We collect information about you during the checkout process on our store.
What we collect and store
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
What we share with others
We share information with third parties who help us provide our orders and store services to you; for example —
Paytrail Processing personal data
PAYTRAIL AS THE DATA CONTROLLER
The handling of personal data by Paytrail is based on the criteria defined in the legislation regulating the operations of payment institutions or on an individual’s own consent. Personal data shall be processed in accordance with good data processing practices and the principles of the data protection regulation. Our staff is continually trained and instructed to act in a secure manner and with regard to data protection. Our staff is also bound by banking secrecy.
Personal data is used for the purposes described during its collection within the limits of legislation. More information on information handling and registered individuals’ rights are available in the register-specific privacy policies.
The processing of personal data at Paytrail is guided by documented procedures. The use of information systems is controlled by the user management solution and the principle of minimal access rights.
PAYTRAIL AS A PROCESSOR OF PERSONAL DATA
For payments the payer’s personal data is supplied to Paytrail, the party submitting the payment information (e.g. an online store) acts as the data controller and Paytrail as a processor of the personal data.
To support our customers in data protection work, we offer a data processing agreement as an appendix to our payment service agreement that provides guidance on the processing personal data. The agreement also defines the rights and obligations between the controller and the data processor regarding the personal data processed in the payment service.
PROCEDURES IN EXCEPTIONAL SITUATIONS
Paytrail has a data security policy that defines protocol for potential exceptional situations. As a payment institution, Paytrail is also bound by the Financial Supervisory Authority’s regulations and guidelines regarding data security.
If we suspect or notice any data security risk, we will investigate the issue immediately. Communications will be handled primarily by email to the contact persons named for Paytrail. In accordance with the data protection regulation, any personal data breaches shall be reported as soon as possible to the supervising authority, applicable data controllers, and if necessary, to the registered individual.