Privacy policy
Last updated: May 5, 2026
In this notice, we explain how personal data is processed in the Sofia Donna Olivia online store when you visit the website www.sofiadonnaolivia.fi, make purchases, or contact us. Personal data is processed in accordance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act.
1. Data Controller
Suomalaista Luksusta Oy Sofia Donna Olivia
Business ID: 3563487-1
Address: Koivulammenkatu 1, 41160 Tikkakoski, Finland
Email: suomalaistaluksusta@outlook.com
2. What Data We Collect
We collect only the data necessary for the operation of the online store. This may include:
- name, email address, phone number, and address details
- billing and delivery information
- order details, such as purchased products, order value, and delivery method
- information related to payment transactions, such as selected payment method and payment confirmation
- customer service messages and other correspondence
- technical data related to the use of the website, such as IP address, device and browser information, cookies, website usage data, and log data
- data related to the technical maintenance, backup, and restoration of the online store, such as data related to orders, customers, products, collections, pages, themes, metadata, settings, and changes.
We do not store payment card details ourselves. Payments are processed through payment service providers.
3. Purposes of Processing
We use personal data for the following purposes:
- receiving, processing, payment and delivery of orders
- customer service and managing the customer relationship
- fulfilling statutory obligations, such as accounting obligations
- ensuring the security of the online store and preventing misuse
- technical maintenance of the online store, backups, monitoring changes, and restoring data in the event of errors, disruptions, or data loss
- developing the online store, analytics, and improving the user experience
- marketing, if you have given your consent or if the marketing is based on a legitimate interest permitted by law.
The legal bases for processing are contract, statutory obligation, consent, and the legitimate interest of the data controller.
4. To Whom Data May Be Disclosed
Personal data is disclosed only to the extent necessary for the operation of the online store, payments, deliveries, customer service, accounting, technical maintenance, backups, marketing, analytics, or fulfilling statutory obligations.
If an order is delivered outside Finland, we may disclose information necessary for delivering the order to transport and logistics partners and, where necessary, to customs or other authorities.
Data may be processed by or disclosed, for example, to the following parties:
- Shopify, online store platform provider:
https://www.shopify.com/legal/privacy
- Paytrail, payment service provider:
https://www.paytrail.com/tietosuojaseloste-paytrailin-maksupalvelu
- Shopify Payments and the payment services used in the background, such as Stripe:
https://stripe.com/privacy
- TinyBackup, a service for backing up, monitoring changes, and restoring data in the Shopify online store:
https://tinybackup.io/page/privacy-policy
https://tinybackup.io/page/dpa
- transport and logistics partners necessary for delivering orders
- service providers for accounting, IT services, email services, analytics, or marketing
- authorities, where required by law.
We use the TinyBackup application to back up data in the Shopify online store, monitor changes, and restore data in the event of errors, disruptions, or data loss. In connection with backups, TinyBackup may process data related to the operation of the online store, such as data concerning products, collections, pages, blogs, articles, themes, metafields, metaobjects, settings, customers, and orders, to the extent required by the operation of the service and the service plan in use. In this respect, TinyBackup acts as a processor of personal data on behalf of the data controller.
We use Google Analytics and advertising services provided by Google, YouTube, Facebook, and Instagram for website analytics, development, and targeted marketing. Further information about these is provided in the cookie settings or cookie banner.
5. Transfers of Data Outside the EU/EEA
Some of the service providers we use, such as Shopify, Stripe, TinyBackup, or other technical service providers, may process data outside the EU/EEA. In such cases, we ensure that there is a lawful basis for the transfer in accordance with data protection legislation, such as the European Commission’s Standard Contractual Clauses or another approved safeguard mechanism.
6. Data Retention Period
We retain personal data only for as long as necessary for the purposes described in this notice.
Order and accounting data are generally retained for 6 years due to accounting obligations. Customer service messages are retained for as long as required to handle the matter. Marketing data is retained until you withdraw your consent or object to marketing.
Data included in online store backups is retained for as long as the backup service is in use and retention is necessary to protect the online store’s data, monitor changes, and restore data. In TinyBackup’s paid service plans, the retention period for backups may be up to 6 months in accordance with the service terms, and after the subscription ends, backups may remain available for a limited time in accordance with the service provider’s terms.
When the backup service is disabled, the service provider deletes backup data in accordance with its terms, unless longer retention is necessary due to law, a contractual obligation, or technical verification.
7. Cookies
The online store uses cookies, for example, for the technical operation of the website, use of the shopping cart and checkout, analyzing website usage, and targeted marketing.
Essential cookies are necessary for the technical operation of the online store. Analytics and marketing cookies are used based on your consent to the extent required by applicable legislation.
You can manage cookies through your browser settings and through the online store’s cookie settings.
8. Data Security
Personal data is processed confidentially. Access to personal data is limited only to those persons and service providers who have a justified need for it in connection with their work or the provision of the service.
We protect data by technical and organizational measures, such as access rights management and secure connections.
9. Your Rights
You have the right to request access to your personal data, rectification of inaccurate data, deletion of data, restriction of processing, data portability, and to object to processing in accordance with applicable law.
If the processing is based on consent, you may withdraw your consent at any time.
You can exercise your rights by contacting us by email:
suomalaistaluksusta@outlook.com
10. Right to Lodge a Complaint
If you believe that your personal data has been processed unlawfully, you may first contact us. You also have the right to lodge a complaint with the Office of the Data Protection Ombudsman:
https://tietosuoja.fi
11. Changes to This Notice
We may update this notice if the operation of the online store, the services used, or legislation changes. The current version is available in our online store.
