Privacy Policy

Bylaurahilmaceramics Online Store Privacy Policy

The online store Bylaurahilmaceramics, located at bylaurahilmaceramics.com, with business ID 3438402-2, based in Parkano, handles customer-provided personal data required for processing and confirming the terms of use, handling electronic orders and deliveries, and transferring necessary information for the legally required duration.

General Provisions

1. Data Controller
   The data controller, who complies with the GDPR regulation, is Bylaurahilmaceramics, with business ID 3438402-2, based in Parkano.

2. Contact Information of the Data Controller
   Email: bylaurahilma@gmail.com
   Phone: +358 40 9314522

3. Personal Data
   Personal data refers to any information related to an identified or identifiable natural person.

Source of Personal Data

1. The data controller processes personal data received with the customer's consent, which was collected through an agreement for the purpose of obtaining and fulfilling an electronic order from the online store.

2. The data controller only processes the customer's identification and contact details that are necessary for fulfilling the purchase agreement.

3. The data controller processes personal data for shipping and accounting purposes and for transferring necessary information between the parties for the legally required duration. Personal data will not be disclosed or transferred to other countries.

Purpose of Data Processing

The data controller processes the customer's personal data for the following purposes:

1. Registration on the website in compliance with Chapter 4, Section 2 of the GDPR.

2. Electronic orders created by the customer (name, address, email, phone number).

3. Compliance with laws and regulations arising from the contractual relationship between the customer and the data controller.

4. Personal data is necessary to fulfill the purchase agreement. The agreement cannot be made without personal data.

Duration of Personal Data Storage

1. The data controller retains personal data for as long as necessary to fulfill the rights and obligations arising from the agreement between the data controller and the customer, and for three years after the termination of the agreement.

2. The data controller must delete all personal data after the required retention period.

Recipients and Processors of Personal Data

Third parties who process the customer's personal data are subcontractors of the data controller. These subcontractors' services are essential to implement the agreement related to the electronic order process between the data controller and the customer.

Subcontractors of the data controller include:

• Webnode AG (e-commerce platform)
• Shipping company
• Google Analytics (website analytics)

Customer Rights

In accordance with the regulation, the customer has the right to:

1. Access personal data.
2. Correct personal data.
3. Request the deletion of personal data.
4. Object to the processing of personal data.
5. Data portability.
6. Withdraw consent for processing personal data, either in writing or by email to: bylaurahilma@gmail.com.
7. Lodge a complaint with a supervisory authority if there is suspicion of a breach of the regulation.

Security of Personal Data

1. The data controller is committed to taking all technical and organizational precautions necessary to protect personal data.

2. The data controller has implemented technical precautions to secure data storage, especially ensuring computer access through passwords, using antivirus software, and maintaining computers regularly.

Final Provisions

1. By making an electronic order on the website bylaurahilmaceramics.com, the customer confirms being aware of all personal data protection terms and fully accepts them.

2. The customer accepts these terms when making the order.

3. The data controller may update these Terms at any time. The new, updated version will be published on this website.

These terms come into effect on January 12, 2025.

What is GDPR?

GDPR (General Data Protection Regulation) is a regulation by the European Union that came into effect on May 25, 2018. Its goal is to enhance individual privacy and create uniform data protection rules across the EU. GDPR applies to all businesses and organizations operating within the EU and those processing personal data of EU citizens, regardless of their location.

Key Aspects of GDPR

1. Protection of Personal Data
   Personal data refers to any information that relates to an identifiable person, including:

   • Name
   • Email address
   • IP address
   • Location data
   • Biometric data such as fingerprints or facial recognition data

   GDPR requires organizations to process personal data responsibly and only for predefined purposes.

2. Transparency and User Rights
   GDPR emphasizes users' rights over their data. These rights include:

   • Right to access: Users have the right to know what data is collected about them and how it is used.
   • Right to rectification: Users can request corrections of inaccurate data.
   • Right to erasure: Users can request their data to be deleted, also known as the "right to be forgotten."
   • Right to data portability: Users can request the transfer of their data to another provider.
   • Right to object: Users can opt-out of data processing, especially for marketing purposes.

3. Data Security Measures
   Businesses must implement sufficient measures to protect personal data. These include:

   • Data encryption
   • Access control
   • Data breach notification within 72 hours if they occur
   • Preventing data breaches and continually improving security

4. Consent
   GDPR requires clear and unambiguous consent from users before processing personal data. Consent must not be pre-ticked by default, and users must be able to withdraw consent easily.

5. Data Protection Officer (DPO)
   A DPO is responsible for overseeing compliance with GDPR. The appointment of a DPO is mandatory in certain cases, such as when an organization processes large amounts of personal data.

6. Consequences of Violations
   Non-compliance with GDPR can lead to significant penalties. Fines can reach:

   • Up to 20 million euros, or
   • 4% of the company's annual turnover (whichever is higher).

   The size of the fine depends on the severity of the violation and how well the organization has tried to meet GDPR requirements.

What GDPR Means for Businesses and Individuals

• Businesses: GDPR requires businesses to update their privacy policies, train their staff, and ensure that all data processing activities comply with the regulation. They must also keep a record of the personal data they process and its intended use.

• Individuals: GDPR gives individuals more control over their personal data. They can request access to their data, check how it is being processed, and ask for corrections or deletion.