Privacy policy
- DATA CONTROLLER AND ITS CONTACT INFORMATION
Data controller: Luna & Lui Ltd (Business ID 3328500-6), address: Tikkurilantie 136, 01510 Vantaa, Finland.
Contact person for personal data matters: info@lunalui.fi.
2. BASIS FOR COLLECTING PERSONAL DATA AND PURPOSE OF PROCESSING PERSONAL DATA
The legal basis for the processing of personal data under the EU's General Data Protection Regulation is a contract to which the data subject is a party, consent given by the individual (documented, freely given, specified, informed and unambiguous) or legitimate interest.
The purpose of processing personal data is to manage the customer relationship, communicate with customers, marketing and similar purposes required for the maintenance of the online store.
We do not use personal data for automated decision-making or profiling.
3. DATA CONTENT OF THE REGISTER AND DATA STORAGE
The customer's first name, last name, street address, postal code, city, country, email address, telephone number and information related to invoicing are stored in the customer register. In addition, the information provided by the customer in connection with the order, such as the product content of the order, payment method and delivery method, is stored in the order information of the online store.
The processing of personal data has taken into account the requirements set by the EU's General Data Protection Regulation (GDPR), which will be complied with as of 25 May 2018, and Finnish legislation.
We store your personal data for as long as is necessary to fulfil the purposes for which the register is used. In addition, some data may be stored for a longer period of time to the extent necessary for the fulfilment of statutory obligations, such as accounting and consumer sales responsibilities.
4. REGULAR SOURCES OF INFORMATION
The data stored in the register is obtained from the customer from messages sent by customers, by email, by phone, through social media services, contracts, customer meetings and other situations in which the customer discloses their data.
5. DISCLOSURE OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR EEA
We may disclose personal data to logistics and payment service partners as well as to the Shopify platform that enables the operation of our online store in order to enable the operation of our online store. We do not regularly disclose information to other parties. The information may be published to the extent that it has been agreed with the customer.
We do not transfer personal data outside the EU or the European Economic Area. If we need to use international service providers who process personal data on our behalf and may transfer personal data outside the EU or EEA, we will enter into appropriate agreements with the service providers to ensure the appropriate processing of personal data and the necessary safeguards to safeguard the privacy of individuals.
6. REGISTER PROTECTION
Care is taken in the processing of the register and the data processed with the help of information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of their hardware is appropriately ensured. The controller ensures that the stored data, server access rights and other information critical to the security of personal data are handled confidentially and only by the employees whose job description includes it.
7. RIGHTS OF DATA SUBJECTS
Every person in the register has the right to check their data stored in the register and demand the correction of any incorrect information or the completion of incomplete information. In addition, a person whose personal data has been stored in the register has the right to request that the personal data concerning him or her be completely erased from the register, and the right to request the restriction of the processing of his or her personal data and to object to the processing in certain situations, as well as the right to transfer the data from one system to another. To the extent that the processing of personal data is based on explicit consent, the individual has the right to withdraw his or her consent at any time.
If an individual wishes to exercise the above-mentioned rights, a specific request must be sent to the controller in writing by email to info@lunalui.fi or by post to Tikkurilantie 136, 01510 Vantaa, Finland. If necessary, the controller may ask the requestor to prove their identity. The controller will respond to the data subject within the time limit laid down in the EU's General Data Protection Regulation (as a rule, within one month). The exercise of the rights is free of charge.
This document was last updated on 5 August 2025.