Privacy policy

1. Privacy policy

Personal Data Act(523/99) 10 §
Composition date 20.5.2020

1.1. Data Controller

Mercatus Oy
Likolammentie 14
70460 KUOPIO

1.2. Data Protection Officer

Mercatus Oy
Maria Kinnunen
+358 442917712

1.3. Registry name
Lovanna Lingerie's webshop user registry

1.4. Purposes of processing personal data

Personal data stored in Lovanna Lingerie's webshop user registry is used for customer relations, contancting, billing, shipping and marketing management regarding Lovanna.

1.5. Contents of the registry

Information collected in the registry are provided by users. This includes the following:
- Authentication information
- Contact information
- Payment and payment method information
- Information on consenting or blocking marketing

In addition, registry collects analytical data provided by the use of the service on following categories:
- Purchase and case entries
- Shipping information
- Product ratings
- Browsing and usage information, Terminal identification

1.6. Regular sources of information

Data Controller collects information input by the user when using the webshop, and also purchase and  case information.

1.7. Regular data transfers and data transfers outside the EU or the European Economic Area

We can cede some necessary regular data to third parties. Voimme luovuttaa joitain välttämättömiä säännönmukaisia tietoja kolmansille osapuolille. Data transfers outside the EU or the EEA.
We can admit information to the following third parties:
- Shipping Agent (shipping information for a successful delivery)
- Email marketing partner (allows sending our subscription letter to those who have ordered it)
- Payment intermediary
- Google (analytics, information on how our website is used)
- Facebook (targeted marketing)
- Shopify (to ensure functioning of our webshop)

1.8. Registry Security Principles

Lovanna Lingerie's webshop user registry information is saved in data controller's system. Accessing the system requires authentication. Only pre-determined employees of Mercatus Ltd have access to read and use the registry.

1.9. The Data subject's right of prohibition

Data subjects have a right to prohibit data controller from using their personal information regarding direct advertising, remote sales and other marketing related activities such as opinion polls, matriculation or genealogy. Request for prohibition should be done in writing and sent to data protection officer.

1.10. Right of inspection of the data subject

Data subject has a right to inspect the information saved in the register regarding the data subject in question and get a copy of the information. Inspection request should be done in writing and sent to the data protection officer.

1.11. Correcting information

Data controller corrects, removes or supplements data subject's processing-wise faulty, useless, inadequate or obsolete personal information from the register on it's own initiate or by request of the data subject. Data subject should be in contact with the Data Protection officer for correcting information.