Privacy Policy

Last updated: 11 March 2025

This Privacy Policy describes how Zythorineoaziu (“we”, “us”, “our”) collects, uses, stores and protects your personal data when you use our website https://zythorineoaziu.world (the “Website”) and our services. We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the Finnish Data Protection Act (Henkilötietolaki 1050/2018), and other applicable Finnish and European laws.

1. Data controller

The data controller responsible for your personal data is:

Zythorineoaziu
Mannerheimintie 1
00100 Helsinki
Finland

Email: notifyuse@zythorineoaziu.world
Phone: +35896229930

2. Legal basis for processing

We process your personal data only when we have a valid legal basis under GDPR Article 6. The main bases we rely on are:

• Contract (Art. 6(1)(b)): Processing necessary for the performance of a contract with you (e.g. processing orders, delivering products, customer support).
• Legal obligation (Art. 6(1)(c)): Processing necessary to comply with laws (e.g. tax, accounting, consumer rights).
• Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate interests (e.g. improving the Website, security, fraud prevention), where not overridden by your rights.
• Consent (Art. 6(1)(a)): Where we have asked for and you have given clear consent (e.g. marketing, non-essential cookies).

3. Personal data we collect

We may collect the following categories of personal data:

• Identity and contact data: Name, email address, phone number (if provided), delivery address.
• Transaction data: Order details, payment-related information (e.g. that a payment was made; we do not store full card numbers), purchase history.
• Technical and usage data: IP address, browser type and version, device type, time zone, pages visited, time and date of access, referral source. This may be collected via cookies and similar technologies where you have consented or where strictly necessary.
• Communication data: Messages you send to us (e.g. via contact or order forms), and our replies.

4. Purposes of processing

We use your data for the following purposes:

• To process and fulfil your orders and to communicate with you about your order.
• To provide customer support and respond to your enquiries.
• To send order and shipping confirmations and other service-related messages.
• To comply with legal obligations (e.g. tax, accounting, consumer law).
• To improve the Website, analyse usage and ensure security and fraud prevention.
• Where you have consented, to send marketing communications and to use analytics or marketing cookies.

5. Retention periods

We keep your data only as long as necessary for the purposes above or as required by law:

• Order and customer data: For the duration of the contractual relationship and thereafter as required by Finnish accounting and tax law (typically at least 6 years).
• Contact form and enquiry data: Until the matter is resolved and for a reasonable period for follow-up (e.g. 2 years), unless longer retention is required by law.
• Marketing and consent-based processing: Until you withdraw consent or object, or for the period stated when we obtained consent.
• Technical and access logs: As needed for security and troubleshooting, typically up to 12 months, unless a longer period is required for legal or security reasons.
• Cookie-related data: As set out in our Cookie Policy.

After the retention period, we delete or anonymise your data so that it can no longer identify you.

6. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, including:

• Use of HTTPS and encryption for data transmitted via the Website.
• Access controls and restrictions so that only authorised personnel can access personal data.
• Secure storage of data and regular review of our security practices.
• Where we use service providers (e.g. hosting, payment), we choose providers that offer adequate safeguards and, where required, conclude data processing agreements.

7. Sharing and transfers of data

We may share your data with:

• Service providers: Hosting, email delivery, payment processing, shipping and logistics, and support tools. These processors act only on our instructions and are bound by contract to protect your data.
• Authorities: When required by Finnish or EU law (e.g. tax, police, data protection supervisory authority).

We do not sell your personal data. If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards (e.g. adequacy decision, standard contractual clauses) in line with GDPR Chapter V.

8. Your rights under GDPR

You have the following rights in relation to your personal data:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): You may request deletion of your data in certain cases (e.g. where it is no longer necessary, or you withdraw consent).
• Right to restriction of processing (Art. 18): You may request that we limit how we use your data in certain situations.
• Right to data portability (Art. 20): Where processing is based on contract or consent and is carried out by automated means, you may request to receive your data in a structured, commonly used format.
• Right to object (Art. 21): You may object to processing based on legitimate interests or to processing for direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), https://tietosuoja.fi.

To exercise any of these rights, please contact us using the details in section 1. We will respond within one month, unless the request is complex or numerous, in which case we may extend by up to two further months and will inform you.

9. Cookies and similar technologies

Our use of cookies and similar technologies is described in our Cookie Policy. You can manage your preferences via our cookie banner and cookie settings.

10. Children

Our Website and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will be revised when changes are made. We encourage you to review this page periodically. Material changes may be communicated via the Website or by email where appropriate.

12. Contact

For any questions about this Privacy Policy or our processing of your personal data, please contact us:

Zythorineoaziu
Mannerheimintie 1, 00100 Helsinki, Finland
Email: notifyuse@zythorineoaziu.world
Phone: +35896229930