Privacy policy

Updated 14.03.2025 

CONTENTS:

1. Scope of privacy policy
2. Name of business/ personal information controller
3. Types of personal information and personally related information handled
4. Where personal information and personally related information is acquired
5. The utilization purposes for handling personal information and personally related information
6. Provision of personal information and personally related information to third parties
7. Joint use of personal information and personally related information
8. Transferring personal information and personally related information outside of Japan
9. The security control of personal information and personally related information
10. Principal rights
11. Procedure for handling requests and demands regarding retained personal data
12. Cookies
13. Updating this privacy policy

1. Scope of privacy policy

 

We take the protection of the privacy of our customers seriously, and therefore, the handling of all personal information is done in accordance with the laws that are currently active, especially the Act of the Protection of Personal Information (APPI). We will utilize your personal information and personally related information according to the APPI (as well as other relevant laws, legislation, and guidelines) and will inform you on the different purposes of utilization. This privacy policy statement explains which personal information we handle, how we acquire personal information, and how we utilize it. The privacy policy also details the provision of personal information to third parties, as well as the transferring of the personal information outside of Japan, and the security control of the personal information. This document will also inform you about your rights and the procedure for handling requests.

As additional clarification, as the personal information controller is based in the EU, relevant portions of the General Data Protection Regulation apply to the handling of personal information that the company fulfills within the EU. This provides adequate protection for the handling of personal information. More information on transfers of personal information outside of Japan can be found in its own section.

1. Name of business/ personal information controller

If you have visited or ordered from STR Nordic Oy’s HOHDE website or otherwise contacted us, the personal information controller responsible for the handling of your personal information is:

STR Nordic Oy (VAT number: FI28928265) 

Sarkiantie 409

38200 Sastamala

Finland

Representative:

Tuomas Havukainen, COO

 

1. Types of personal information and personally related information handled

 

The information we have on you is limited to the relationship we have with you. We may have basic contact information on principals (name, postal address, phone number and/or email address). Regarding customers who have ordered from us, we also have your order and payment history, as well as other information related to your customer account. Also, the contact history of principals is recorded, including additional information provided in the contents of emails. Please also see separate information on cookies in the Cookies section.

 

Additional information

 

3.1 Personal information and personally related information of customers and potential customers

 

We have the following information about our customers: name, address, zip code, city, customer ID or website account number (i.e. assigned identifier code used for customer identification of retained personal data), their email address, order history, and potentially their email history if they have contacted our customer service by email. Also information included in possible phone calls made to the number listed in the Commercial Disclosure may be handled. Customers’ information may also be handled for website accounts or sending newsletters. Consumer reviews of products shown on product pages may also contain the customer’s name if the customer has left the review publicly.

We have the name, email address, and/or email history also of principals who are not our customers but have contacted our customer service by some means, signed up for an account on our website, or signed up to receive our newsletters and marketing materials sent by email. 

If applicable, our system saves IP addresses of devices making orders, as well as information collected through cookies (for example, which channel the customer used entering our online store). For more specific information on cookies, see section on Cookies below.

3.2 Special-care required personal information and personal numbers

We do not save special-care required personal information to our customer personal information database (e.g. race, etc.) or personal numbers (My Number). Our current records of email exchanges with customer service may contain sensitive personal information on customers if the customer themself has of their own initiative provided e.g. their health information. This information is not utilized for any additional purposes and we aim to delete this information as soon as possible. Regardless, we ask that our customers do not provide us with this type of sensitive or special-care required personal information.

3.3 Children's personal information

Principally, we do not handle children’s personal information (those under the age of majority to place orders through Ecommerce), as the ordering of products is intended for those able to legally make a contract. However, in Ecommerce sales, we may be unable to check the age of the customer. Nonetheless, if underage children place orders through our website, they must do so with their parents/legal guardians or have their parents’/legal guardians’ consent, especially regarding children 15 years or under.

3.4 Technical data

When placing an order through our website, certain technical information such as log data is collected at that time. 

1. Where personal information and personally related information is acquired

 

We acquire personal information and personally related information directly from our customers and those who contact us or otherwise directly provide us information. This is acquired when customers place orders, as well as when our customer service is contacted, when someone makes an account for the website, or signs up for newsletters and marketing materials. We acquire personal information from customers for consumer reviews. Through social media, we may see your personal information. We also acquire personally related information in the form of information from cookies; see section on Cookies for more information.

Additional information

 

If we have your personal information and personally related information, we have acquired it from you in at least one of the following ways.

 

4.1 Orders

 

If you have placed an order through our website, we have acquired personal information from you.

 

4.2 Contacts

 

If you have contacted our customer service by emailing, contacting us through filling out the contact form on the website, or by using any other channel, our customer service has had to handle your personal information (such as email address, order information, phone number). This may also include phone calls made to the phone number mandatorily listed in the Commercial Disclosure.

4.3 Signups for account or newsletter

Our website offers the possibility of signing up for an account, as well as of subscribing to our newsletter and marketing materials. If you have either signed up for an account or subscribed to our newsletters, we have acquired personal information in order to make the account or to add you to our newsletter mailing list. You may have signed up for an account or subscribed to our newsletter when placing an order, or then separately from making a purchase.

4.4 Product reviews from consumers

Our website includes the possibility of leaving reviews for our products and these possibilities to leave reviews may be included in sent materials as well. If you have decided to leave a review, we have acquired the information you post with your review, which is made publicly available on the product pages for the product and elsewhere on our website and other material linking to the website. This may contain personal information. This has been acquired separately from other information.

4.5 Information visible on social media

We may be able to see the personal information that other Facebook users are also able to see, meaning the names, public pictures, and other information of individual users that they may post on our Page. Personal information is not transferred from the Facebook page or from comment sections to any other system without a separate notification or request from the principal. Generally we encourage principals to contact the customer service email or online form. However, private messages sent through Facebook may end up containing personal information. This is not otherwise acquired or retained in a separate database, but is available in the private messages on Facebook.

 

1. The utilization purposes for handling personal information and personally related information

We utilize the personal information and personally related information of principals for the purposes of providing the services for purchasing products, marketing, shipping products, providing customer service, as well as for developing our overall operation. We utilize personal information to perform email marketing on the basis of consent. We also utilize personal information for training, statistics, product reviews, and to fulfill legal obligations. Information may need to be used for moderation purposes as well in relevant situations.

Additionally, restrictions on utilization of personal information will not apply in the following situations as according to the APPI:

1. When based on laws and regulations (including ordinances).
2. When it is necessary for the protection of a person's life, body, or property, it is difficult to obtain the individual's consent.
3. When it is particularly necessary for the improvement of public health or the promotion of healthy child development, it is difficult to obtain the consent of the individual.
4. When it is necessary to cooperate with a national government organ, local government, or a person commissioned by them in carrying out duties prescribed by law, and obtaining the individual's consent is likely to impede the performance of those duties.

Additional information

 

5.1 Providing the website services

Personal information and personally related information needs to be handled in order to provide the services that the customer or site visitor has requested, e.g. in order for them to gain information on products they are interested in and purchase them through our website. This includes the handling of the IP-address in order to show the website. This also involves the handling of personal information by our consignees/ contractors. 

5.2 Order fulfillment

 

We utilize personal information in order to fulfill orders placed through our website and ship ordered products to our customers. This requires the use of payment gateway providers for the processing of payments. We also use contractors/ consignees who take care of the logistics of shipping and delivering the products to the customer. 

 

We also utilize personal information and personally related information in processing possible product claims and refunds.

5.3 Preventing fraudulent purchases

 

The payment gateway providers we use may utilize additional information for the purpose of preventing fraudulent purchases during the order process. This is also to fulfill the Credit Card Safety Guidelines if so required. 3D Secure measures and any possible handling of additional information related to the authentication of buyers by 3D Secure will be fulfilled by the payment gateway provider. 

5.4 General communications

 

We can utilize your personal information in order to send you notifications concerning the status of your order, possible challenges in supply or shipping, or to otherwise provide customer service-related communications. We may also contact you to respond to your customer service requests. 

 

5.5 Email marketing and newsletters

We utilize personal information to perform email marketing on the basis of consent. Marketing emails and newsletters may contain advertising and offers, as well as other interesting information such as the contents of our blog or tips. Those who receive marketing emails have the opportunity to unsubscribe from any marketing email or newsletter they receive. 

We may also at times include some marketing content in emails to our customers related to important information about their orders or request product reviews in the same manner. Customers will not receive separate marketing emails, however, if they have not subscribed and consented to receiving them.

 

5.6 Statistical reporting, surveys and consumer reviews

 

We compile statistics on sales, customership, and campaigns, which are utilized for sales management. Statistics generally do not involve the processing of anonymous information, rather they either contain no personal information or are only processed as aggregated general data, not as individual anonymous data. We also receive product feedback for product development purposes and perform surveys for the utilization purpose of compiling statistics. If surveys allow for anonymous responses, we request that no personal information is included by those who respond. We do not aim at this time to compile an anonymously processed information database.

It is possible to leave product reviews through surveys or separately through the website. The purpose of product reviews is to share consumers’ reviews of genuine use of products with other customers and potential customers by making them available on the website and materials leading to the website. We may moderate the comments left in consumer reviews and delete comments that are in violation of our Website Terms of Use.

5.7 Accounting and other legal obligations

 

We utilize your personal information to fulfill the regulations of laws, courts, and decisions made by officials. Personal information is regularly handled for the utilization purpose of fulfilling Finnish Accounting Law. Other various legal obligations relate to the retention of information for recordkeeping even if the information is not otherwise actively utilized in the business activities.

5.8 Quality management and personnel training

As we want to provide for quality customer satisfaction, we use time in training personnel in all matters relevant to their responsibilities. Personal information therefore is also handled for the purpose of training new employees and other relevant personnel, as well as for general quality control purposes. Part of this is also a part of the safety control measures for employees handling personal information.

Personal information used for quality management and training may contain information included in customer service processing (such as information in customer service emails), and personal information contained in the retained personal data (such as the customer account and shipping information). In cases of quality management, personal information may be viewed at random to check that the provided service is at the quality we desire or if there is reason to evaluate the handling of a specific customer service or complaint in line with our responsibilities. 

5.9 Responding to requests and complaints

When responding to requests and complaints, customer information needs to be handled in order to confirm identity, make changes to account information, and fulfill other requests of the principal. 

5.10 Targeted marketing

Personal information, personally related information, and the information on your purchases will be utilized to present you with advertisements we believe you will be interested in. This can include analysis or use of information on products either purchased or viewed (browsing and purchase history), which are then used to display advertisements of the same products or other products that are similar or may be of interest to you. This is done online through social media, for example. 

This information related to measurement services and behavioral history may be directly acquired by Meta (Facebook), be retained up to two years according to Meta’s policies, and contain information such as IP addresses. For more information on how you can exercise rights, you can see your Facebook advertisement settings to make adjustments directly through Facebook, or visit http://www.aboutads.info/choices to opt out of use of information for ad targeting. Regarding information that has been collected through the use of cookies, please see our cookie policy. 

5.11 Social media accounts

We can see general information about actions such as likes, visits on our page, comments on posts, private messages, and statistics related to posts, as well as other aggregated information that Facebook provides businesses (such as measuring ads performance). We may utilize this information to respond to comments and private messages, or to collect aggregated information for statistical purposes and reports. 

We also may handle personal information in the course of moderating our social media pages in cases where content posted on the page is in violation of our moderation practices outlined in our Website Terms of Use.

1. Provision of personal information and personally related information to third parties

 

As a general rule, we do not provide your personal information to third parties unless we obtain your consent to the transfer of personal information. Exceptions include those listed in the APPI and other cases listed below.

We transfer information to third party business partners because we use contractors/consignees for different handling such as shipping products, for sales, in managing systems, platforms, when compiling statistics, and to accounting offices for preparing the bookkeeping. When we use consignees/contractors, we only provide them the information they need to be able to carry out their tasks and enter into contacts for the handling of the personal information. When any of the personal information handling activities result in transferring personal information to a contractor, the consignee acts on our behalf as an entrustment according to the contract we have made with the contractor in question. For example, information is transferred to our contractor Shopify Payments during the sales transaction.

Additionally, any transfer of information to authorities is done according to legal obligation. Our contractors may also have legal obligations to fulfill due to the entrustment. We may also need to transfer information within the Group for technical or outsourcing purposes. Any handling by another company in the Group is done on the basis of contract, with another company in the Group acting as a consignee. The company is not able to utilize the information for its own purposes.

Additional information

6.1 Exceptions for transfers to third parties according to APPI

• When required by law
• When it is necessary for the protection of a person's life, body, or property, it is difficult to obtain the individual's consent.
• When it is particularly necessary for the improvement of public health or the promotion of healthy child development, it is difficult to obtain the consent of the individual.
• When it is necessary to cooperate with a national government organ, local government, or a person commissioned by them in carrying out duties prescribed by law, and obtaining the individual's consent is likely to impede the performance of those duties.

6.2 Providing personal information to contractors/consignees

We provide personal information to our contractors/consignees in situations that are related to transactions, deliveries, and certain advertising purposes so that we are able to carry out our services. Contractors/consignees include the following: 

– IT services and technical systems including system maintenance

– Logistics partners

– Transport services

– Payment service providers and gateways when paying with payment cards

– Accountancy offices

– Email, social media, and marketing partners

 

These contractors/consignees listed above cannot utilize the personal information provided to them for their own utilization purposes in any situation. Under strict conditions, they receive only the personal information that is relevant so that they can carry out the service entrusted to them. The contractors handle personal information only for the specific utilization purposes defined by us. We have made appropriate contracts concerning handling personal information and personal information protection with our contractors/consignees.

6.3 Transfers due to Shopify Payments

Our website offers the possibility to pay by credit card through Shopify Payments. Shopify Payments offers an integrated payment service, which transfers to a separate payment processor. Shopify functions as our contractor and transfers the information to Stripe Payments Europe, Ltd. When you pay through Shopify Payments, Shopify is also transferred the payment information of the customer. Stripe is then transferred the following information during a purchase: customer name, address, email address, and payment information. 

Stripe functions as a consignee for the online store in regards to the handling of customer personal information during payment transaction processing. Stripe functions as a separate personal information controller in regards to the handling of retained personal data related to financial payments; these are separately handled by Stripe due to their fulfilling of their own legal obligations as a payment processor, for example. You can read more about how Stripe otherwise handles our customers’ data (“end customer”) from Stripe's Privacy Policy. Additional information and answers to frequently asked questions can be found on Stripe's Privacy Center page.

 

6.4 Releasing personal information to EU or member state authorities

 

In cases where EU or member state law demands it of us, we have the obligation to release personal information of principals to authorities. As the EU has been deemed according to the PPC to have a system that is at the same level as Japan in terms of protecting the rights and interests of individuals, in the rare case this were to be required of us, this would be limited to what is absolutely necessary.

6.5 Third parties’ legal obligations

There are also cases where information that is provided in the course of consignment needs to be handled or retained for longer by the consignee, usually due to legal obligations. Payment gateway providers have their own legal obligations and requirements for the handling of personal information according to EU legislation on payment services. Also our accounting offices are legally responsible for handling bookkeeping records and retaining them to fulfill their legal obligations according to Finnish Accounting Law. The retained personal data is retained only for the purposes designated by laws and regulations applicable to the contractor when fulfilling their services to us.

6.6 Intra-Group Provision of Personal Information as Consignment

Personal information may be transferred within the Group due to allocated employee and system resources. Intra-Group provision adheres to consignment contracts (data processing agreements), and the Group companies acting as consignees/contractors do not utilize the personal information for purposes outside what is stated by the personal information controller. The information is not jointly used or used for the other companies’ own purposes.

6.7 Sales or Involvement in a Merger

In the event that either the personal information controller or the Group it belongs to is involved in a sale or merger, the personal information controller or Group has the right to provide all personal information and retained personal data to the respective parties as a result of the sale. The Group will fulfill such actions if deemed in the interests of the Group in the future, and the information as to the utilization purposes of the retained personal data will be given to the respective party. If the utilization purposes change due to the sale or merger, consent will be asked by the respective party of the principals for the new utilization purposes.

6.8 Targeted marketing

We transfer personal information to Facebook (Meta) for the purpose of targeted marketing/advertising to our customers. This involves the combining of information that we provide to Meta with information they have on the same customer. This involves the transfer of hashed email addresses. In this way we can provide you with the most relevant information on our products that you may find interesting. Meta may also show those who are not our customers advertisements. 

While we may act as the personal information controller of the information we transfer to Meta, Meta is the personal information controller of the personal information that Meta handles separately, including information Meta may have on the same person that Meta then matches with the information we transfer.

1. Joint use of personal information and personally related information

Personal information and personally related information is provided for joint use in the following situations: joint utilization with the parent company of the Group (STR Global Group Oy) according to the definitions of joint personal information controllership (data controller in EU General Data Protection Regulation). Information provided here in this privacy policy focuses on the required information to state on joint use.

Additional information

 

7.1 Intent to jointly use

Personal data that is handled by us is intended to be jointly used by the parent company of the Group in order to provide all of the services to the customer.

7.2 Items of personal data to be jointly used

All items listed above in section 3 Types of personal information and personally related information handled are to be jointly used by the parent company of the Group.

7.3 Scope of joint users

The scope of joint users is limited to the parent company of the Group, STR Global Group Oy. 

7.4 Purpose of use

The purpose of the joint use is to provide the customer service and maintenance of the online store, marketing campaigns, and other such activities that the online store performs that the parent company is responsible for in the operations and makes decisions on. Such operations are listed in this privacy policy as how the personal data is handled.

7.5 Contact information

The name and address of the person responsible for managing the relevant personal data, and the name of the representative:

STR Global Group Oy (VAT number FI23421641)

Sarkiantie 409

38200 Sastamala

Finland

Representative:

Tuomas Havukainen, COO

1. Transferring personal information and personally related information outside of Japan

We are a company located in Finland, located within the European Economic Area (EEA). According to the PPC, data can be transferred internationally to a country located in the EEA, as it is deemed equivalent to the protection of personal information provided by the APPI in Japan. Any transfers of data to other countries require adequate protections of the data in line with the APPI.

We aim to handle as much personal information as possible within the European Economic Area. However, information from our online store is also transferred outside of the EEA because the Shopify servers and services used by the online store are located outside of the EEA. Some handling done by our other contractors also involves transferring information outside of the EEA.

Additional information

  

We use the Shopify -ecommerce platform for our online store. Shopify is not a personal information controller for the handling, but one of our consignees/contractors. Shopify uses servers located outside of the EEA (Canada/USA), where customers’ retained personal data is stored. Shopify Inc. is located in Canada; the European Commission has made a decision of an adequate level of data protection for transfers to Canada. Canada has a comprehensive law in place for the protection of personal information in the private sector. We have signed consignment agreements (data processing agreements) with Shopify, which outline the implemented personal information protection practices to be adhered to in the entrustment. Shopify has signed EU Standard Contractual Contracts with their own contractors, to whom there are onward transfers of data as a part of the consignment agreements. 

Additionally, either we or the contractors we use transfer information to the United States. The European Commission has decided that the EU-US Data Privacy Framework (EU-US DPF) provides an adequate level of protection for the processing of personal information in a third country and covers data that is transferred from the EU to US companies participating in the Framework. This is based on the US Executive Order “Enhancing Safeguards for United States Signals Intelligence Activities”, and the safeguards also apply in situations where a transfer would be based on Standard Contractual Contracts.

Also, the United States and Canada are adherents to the Organisation for Economic Co-operation and Development (OECD) Privacy Guidelines. Additionally, our contractor Stripe Payments Europe, Ltd. is a part of the Cross Border Privacy Rules (“CBPR”) and Privacy Rules for Processor (“PRP”) frameworks, and transfers of personal data are made according to the certifications it has.

Since the transfers are from the EU to another country outside of the EEA, they are done based on one of the following 1) European Commission's adequacy decisions that a country’s personal information protection is at the same level as in the EEA and appropriate consignment agreements (data processing agreements), or 2) EU Standard Contractual Clauses (a type of contract with the consignee), as well as possible supplementary measures, to ensure that the personal information is transferred and handled at the same level as within the EEA. We use the transfer mechanisms required by the General Data Protection Regulation as required by EU law and because the level of data protection in the EEA is deemed to be at the same level as under the APPI in Japan, therefore transfers legal by EU law should fulfill equivalent levels of protection as well. Transfers from our contractors to their own subcontractors require an equivalent level of protection and are assured with appropriate contracts and measures including Standard Contractual Clauses and Adequacy Decisions. Transfers within the EU/EEA are already covered under the GDPR and are deemed adequate according to the PPC.

We regularly monitor that the transfers are made to contractors in countries that are able to implement appropriate levels of data protection standards. If transfers of personal information are not able to be made based on changes to EU adequacy decisions or the measures provided by a consignee/contractor are no longer deemed to be appropriate, we promptly work towards ensuring that the personal information will be transferred to a consignee/contractor who fulfills our requirements for personal information protection outside of the EEA or that the personal information will be handled within the EEA.

1. The security control of personal information and personally related information

 

We protect your personal information and personally related information with necessary and appropriate security controls that ensure that your personal information and personally related information is safe in our systems in order to prevent leakage, loss, or damage of handled personal data. The personal data will be strictly managed and security measures implemented in the following ways:

 

Additional information

 

9.1 Security control of database

Our personal information database is protected with mechanisms to prevent unauthorized access and malicious software. There are additional security measures in place. 

9.2 Security control of employees and the organization

The scope of personnel who can access the personal information database is controlled and the data they can access is controlled. Each employee handling the personal information database has signed a life-long confidentiality agreement regarding the content of the personal information database, and necessary and appropriate supervision of employees is implemented. We have a basic policy, safety procedures, and guidelines within the company for the handling of personal information, and these are regularly reviewed. Employees have been trained according to their own responsibilities in the appropriate handling of personal information and there is appropriate incident reporting established. The correct use of devices and programs has been instructed and ensured through safety measures. Through the guidelines and instructions, employees are aware of the correct manner for acquiring, using, providing, storing, and disposing of personal information.

9.3 Security control of contractors/consignees

The contractor/consignee entrusted with the handling of our systems is responsible for sufficient technical and organizational measures that ensure the physical and technical security of the personal information database. We take care when selecting the entrustees. Our contracts with contractors/consignees define what contractors/consignees are entrusted to do with this personal information and what type of handling they are responsible for. The necessary and appropriate supervision of contractors/consignees is implemented and safety control measures are contained in the contracts with them.

 

 

1. Principal rights

 

If we handle your personal information and you are in our personal information database (i.e. we have retained personal data on you), you have certain rights based on the Act on the Protection of Personal Information (APPI). You have a right to be informed, and you have the right of disclosure (to know what retained personal data we have that identifies you). You also have the right to demand correcting any erroneous retained personal data, deletion of your retained personal data in certain situations, and to cease utilization of retained personal data. In all cases, there may be limitations on how we can respond to your rights, as explained in the Act on the Protection of Personal Information.

You also have the right to unsubscribe from email marketing if you have received marketing emails by subscribing/giving consent. 

 

Additional information

 

10.1 Notification of purpose

The principal has the right to be notified about the utilization purposes for the handling of the personal information and retained personal information. These purposes have been stated in this privacy policy under the section The utilization purposes for handling personal information. This information has also been explicitly brought to the attention of principal at the point of acquiring the personal information; information on the utilization purposes has been stated on the order page, as well as further in the privacy policy. Order confirmation emails also contain reference to the purpose of utilization in the privacy policy.

The principal has the right to request information on the utilization purposes of the retained personal data. If this information has already been provided in this privacy policy, the information will already have been provided. In other cases, we will respond without undue delay to these requests. 

10.2 Disclosure

 

The principal has the right of disclosure where any retained personal data that can identify them needs to be disclosed. The principal also has the right to know when there exists no retained personal data that can identify them. 

The principal has the right to specify by which method they would like the response to disclosure of retained personal data. Please see the section on how we respond to requests for more information.

 

10.3 Correction of retained personal data

 

The principal has the right to the correction or addition (or deletion) of incorrect retained personal data. We will investigate the matter without undue delay and make necessary corrections. 

10.4 Deletion or suspension of utilization

The principal has the right to demand the deletion of retained personal data if the information is incorrect. The principal also has the right to demand the deletion or cessation of utilization in the following cases: 1) when personal information has been handled in situations requiring the consent of the principal and this consent has not been obtained, 2) personal information acquired in a merger has been used outside of the scope of the original utilization purposes and consent for the new utilization purposes has not been obtained, or 3) personal information has been acquired by inappropriate means.

Additionally, if retained personal data that can identify the principal is being provided to a third party without the principal’s prior consent or using the opt-out mechanism provided by the PCC, the principal has the right to demand a cessation of provision of the retained personal data to the third party. If personal data is provided to a third party in a third country without either the consent of the principal or according to the exceptions outlined in the APPI, the principal has the right to demand the cessation of the provision of the personal data to the third party in the third country.

The principal also has the right to demand the cessation of utilization or provision to third parties in the case 1) it is no longer necessary for the personal information controller to utilize the retained personal data that can identify the principal, 2) there is a leakage of the personal data as per the APPI, or 3) the handling of this retained personal data that can identify the principal can harm the rights or legitimate interests of the principal.

 

10.5 You can unsubscribe from email marketing.

If you signed up for marketing emails/newsletters, you can unsubscribe at any time. Every marketing email contains an unsubscribe button in the email, which can be clicked in order to opt-out of receiving email marketing, which will save the setting in our systems that you have unsubscribed from marketing.

 

1. Procedure for handling requests and demands regarding retained personal data

We respond to requests, inquiries, questions, and complaints relating to the different rights principals have concerning retained personal data in the personal information database ”without undue delay”. Requests may relate to disclosure, correction, addition or deletion, and suspension of use of retained personal data, as well as requests for suspension of provision to a third party. We also respond in cases we do not hold retained personal data on the individual. We have also made information known in this privacy policy by posting it on our website and having it be available to the person in advance and in a state that they can know of it.

The department responsible for responding to complaints and inquiries is the Customer Service department. They can be contacted by the customer service email (japan@hohde.fi) or the online contact form on the website.

Additional information

11.1 How you can make a request and how we respond

We ask that requests sent to us are sent by email or the contact form on our website. We primarily handle requests through customer service, though responses can involve including a responsible person in the handling of the request. Complaint handling for complaints regarding the handling of personal information mainly involves customer service handling the complaint, with additional assistance from responsible people. The contact point for such complaints is through the same channels as requests are made.

Responses to requests can be delivered to you once we have sufficiently identified that the person asking for the information is you. The information can be delivered to you by our discretion either by email or postal mail (a paper copy). 

11.2 Fees for disclosures

In the case of fees for disclosure, we charge reasonable fees based on actual administrative costs, such as the amount of employee time and resources used in responding to the request, and any other costs involved, such as the request for registered international or expedited mail sent from Finland. Calculation of the fee is therefore done on a case by case basis depending on the individual factors of the request, for example for requests mailed, what the current postal fees for mailing documents are. You can consult us for an up-to-date estimate of the fees when making your request especially if you request for the disclosure to be mailed to you, or you can initially consult the Finnish postal service (Posti) for current international mail rates. Fees may be made payable by a link sent by email to the online store’s credit card payment processing service for the amount required to cover the costs involved.

11.3 You can file a complaint

 

If you believe that we have violated your right to the protection of personal data, you have the right to lodge a complaint about our activities with us about the handling of your personal information. Please see how you can make a request and how we respond.

1. How do we use cookies

 

Cookies are text files that are stored on the terminal device by the Internet browser. Cookies may have a personal identifier that enables identifying the user. We utilize cookies to ensure that our online services are usable, of high-quality, and that we are equipped to develop these services, and cookies are also used in advertisement targeting. 

 

We have provided more information on why we use cookies, what types of cookies we use, the purpose of use, who acquires the information, and your right to consent to the transfer of information to third parties in our separate Cookie Policy.

1. Updating this privacy policy

 

We update this privacy policy regularly so that we can take into account the advances in the laws and regulations, new circumstances, as well as changes in internal policies and procedures.

 

This privacy policy is visible on our website, and it has a date indicating when it has been updated. Please stay up-to-date on changes in our privacy policy by regularly checking for updates on our website. If major changes have been made to the policy, we will inform you in additional ways in accordance with what changes were made and which principals the changes apply to. We may use, for example, notifications on our website or by email. 

In case the new changes would change the purpose of utilization beyond what is reasonably expected compared to the original use, if it is beyond what is normally excepted from business operations, we will ask for consent from those on whom we already have retained personal data before handling the data for new purposes. Any new customers or other principals are always subject to the current privacy policy posted on our website.