Privacy policy

PRIVACY POLICY

Data Controller

Ateljee Kumma
Business ID: 3592113-3
Email: ateljeekumma@gmail.com
Location: Tampere, Finland

Purpose of this Privacy Policy

This Privacy Policy describes how Ateljee Kumma processes personal data of its customers in the webshop and in commissioned work in accordance with the EU General Data Protection Regulation (GDPR).

Personal Data Collected

We only collect personal data necessary for processing orders and providing services, such as:

  • name

  • email address

  • postal address

  • phone number

  • messages and requests related to the order

The webshop platform Shopify also collects and processes technical data to ensure the functionality and security of the webshop (for example IP address, browser information, and device data).

Purpose and Legal Basis for Processing Personal Data

Personal data is processed for the following purposes:

  • processing and delivering orders

  • customer service and communication

  • fulfilling commissioned work (e.g. portraits and custom work)

  • complying with legal obligations (e.g. accounting)

The legal basis for processing personal data is:

  • performance of a contract (order)

  • legal obligation

  • legitimate interest of the data controller (customer service and business development)

Personal data is not used for automated decision-making or profiling.

Data Retention

Personal data is stored only for as long as necessary:

  • to process orders or commissioned work

  • to fulfill accounting and legal obligations

Accounting records are stored for the period required by law (generally 6 years).

Images and materials provided for commissioned work are not used for any other purpose without the customer’s explicit consent.

Disclosure and Transfer of Data

Personal data is not sold or disclosed to third parties.

In addition to Ateljee Kumma, personal data may be processed by trusted service providers, such as:

  • Shopify (webshop platform)

  • payment service providers

  • delivery services (e.g. Posti)

Data is processed only to the extent necessary for providing the service.

Personal data may be transferred outside the EU/EEA (for example via Shopify). In such cases, appropriate safeguards are applied in accordance with EU data protection legislation, such as Standard Contractual Clauses approved by the European Commission.

Data Protection

Personal data is processed confidentially and protected by appropriate technical and organizational measures.

Access to personal data is limited to persons who need it for their work.

Rights of the Data Subject

The data subject has the following rights:

  • the right to access their personal data

  • the right to rectification

  • the right to erasure (“right to be forgotten”)

  • the right to restrict processing

  • the right to object to processing

  • the right to data portability

The data subject may exercise these rights by contacting the data controller by email.

Right to Lodge a Complaint

The data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of personal data violates data protection legislation.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.

Cookies

The webshop uses cookies to enable its functionality.

Cookies are used, for example, to:

  • ensure the functionality of the shopping cart

  • enable the technical operation of the webshop

  • improve the user experience

The user can manage cookies through their browser settings.

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy if necessary.

The current version is always available in the webshop.