Storefront logo
Cart 0

Privacy Policy

Storefront · Updated 12.6.2025

1. Data Controller

DigiSpell (sole trader / yksityinen elinkeinonharjoittaja)
Business ID: 1234567-8
Email: hello@storefront.dataveli.com

2. Purposes and Legal Basis for Processing

  • Order processing — necessary for the performance of a contract (GDPR Art. 6(1)(b)).
  • Customer account management — necessary for the performance of a contract (GDPR Art. 6(1)(b)).
  • Accounting and invoicing — legal obligation under the Finnish Accounting Act and VAT Act (GDPR Art. 6(1)(c)).
  • Customer service communication — necessary for the performance of a contract (GDPR Art. 6(1)(b)).
  • Behaviour tracking and analytics — based on your consent only (GDPR Art. 6(1)(a)).

3. Personal Data Collected

  • Name, email address, phone number
  • Delivery address (street address, postal code, city, country)
  • Password (stored as a bcrypt hash — the plain password is never stored)
  • Order history (products ordered, prices, delivery address, payment method)
  • Cookie and behaviour data (only with consent)

4. Data Retention

Personal data is retained for seven (7) years from the date of the last order or last account activity. This matches the document retention requirement under the Finnish Accounting Act (Chapter 2, Section 10). Behaviour tracking data is deleted after 90 days.

5. Data Sharing

Personal data is shared with the following payment service providers for order processing:

  • Paytrail Oyj (Checkout Finland Oy) — Finnish payment service
  • Stripe, Inc. — card payments; data transfer outside the EU takes place under EU Standard Contractual Clauses (SCCs)
  • PayPal Holdings, Inc. — PayPal payments; data transfer outside the EU takes place under EU Standard Contractual Clauses (SCCs)

Data is not shared with any other third parties for marketing purposes.

6. Your Rights

  • Right of access — you can download your data from your account page (/account/export).
  • Right to rectification — you can edit your data in your account settings (/account/profile).
  • Right to erasure — you can request account deletion from your account page (/account/delete).
  • Right to data portability — you can download your data in JSON format (/account/export).
  • Right to object — contact us by email to request removal of tracking data.
  • Right to withdraw consent — you can update your cookie preferences at any time using the cookie panel.
  • Right to complain — you may lodge a complaint with the Finnish Data Protection Ombudsman: tietosuoja.fi.

7. Security

All data transmission uses HTTPS. Passwords are stored as bcrypt hashes. Orders and payment records are stored in a secured database. Card data is never stored — card processing is handled exclusively by Stripe and PayPal (PCI DSS compliant).

8. Cookies

We use cookies. See the Cookie Policy for details.

9. Changes to This Policy

We reserve the right to update this policy. Significant changes will be announced on this site. Last updated: 12.6.2025.

10. Contact

For privacy matters please contact: hello@storefront.dataveli.com