Privacy Policy

Last edited: 13.6.2025

1. What Personal Data We Collect

We currently collect and process the following personal information:

  • Name, email address, mailing address, payment details, and other contact details.

  • Information provided when placing an order, subscribing to a newsletter, browsing the website, or entering details in a contact form.

  • Comments and associated data (IP address, browser user agent string) for spam detection.

  • Data collected through cookies and analytics tools.

2. How We Collect and Use Your Data

We collect your data for the following purposes:

  • To process transactions securely.

  • To provide customer support and respond to inquiries.

  • To send marketing emails if you opt-in.

  • To analyze website performance and improve user experience.

  • To comply with legal and regulatory requirements.

The lawful bases for processing under GDPR are:

  • Consent – You may withdraw consent at any time by contacting kaisa@kaisahart.com.

  • Contractual necessity – Processing is required to fulfill a contract (e.g., order processing).

  • Legal obligations – Compliance with legal requirements.

  • Legitimate interests – Necessary for running and improving my business.

3. Cookies and Tracking Technologies

We use cookies for:

  • Remembering user preferences.

  • Improving website functionality and security.

  • Analytics and marketing purposes.

You can control or disable cookies through your browser settings. Non-essential cookies (such as analytics and marketing cookies) will only be used with your consent, which is obtained through our cookie banner. For more details, please refer to our [Cookie Policy].

4. Third-Party Services & Data Sharing

We use third-party services that process your data:

  • Payment Processing: Stripe & ThriveCart – Securely handle transactions.

  • Email Marketing: MailerLite – Manages newsletters and email communications.

  • Advertising & Analytics: Meta (Facebook & Instagram Ads), Pinterest Ads – Track ad performance and user interactions.

We do not sell or rent your personal data to third parties.

5. International Data Transfers

Some of our third-party service providers may process personal data outside the European Economic Area (EEA), including:

  • MailerLite – Adheres to GDPR via Standard Contractual Clauses (SCCs).

  • Stripe & ThriveCart – Comply with GDPR through SCCs and other safeguards.

  • Meta & Pinterest Ads – Participate in the EU-U.S. Data Privacy Framework for data protection.

For details, please see the privacy policies of these providers:

6. Data Retention

  • Transaction records are kept for at least 6 years for legal compliance.

  • Comments and associated metadata are stored indefinitely.

  • Email marketing data is retained until you unsubscribe.

7. Your Data Protection Rights

Under GDPR, you have the right to:

  • Access your personal data.

  • Request correction of inaccurate data.

  • Request deletion of data (subject to legal obligations).

  • Restrict processing under certain conditions.

  • Object to data processing where applicable.

  • Request data portability.

To exercise your rights, contact: kaisa @ kaisahart.com

We will respond to your request within one month, as required under GDPR.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a data protection authority.

8. Security Measures

We use SSL encryption and industry-standard security measures to protect your data. Payments are processed securely through third-party gateways.

9. Supervisory Authority Contact

If you have concerns about data protection, you may contact the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman Email: tietosuoja@om.fi
Website: https://tietosuoja.fi/

10. Contact Information

Kaisa Hart

Email: kaisa@kaisahart.com
Address: Turku, Finland

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) (EU) 2016/679 and Finnish data protection laws.