU-US Privacy Shield, which allows the transfer of personal data lawfully from EU to the US. More information about Squarespace participation in Privacy Shield is available: https://www.privacyshield.gov/participant?id=a2zt0000000GnjcAAC&status=Active

9. THE RECIPIENTS OF PERSONAL DATA 

We do not share your personal data with third parties outside of Phia Design’s organization unless one of the following circumstances applies:

It is necessary for the purposes set out in this Privacy Policy

To the extent that third parties need access to personal data to personal data for the purposes specified above, we have taken appropriate contractual and organisational measures to ensure that personal data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations.

For legal reasons

We may share personal data with third parties outside Phia Design’s organization if access to the personal data is reasonably necessary to: (i) meet applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, identity theft, money laundering, terrorism financing or information security or technical difficulties; or (iii) ensure any other purpose required by public interest in accordance with the law.

To authorized service providers

We may share personal data to authorized service providers such as the service provider responsible for transport service. Our agreements with our service providers include commitments requiring our service providers to limit their use of personal data and to comply with the privacy and security standards of this Privacy Policy.

For other legitimate reasons

If Phia Design is involved in a merger, acquisition or asset sale, we may transfer personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.

With your explicit consent

We may share personal data with third parties outside Phia Design’s organization for other reasons than the ones mentioned before, when we have your explicit consent to do so. You have the right to withdraw such consent at any time by contacting us.

10. THE RECIPIENTS OF PERSONAL DATA

Right to access

You have the right to access your personal data processed by Phia Design. You may contact us to find out what personal data we process and for which purpose we use it.

Right to correct

You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored corrected or completed. By contacting us you can update for example your contact information or other information.

Right to deletion

You may ask us to delete your personal data. We will comply with your request unless we have a legitimate ground to not delete the data. Such ground may be for example an obligation to keep certain data due to accounting legislation or a requirement to store order information to verify the purchase of your product and contractual responsibilities of Phiastore.

Right to object and right to restrict

You have a right to resist the processing of your personal data or profiling, if your data is being processed for direct marketing. You have a right to demand the limitation of your personal data among other things when the data concerning you is not true. Furthermore, in certain special situations you may have a right to resist the processing of your personal data on the grounds of personal reasons.

Right to data portability

You have the right to receive your personal data from us in a structured and commonly used format and to independently transmit data to a third party.

How to use your rights

If you want to use any of the above-mentioned rights, please send us a letter or a secure e-mail with the following information: name, address, phone number and a copy of a valid ID. We may request additional information to confirm your identity.

We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

11. DIRECT MARKETING

If you have given your consent to receive direct marketing we may send you marketing material such as but not limited to notices concerning our products, offers and events.

You have the right to prohibit us from using personal data for direct marketing, market research or profiling by contacting us through the contact information mentioned above.

12. INFORMATION SECURITY

We apply reasonable safeguards to protect the personal data we collect and process. Our security measures are designed to maintain an appropriate level of data confidentiality, integrity, and availability.

Access to personal data is limited to authorized persons on a need-to-know basis. The personal data is protected with appropriate access controls, user rights and passwords.

Should despite of the security measures, a security breach occur that is likely to have negative effects on your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.

13. LODGING A COMPLAINT

You have the right to lodge a complaint to the data protection authority, if you consider Phia Design’s processing of personal data to be inconsistent with the applicable data protection laws.