Free shipping for over 100 € orders | 60 days free return policy

Currency: EUR

PRIVACY POLICY

Privacy and Data Protection Policy in accordance with the EU General Data Protection Regulation (GDPR).
Created on: 26 February 2022.
Updated on: 29 May 2025.

1. Data Controller
Company: Daughter of the North Oy
Address: Lönnrotinkatu 1 C
City: 87100 Kajaani
Phone: +358408279281
Email: hello@daughterofthenorth.fi
Business ID: 3261056-7

2. Register Name
Customer Register of Daughter of the North Oy

3. Purpose of Data Processing and Register Use
The personal data in the register is processed for the following purposes:

  • Managing customer relationships
  • Processing and delivering orders
  • Billing (if applicable)
  • Customer loyalty benefits
  • Direct marketing (only with consent)
  • Analyzing and developing website usage
  • Implementing targeted advertising (only with consent)

4. Data Stored in the Register
The customer register contains the following information:

  • Consumer Customers:
    • First name, last name
    • Home address or alternative delivery address
    • Phone number
    • Email address
    • Information about purchased products/services
  • Business Customers:
    • Company name
    • Visiting and billing addresses, and any electronic invoicing information
    • Phone number and possible fax number
    • Email address
    • Business ID
    • Information about purchased products/services
  • Company Contact Persons:
    • Name
    • Address
    • Email address
    • Phone number

5. Data Subject Rights
Data subjects have the following rights, which can be exercised by submitting a written request to:
Daughter of the North Oy
Lönnrotinkatu 1 C
87100 Kajaani
+358408279281
hello@daughterofthenorth.fi

  • Right to Access: Data subjects can check the personal data we have stored about them.
  • Right to Rectification: Data subjects can request correction of inaccurate or incomplete data.
  • Right to Object: Data subjects can object to the processing of their personal data if they believe it has been processed unlawfully.
  • Right to Erasure: Data subjects can request deletion of their personal data if the processing is no longer necessary. However, data related to accounting must be retained for 10 years as per the Accounting Act.
  • Withdrawal of Consent: If the processing is based solely on consent, data subjects can withdraw their consent at any time.
  • Right to Lodge a Complaint: Data subjects can lodge a complaint with the Finnish Data Protection Authority if they believe their data protection rights have been violated.

6. Regular Sources of Data
Customer data is regularly obtained from:

  • The customer themselves when the customer relationship is established.
  • The customer themselves via online forms.

7. Regular Disclosures of Data
Data is not disclosed to external parties for marketing purposes. Data may be disclosed in the following cases:

  • To payment intermediaries when the customer places an order.
  • To delivery services if the chosen delivery method involves delivery to a pickup point, post office, or home delivery.
  • To credit institutions if the customer chooses a payment method involving credit.
  • To debt collection agencies if invoices become overdue and are handed over for collection.

8. Data Retention Period
Personal data is processed as long as the customer relationship is active. For product purchases, the customer relationship is considered to last for the duration of the warranty/liability period.

9. Data Processors
Personal data is processed by the data controller and their employees. We may also outsource server maintenance and partial data processing to third parties, ensuring through contractual arrangements that personal data is processed in accordance with applicable data protection legislation.

10. Cookies and Tracking Technologies
The website uses cookies and similar technologies to collect information about website usage to improve user experience, ensure website functionality, perform analytics, and conduct targeted advertising. Cookies may be essential or non-essential (e.g., analytics or advertising).

  • Essential Cookies: These include cookies necessary for the basic functioning of the website, such as session cookies and security-related cookies.
  • Non-Essential Cookies: These include analytics cookies (e.g., Google Analytics) and advertising cookies (e.g., Meta Pixel, Google Ads). These cookies collect information about user behavior and may involve data transfers to third parties.

Cookie consent is obtained through a cookie banner before non-essential cookies are placed. Users have the right to refuse non-essential cookies or change their consent preferences later.
Change consent preferences

11. Transfers of Data Outside the EU/EEA
Some international service providers (e.g., Google, Meta) are used, and personal data may be transferred outside the EU/EEA. We ensure that such transfers comply with applicable legislation, for example, by using standard contractual clauses approved by the European Commission or ensuring that the recipient is part of the EU-U.S. Data Privacy Framework.

12. Automated Decision-Making and Profiling
We do not use personal data for automated decision-making. However, we use information collected via cookies for profiling to target advertising, provided the user has given consent.

13. Data Security Principles
Manual records are stored in secure locations. Digitally stored data is in databases protected by firewalls, passwords, and other technical measures. The register is only accessible to individuals whose duties include its use and who are bound by confidentiality obligations. Each user has a personal username and password.

14. Changes to the Privacy Policy
We reserve the right to change this privacy policy if processing purposes, legislation, or technical solutions change. Significant changes will be announced on the website or via email if appropriate.

Join the Daughters of the North

Gift cards used in the shopping cart