Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for the processing of your personal data is:

Phimlorebrchon
Mannerheimintie 7, 00100 Helsinki, Finland
Email: managers@phimlorebrchon.world
Website: phimlorebrchon.world

2. What Personal Data We Collect

We collect the following categories of personal data when you interact with our website:

  • Contact information: full name, email address, and phone number (if provided) when you submit our order form.
  • Communication data: any messages you include in the order form.
  • Technical data: IP address, browser type and version, operating system, referral source, pages visited, time and date of visits, and time spent on pages.
  • Cookie data: information collected through cookies and similar technologies as described in our Cookie Policy.
  • Consent records: records of the consents you have given, including date, time, and scope of consent.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679:

  • Consent (Article 6(1)(a) GDPR): When you voluntarily submit the order form and provide explicit consent to the processing of your personal data.
  • Contractual necessity (Article 6(1)(b) GDPR): Processing necessary for the performance of a contract or to take steps at your request prior to entering into a contract.
  • Legitimate interests (Article 6(1)(f) GDPR): For website analytics, security, fraud prevention, and improving our services, provided that such interests are not overridden by your rights and freedoms.
  • Legal obligation (Article 6(1)(c) GDPR): When processing is necessary to comply with applicable laws, such as tax and accounting requirements.

4. Purposes of Processing

We process your personal data for the following purposes:

  • To process and fulfill your orders and requests.
  • To communicate with you regarding your orders or inquiries.
  • To comply with legal obligations, including accounting and tax requirements under Finnish law.
  • To improve our website functionality and user experience.
  • To analyze website traffic and usage patterns (only with your consent for analytics cookies).
  • To ensure the security and integrity of our website.
  • To detect and prevent fraud or unauthorized access.

5. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

  • Service providers: third-party companies that assist us in operating our website, processing orders, and delivering products (e.g., hosting providers, payment processors, delivery services).
  • Legal authorities: when required by applicable law, court order, or governmental regulation.
  • Professional advisors: lawyers, accountants, and auditors where necessary for legal, accounting, or audit purposes.

We do not sell, rent, or trade your personal data to third parties for marketing purposes. All third-party service providers are contractually bound to process personal data only on our instructions and in compliance with GDPR.

6. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If any data transfer occurs outside the EEA, we ensure adequate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • An adequacy decision by the European Commission regarding the recipient country.
  • Other appropriate safeguards as required under Chapter V of the GDPR.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order data: retained for the duration required to process and fulfill the order, and thereafter for the period required by Finnish accounting and tax legislation (generally 6 years under the Finnish Accounting Act, Kirjanpitolaki 1336/1997).
  • Communication data: retained for up to 12 months after the inquiry has been resolved, unless a longer retention is required by law.
  • Technical and analytics data: retained for up to 26 months, after which it is anonymized or deleted.
  • Consent records: retained for as long as the consent is valid and for a reasonable period thereafter to demonstrate compliance.

When personal data is no longer needed, it is securely deleted or anonymized.

8. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of access (Article 15): You have the right to request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17): You have the right to request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing (Article 18): You have the right to request that we limit the processing of your data in certain circumstances.
  • Right to data portability (Article 20): You have the right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (Article 7(3)): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) or another competent supervisory authority.

To exercise any of these rights, please contact us at managers@phimlorebrchon.world. We will respond to your request within one month, as required by Article 12(3) GDPR. This period may be extended by two additional months where necessary, depending on the complexity and number of requests.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols.
  • Access controls limiting data access to authorized personnel only.
  • Regular security assessments and monitoring.
  • Secure storage of data with appropriate backup procedures.
  • Employee training on data protection and security practices.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

11. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. The revised policy will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

13. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Lintulahdenkuja 4, 00530 Helsinki, Finland
Website: tietosuoja.fi
Email: tietosuoja(at)om.fi

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us:

Phimlorebrchon
Mannerheimintie 7, 00100 Helsinki, Finland
Email: managers@phimlorebrchon.world