Privacy Policy
DEVERK — PRIVACY POLICY
Last updated: 25.05.25
1. DATA CONTROLLER
Deverk Oy ("DEVERK", "we")
Business ID: 3449416-8
Madeiranaukio 4, 00220 Helsinki
Tel. +358 45 783 650 35
Email: info@deverk.fi
For privacy-related inquiries: tietosuoja@deverk.fi
2. GENERAL
This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our online store (www.deverk.fi), shop at our physical store, or otherwise interact with us.
We process your personal data in accordance with the EU General Data Protection Regulation (GDPR, EU 2016/679), the Finnish Data Protection Act (1050/2018), and other applicable legislation.
3. WHAT PERSONAL DATA WE COLLECT
We only collect data that is necessary for the provision of our services.
3.1 Information you provide to us
— Contact information: name, email address, phone number, address
— Order information: shipping address, billing address, order history
— Account information: username, password, and account settings (if you create an account)
— Customer service communications: messages, feedback, and complaints
— Marketing consent: newsletter subscription details
3.2 Information we collect automatically
— Device information: browser type, operating system, device type
— Usage data: pages visited, product searches, shopping cart contents
— Technical data: IP address, cookie identifiers
— Location data: general location based on IP address
3.3 Information received from third parties
— From payment processors: payment transaction confirmation details
— From Shopify: online store analytics data
— From shipping companies: delivery status information
4. WHY WE PROCESS YOUR PERSONAL DATA (purpose and legal basis of processing)
In accordance with GDPR Article 6, we process your personal data on the following legal bases:
4.1 Performance of a contract (Article 6.1 b)
— Receiving, processing, and delivering orders
— Processing payments
— Creating and managing customer accounts
— Providing customer service
— Handling returns and complaints
— Managing warranty matters
4.2 Legal obligation (Article 6.1 c)
— Retention of accounting documents in accordance with accounting law
— Obligations related to taxation
— Obligations under consumer protection law
4.3 Legitimate interest (Article 6.1 f)
— Ensuring the functionality and security of the online store
— Fraud prevention
— Developing and improving our services
— Analyzing and personalizing the customer experience
4.4 Consent (Article 6.1 a)
— Sending marketing communications (newsletters, offers)
— Use of non-essential cookies
— Targeted advertising
You can withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.
5. TO WHOM WE DISCLOSE YOUR PERSONAL DATA
We do not sell your personal data. We disclose data only to the following parties for the purpose of providing our services:
5.1 Service Providers
— Shopify Inc. (online store platform) — data is processed according to Shopify's Consumer Privacy Policy: https://www.shopify.com/legal/privacy
— Payment processors (Shopify Payments, PayPal, Klarna) — processing payment transactions
— Shipping companies — executing deliveries
— Email service — sending order confirmations and marketing communications
5.2 Authorities
We disclose data to authorities only in situations required by law (e.g., taxation, law enforcement).
5.3 Corporate Restructuring
If our business or part of it is transferred to another party, personal data may be transferred as part of the arrangement.
6. TRANSFER OF DATA OUTSIDE THE EU
Our online store operates on the Shopify platform, whose servers are located partly in the United States and Canada. Data transfers outside the EU/EEA are carried out using standard contractual clauses (SCCs) approved by the EU Commission or other transfer mechanisms compliant with the GDPR.
Shopify's data transfer practices: https://www.shopify.com/legal/privacy
7. PERSONAL DATA RETENTION PERIODS
We retain your personal data only for as long as necessary:
— Order data: 5 years from delivery of the order (accounting law)
— Customer account data: as long as your account is active + 12 months after account closure
— Marketing consent: until you withdraw consent
— Warranty data: until the end of the warranty period (maximum 10 years)
— Cookie data: according to the cookie policy (see section 10)
— Customer service communications: 2 years from resolution of the matter
Upon expiration of the retention period, we will delete or anonymize the data.
8. YOUR RIGHTS (GDPR Articles 15–22)
You have the following rights regarding your personal data:
8.1 Right to access your data (Article 15)
You can request a copy of all personal data we process about you.
8.2 Right to rectification (Article 16)
You can request correction of inaccurate or incomplete data about you.
8.3 Right to erasure (Article 17)
You can request the erasure of your personal data ("right to be forgotten"), unless there is a legal basis for processing.
8.4 Right to restriction of processing (Article 18)
You can request the restriction of processing of your data in certain situations.
8.5 Right to data portability (Article 20)
You can request your data in a machine-readable format and transfer it to another service provider.
8.6 Right to object to processing (Article 21)
You can object to the processing of your personal data on grounds relating to your particular situation, including profiling and direct marketing.
8.7 Right to withdraw consent (Article 7)
If processing is based on your consent, you can withdraw it at any time.
8.8 Right not to be subject to automated decision-making (Article 22)
We do not make decisions concerning you based solely on automated processing.
Exercising your rights:
✉ tietosuoja@deverk.fi
We will respond to your request within 30 days. In complex cases, we may extend the deadline by a maximum of two months, in which case we will inform you of the reason for the delay.
9. DATA SECURITY
We protect your personal data with appropriate technical and organizational measures, including:
— SSL/TLS encrypted data transfer
— Access control and restriction of access rights
— Payment card data is processed in accordance with the PCI DSS standard via Shopify Payments — we do not store payment card data
— Regular security updates
No system is completely secure. In the event of a data breach, we will notify the Data Protection Ombudsman within 72 hours in accordance with GDPR Article 33, and you, if the breach is likely to result in a high risk to your rights.
10. COOKIES
Our online store uses cookies. The use of cookies is based on the EU ePrivacy Directive and the Finnish Act on Electronic Communication Services (917/2014).
10.1 Essential cookies (do not require consent)
— Shopping cart functionality, login, security
10.2 Analytics cookies (with consent)
— Google Analytics, Shopify Analytics — online store development
10.3 Marketing cookies (with consent)
— Meta/Facebook Pixel, Google Ads — ad targeting
You can manage your cookie settings through our website's cookie banner or your browser settings.
Further information: [www.deverk.fi/cookies]
11. CHILDREN'S INFORMATION
Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with their personal data, please contact us: tietosuoja@deverk.fi.
12. THIRD-PARTY LINKS
Our online store may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We recommend reviewing the privacy policies of each website.
13. CHANGES TO THE PRIVACY POLICY
We may update this Privacy Policy. We will notify you of material changes on our website and, if necessary, by email. The updated version will become effective on the date of publication.
14. SUPERVISORY AUTHORITY AND RIGHT TO COMPLAIN
If you believe that the processing of your personal data violates data protection legislation, you have the right to file a complaint with the supervisory authority:
Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki
Tel. +358 29 566 6700
tietosuoja.fi
tietosuoja@om.fi
You can also file a complaint with the data protection authority of any EU/EEA country.
15. SHOPIFY PLATFORM PRIVACY
Our online store operates on the Shopify Inc. platform. Shopify processes personal data for the purpose of providing the online store service. Shopify acts as a data processor on our behalf, and in certain situations (such as Shopify's own analytics services), as an independent data controller.
Shopify's Consumer Privacy Policy: https://www.shopify.com/legal/privacy
Shopify's privacy rights: https://privacy.shopify.com/en
If you have any questions about Shopify's processing of personal data, you can contact Shopify directly via the links above.
16. CONTACT INFORMATION
For all privacy-related questions, requests, and feedback:
Deverk Oy
Privacy Matters
Madeiranaukio 4, 00220 Helsinki
✉ info@deverk.fi
✆ +358 45 783 650 35