Privacy Policy

Spitzit (business ID 3195328-5), operating the online store at www.oulunpolttopuu.fi using the Webnode platform, processes customer-provided personal data in accordance with this privacy policy. This data is used to fulfill and confirm orders, process deliveries, and for other necessary communications required by law.

General Provisions

1. Data Controller: The data controller, in compliance with the GDPR (General Data Protection Regulation), is Spitzit Oy, business ID 3195328-5, located atwww.oulunpolttopuu.fi (hereinafter referred to as the "Controller").
2. Contact Information: The Controller can be reached via email at [myynti@oulunpolttopuu.fi] or by phone at +358 40 821 1645.
3. Personal Data: Personal data refers to any information that relates to an identified or identifiable natural person.

Source of Personal Data

1. The Controller processes personal data provided by the customer with their consent, collected through the online store for the purpose of fulfilling orders.
2. The Controller processes only the customer's identification and contact information necessary for fulfilling the purchase agreement.
3. The Controller processes personal data for shipping, accounting, and other necessary communications between the parties for the period required by law. Personal data is not disclosed or transferred to other countries.

Purpose of Data Processing The Controller processes the Customer's personal data for the following purposes:

1. Registration on the website www.mittelspitz.fi in accordance with Chapter 4, Section 2 of the GDPR.
2. Processing customer orders (name, address, email, phone number).
3. Complying with laws and regulations arising from the contractual relationship between the Customer and the Controller.
4. Personal data is necessary for fulfilling the purchase agreement. The agreement cannot the Customer, and for three years after the termination of the contractual relationship.
5. The Controller must delete all personal data after the period required for data retention.

Recipients and Processors of Personal Data Third parties processing the Customer's personal data are the Controller's subcontractors. The services of these subcontractors are necessary for fulfilling the agreement on the acquisition and processing of an electronic order between the Controller and the Customer. The Controller's subcontractors include:

• Webnode AG (online store system)
• Shipping company
• Google Analytics (website analytics) 

Customer Rights In accordance with the GDPR, the Customer has the right to:

1. Access their personal data.
2. Rectify inaccurate personal data.
3. Erase their personal data.
4. Object to the processing of their personal data.
5. Data portability.
6. Withdraw their consent to the processing of personal data in writing or by email to [poistettu sähköpostiosoite].
7. Lodge a complaint with a supervisory authority if they suspect a breach of the GDPR.

Data Security

1. The Controller undertakes to implement all technical and organizational measures necessary to protect personal data.
2. The Controller has taken technical measures to secure data storage, such as password protection for computer access, the use of antivirus software, and regular system maintenance.

Final Provisions

1. By placing an order on the website www.mittelspitz.fi, the Customer acknowledges that they are aware of all the provisions of the privacy policy and fully accepts them.
2. The Customer accepts these terms by checking the box in the order form.
3. The Controller may update these Terms at any time. A new, updated version will be published on this website. 
4. These terms shall enter into force on 25.3.2021