Thank you for your interest in our online shop. The protection of your privacy is very important to us. We as a data controller, are committed to protecting the privacy of our customers and the persons visiting our websites and we comply with and act in accordance with the applicable data protection legislation, including amongst other the General Data Protection Regulation (EU 2016/679 “GDPR”), every time we process personal data. In the following we inform you in detail about the processing of your personal data.
1. DATA CONTROLLER
Nordic By Nature Oy (“Nordic By Nature” or “we”)
2. PURPOSE OF PROCESSING
We process your personal data in connection with your purchases from our store, when you contact us (e.g. via contact form or e-mail), when you subscribe to our newsletter, or when you open a customer account. Mandatory fields are marked as such, because in these cases we need the data to process your order or to open a customer account or otherwise process your request.
The legal basis with respect to the processing of personal data for the above mentioned purposes is the performance of a contract to which the customer is a party or in order to take steps at the request of the customer to enter into a contract (as stipulated in the GDPR Article 6(1)(b)). In relation to newsletters and other marketing activities, the legal basis for processing personal data is our legitimate interest (as stipulated in the GDPR article 6.1(f)) to develop our existing customer relationships as well as to acquire new customers. In case you have provided your personal data via our website in order to receive our newsletters and we do not rely on any other legal basis to process the personal data, the legal basis for processing is consent (as stipulated in the GDPR article 6.1(a)) and you may withdraw your consent any time. For further information about your rights, please see below the Section 6.
When you purchase something from our store, subscribe to a newsletter, open a customer account, send us a contact form, send us an email email@example.com, subscribe to a product page or fill out a feedback survey, we process the personal information you give us such as your name, address and email address.
3. RETENTION OF PERSONAL DATA
4. SOURCE OF PERSONAL DATA
We collect personal data mostly directly from our customers. In addition, personal data may be collected from publicly available sources.
5. DISCLOSURE OF PERSONAL DATA
As a general principle, we will not disclose personal data to third parties, unless required by the applicable legislation, authorities, or the performance of the customer relationship. However, we may use external data processors or subprocessors, in which case personal data will be disclosed to such third parties. In case we appoint an external data processor or subprocessor, we will enter into a data protection agreement with the data processor in order to secure safe and adequate data processing.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
In general, we will not transfer personal data outside the EU/EEA region. If the transfer of personal data outside the EU/EEA region is necessary, such transfer will be performed subject to appropriate safeguards required by applicable data protection laws such as EU Commission’s Standard Contractual Clauses.
6. INDIVIDUAL RIGHTS
According to the General Data Protection Regulation (2016/679), you have the following rights regarding your personal data:
Right to access to your personal data;
Right to request us to rectify incomplete or incorrect personal data;
Right to request us to erase your personal data;
Right to object to or restrict the processing of personal data;
Right to object automated decision-making;
Right to request us to transfer your personal data to another data controller;
Right to opt out of receiving electronic direct marketing communications from us: All electronic direct marketing communications that you may receive from us, such as e-mail messages, give you an option of not receiving such communications from us in the future.
You have the right to lodge a complaint with a supervisory authority, if you consider that your rights based on the GDPR, or national data protection legislation have been infringed. You have the right to lodge a complaint with a supervisory authority of your habitual residence. In Finland, the supervisory authority is the Finnish Office of the Data Protection Ombudsman (www.tietosuoja.fi/en).
If you have any questions regarding the collection, processing or use of your personal data, or if you would like to access, correct, amend or delete any personal data we have about you, please contact directly our Privacy Compliance Officers at firstname.lastname@example.org.
7. DATA SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Each time a website is accessed, the web server only automatically saves a so-called server log file, which contains the name of the requested file, your IP address, date and time of access, transferred data volume and the requesting provider (access data) and documents the access.
This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our services. All access data will be deleted at the latest seven days after the end of your page visit.
In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser the next time you visit (persistent cookies).
Here is a list of cookies that we use. We have listed them here so that you can choose if you want to opt-out of cookies or not.
Strictly Required Cookies: These cookies are required for the website to run and cannot be switched off.
_orig_referrer: Track landing pages. Duration 2w.
_landing_page: Track landing pages. Duration 2w.
_ab:Used in connection with access to admin. Duration 2y.
_secure_session_id: Used to track a user's session through the multi-step checkout process and keep their order, payment and shipping details connected. Duration 24h.
Cart: Used in connection with shopping cart. Duration 2w.
Cart_sig: A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations. Duration 2w.
Cart_ts: Used in connection with checkout. Duration 2w.
Cart_ver: Used in connection with shopping cart. Duration 2w.
Cart_currency: Set after a checkout is completed to ensure that new carts are in the same currency as the last checkout. Duration 2w.
Checkout_token: Used in connection with checkout. Duration 1y.
Secure_customer_sig: Used to identify a user after they sign into a shop as a customer so they do not need to log in again. Duration 1y.
Storefront_digest: Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected. Duration 2y.
Cookieconsent_status: Associated with the app GDPR/CCPA + Cookie Management and is used for storing the customer's consent.
Cookieconsent_preferences_disabled: Aassociated with the app GDPR/CCPA + Cookie Management and is used for storing the customer's consent.
_shopify_m: Used for managing customer privacy settings. Duration 1y.
_shopify_tm: Used for managing customer privacy settings. Duration 30min.
_shopify_tw: Used for managing customer privacy settings. Duration 2w.
_tracking_consent: Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. Duration 1y.
Tracked_start_checkout: Used in connection with checkout. Duration 1y.
Identity_state: Used in connection with customer authentication. Duration 24h.
Identity_customer_account_number: Used in connection with customer authentication. Duration 12w.
Reporting And Analytics: These cookies are to measure the traffic and its sources by collecting information in data sets, and learning about the most popular products and activities on the store.
_s: Shopify analytics. Duration 30min.
_shopify_d: Shopify analytics. Duration session.
_shopify_fs: Shopify analytics. Duration 30min.
_shopify_s: Shopify analytics. Duration 30min.
_shopify_sa_t: Shopify analytics relating to marketing & referrals. Duration 30min
_shopify_sa_p: Shopify analytics relating to marketing & referrals. Duration 30min
Marketing And Retargeting: These cookies are used for behavioral targeting and advertising. They are served by third-party companies and track a user across websites.
_gads: This cookie enables Google ads.
IDE: This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange.
_s: This cookie is associated with Shopify's analytics suite.
GPS: This cookie is associated with YouTube which collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites.
PREF: This cookie, which may be set by Google or Doubleclick, may be used by advertising partners to build a profile of interests to show relevant ads on other sites.
BizoID: This is a Microsoft MSN 1st party cookie to enable user-based content.
_fbp: Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.
_fbc: Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.
__adroll: This cookie is associated with AdRoll
__adroll_v4: This cookie is associated with AdRoll
__adroll_fpc: This cookie is associated with AdRoll
__ar_v4: This cookie is associated with AdRoll
Functional cookies: These cookies enable the possibility to offer additional functions and settings. They can be set by our store or third-party providers.
_gid: This cookie name is associated with Google Universal Analytics
__cfduid: Established by the CloudFlare service to identify trusted website traffic
For web page analysis we use Google Analytics, a web analysis service of Google LLC (www.google.de). Google Analytics uses methods that enable the analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is generally transmitted to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The anonymous IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The data collected in this context will be deleted after the purpose and end of the use of Google Analytics by us.
In order to change your cookie preferences, please click the button below.
SIGN UP FOR OUR NEWSLETTER TO GET 10% OFF YOUR FIRST ORDER