Privacy policy

Last updated: 8.11.2023

General

Fantastic Design Oy ("we" and similar expressions) operates an online store at fantastinen.ai. When a user of our services ("you" and similar expressions) uses our services, we collect, use and share your personal information as described in this policy. By personal data, we mean any information relating to an identified or identifiable natural person, hereinafter also referred to as "data subject". An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number or to one or more factors specific to that natural person.

1. Data controller and contacts

Fantastic Design Oy (Business ID: 2293750-7)
Toinen linja 19 A 24
00530 Helsinki

If you have any questions regarding this privacy policy, including regarding your rights as a data subject, you can contact our customer service at email address support@fantastinen.com.

2. Changes to the PRIVACY POLICY

We may update this privacy policy from time to time to reflect changing legal, technical or business matters. When we update the privacy policy, we will aim to inform you about it in a manner that is required by the significance of the changes.

3. Personal data we process

We may collect, use, store and transfer or otherwise process the following types of personal data about you:

Contact details

Your contact details, such as name, email address, phone number, and postal address.

Order details

Information related to your order, such as your name, billing address, shipping address, payment information, payment confirmation, email address and phone number.

Account details

Information associated with the account you created, such as your username, password, and security questions.

Shopping information

Information related to your purchases, such as products you view, place in a shopping cart or add to your wish list.

Customer support information

Other information related to your customer relationship that you provide to us when communicating with our customer service.

Usage data

Information about how you use our websites and services, such as the URLs you visit, your IP address, browser type and version, as well as information about how and when you use our websites, such as the date and exact time, and other information about your interaction with our websites.

We may also collect, use and disclose aggregated anonymized data for any purpose. Such information, such as demographic and statistical information, may be derived from your and other customers' personal data, but can no longer be linked or returned to identifiable individuals and is therefore no longer considered personal data.

4. How we collect personal data

We collect your personal data in the following ways:

  • Personal data you provide: Information that you give or provide to us, for example, through our website or by email or telephone. For example, you may provide information when you create your subscription or account, contact our customer service, or share information by adjusting your service settings.
  • Automated technologies: We may automatically collect usage and technical information as well as certain user account information based on your use of our websites and services. We may also use user account and usage data to derive profiling information about you.
  • Third parties and public sources of information: We may receive information about you from the following third parties:
    • Transaction and technical information from our technical and payment service partners.
    • Technical information from our web analytics and advertising service providers

Please note that where we need to collect certain information based on law or a contract between us and you do not provide such information at our request, we may not be able to provide you with the services you have requested.

5. How we process personal data

Below we explain the purposes for which we may process your personal data and the legal bases on which our processing is based. As a general rule, our processing is based on the following legal bases:

  1. Contract: We process your personal data on this basis when the processing is necessary for the performance of a contract between us, in particular your order.
  2. Legitimate interests: We process your personal data on this basis if the processing is not based on any other basis mentioned in this section and is necessary for the purposes of our legitimate interests or those of a third party, unless such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of personal data.
  3. Legal obligation: We process your personal data on this basis when the processing is necessary for compliance with our legal obligation.
  4. Consent: Your separately obtained consent is needed to place cookies on your device, e.g. to collect web analytics or target online advertising. Our website provides a separate feature that allows you to manage your consent on the site. Please note, however, that cookies that are necessary for the operation of the website or any other service you wish to provide do not require consent.

We may base the processing of your personal data on more than one or more alternative legal bases, depending on the specific factors of the situation, the data processed and the purpose for which we process your data. If you would like detailed information on the legal bases on which we base our processing in certain circumstances and/or in relation to certain data, you can contact us as described above.

Purpose of processing

Categories of personal data

Legal basis for processing

To provide our services, including e-commerce and customer service

Contact details, order details, account details, customer support information, usage data

(a)   Agreement

(b)   Legitimate interests (provision of services, conduct of business)

Analysing and improving the usability of our websites and services (including, for example, maintenance, troubleshooting and problem solving, logging, testing, analytics) and ensuring data security

Account details, order details, customer support information, usage data

(a)   Legitimate interests (developing our services, ensuring data security)

Maintaining our customer relationship, communicating with you and storing related data

Contact details, order details, account details, customer support information

(a)   Legitimate interests (maintaining the customer relationship)

Marketing and promotion, including providing and marketing relevant products and services to you, targeting and presenting relevant content and marketing, measuring the effectiveness of marketing and advertising

 

Contact details, account details, order details, usage data

Legitimate interests (marketing our services)

Consent (where required by law)

General management and administration of our business (e.g. collection of receivables and accounting and tax obligations)

Contact information, order details, customer support information

(a)   Legitimate interests (conduct of business)

(b)   Legal obligations

 

In addition to the above, we may, if necessary, process your personal data for the establishment, exercise, substantiation and defence of legal claims. Such processing is based on our legitimate interests or those of another party, in particular to safeguard the rights of us, you or third parties (e.g. other users of our services). If necessary, we may also process your personal data for risk management purposes and to obtain professional advice. The applicable legal basis in this regard is our legitimate interest in protecting our business from various risks.

6. Disclosure of data and international transfers

To the extent and only to the extent necessary to fulfil the processing purposes set out above, your personal data may be disclosed to the following recipients and categories of recipients:

  • With our e-commerce service provider, Shopify International Limited, and service providers used to provide the online store, such as cloud service providers, for the processing of data from our services.
  • Print service provider, Gelato ASA, and service providers used for printing and delivery, such as cloud service providers, software service providers, print partners and transport service providers for data processing on our behalf.
  • Payment service providers such as Shopify International Limited and Paytrail Oyj for data processing on our behalf.
  • To our service providers to provide accounting, financial management, ICT, legal and other similar customary services to us.
  • To buyers and potential purchasers (and similar entities, as well as their respective agents and advisors) in connection with any (potential) acquisition, stock transaction, merger or similar corporate arrangement concerning us, provided that the information is used in accordance with this Statement and only to the extent necessary in connection with such arrangement.
  • Competent courts and authorities and third parties in accordance with the law and where, in our sole discretion, disclosure of your personal information is necessary to defend your vital interests or those of others, or to comply with the law, or to protect, defend or safeguard our rights, including when we apply or enforce the terms of our Services or other agreements between us, or to investigate and combat the possibility of our Services; misuse or to protect the rights, property or safety of us, our users or third parties. This also includes the possible exchange of information with other organisations in order to combat fraud and other criminal activities.
  • To other persons – but only with your consent, unless otherwise required by law.

We store your personal data in secure locations and servers mainly within the European Economic Area. Your personal data may be transferred outside the European Union and the European Economic Area in cases where the European Commission has determined that the country in question ensures an adequate level of data protection, or where we have put in place appropriate safeguards and safeguards to ensure that your personal data is protected in accordance with applicable legislation, such as applying the European Commission's Standard Contractual Clauses to international transfers and any additional safeguards necessary on a case-by-case basis. In individual cases, international data transfer may also be based on your separate explicit consent or for the performance of a contract between us or for the implementation of pre-contractual measures at your request, or on another basis for transfer in accordance with the EU's General Data Protection Regulation. You can contact us for more information about the transfer bases and safeguards we apply from time to time.

7. Data retention

We will only retain your personal data for as long and to the extent that we have a legitimate business reason to retain it for the purposes mentioned above.

In order to determine the appropriate retention period, we consider and weigh the scope, nature and sensitivity of the personal data we process, the potential risk of harm or damage caused by unauthorized access or disclosure, the purposes for which the data is processed, and applicable legal requirements. We also regularly evaluate the personal data we hold and, to the extent that we deem it unnecessary, we either delete or anonymise that personal data or, if this is not possible – for example, to the extent that the data is stored in backup copies – we will keep the data secure and further prevent its processing until deletion is possible.

As a general rule, we store personal data related to an individual customer relationship only for the duration of the customer relationship and for a reasonable time after the customer relationship has ended, so that we can, for example, respond to customer inquiries, resolve open questions related to the customer relationship or prepare for possible legal issues related to the customer relationship. This retention period is usually three (3) years from the end of the customer relationship, unless there is a reason to continue storing certain data during this period, for example to resolve an outstanding claim.

However, some personal data will be stored longer than the aforementioned period insofar as we consider that the storage is necessary to comply with applicable laws and regulations or in order to safeguard our rights, those of our customers or partners. Certain information, for example in relation to retention obligations in the field of accounting and taxation, must generally be retained for six (6) years from the end of the relevant financial year. If you require detailed information about retention periods in specific circumstances and/or in relation to specific personal data, you can contact us as described above.

8. Safety

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of protecting your personal data, including, where appropriate, encryption of personal data, procedures to ensure the ability to ensure the continued confidentiality, integrity, availability and fault tolerance of processing systems and services, and the ability to quickly restore data availability and access in the event of physical or technical failure, and procedures for regularly testing, examining and evaluating the effectiveness of technical and organisational measures to ensure the security of data processing. In assessing the appropriate level of security, we pay particular attention to the risks involved in the processing, in particular as a result of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

We also strive to ensure that any person acting under our authority or on our behalf who has access to personal data will only process it in accordance with our instructions. We ensure that only those employees and employees of service providers acting on our behalf have access to the data for whom it is necessary for the performance of their duties.

9. Rights of the data subject

Unless otherwise stated below, you may exercise your rights below by contacting our customer service as described above.

Access, rectification and deletion of data: You have the right to inspect the personal data stored about you. As a general rule, the exercise of the right of inspection requires verification of your identity. However, the right of inspection may be restricted on grounds such as legislation, the privacy of other parties, trade secrets or the protection of intellectual property rights. At your request, we will rectify, supplement or delete personal data that is incorrect, incomplete or outdated in terms of the purpose of processing personal data.

Data portability: You may choose to receive in a structured, commonly used and machine-readable format the personal data you have provided that we process automatically on the basis of consent or contract.

Right to prohibit direct marketing: You can prohibit the processing of your data for direct marketing purposes by clicking the link at the end of the marketing email or by contacting our customer service.

Right to object and restrict: You may object on grounds relating to your personal situation to the processing of personal data based on legitimate interest. In such a situation, the processing may, at your request, be restricted for as long as we assess the grounds you have presented to object to the processing. Processing may also be restricted, for example, if you contest the accuracy of your personal data, in which case the processing will be restricted for a period during which we can verify the accuracy of the data.

Withdrawal of consent: You may withdraw your consent to the processing of your personal data at any time by contacting our customer service or, in some cases, by other separately provided means. Please note that only part of the processing of your personal data is based on your consent.

Right to complain: If you consider that your personal data has been processed in violation of applicable legislation and the matter cannot be resolved to your satisfaction in dialogue with us, you may refer the matter to the competent authority (https://tietosuoja.fi/en/home).