Privacy Policy for Kivikoi
We are committed to protecting your privacy and ensuring that your personal data is handled safely and responsibly.
This Privacy Policy outlines the types of personal data we collect, how we use it, and the rights you have over your personal information.
(Updated 21.03.2025)
Who we are
Our website address is: https://kivikoi.com
If you have any questions or concerns about your privacy, or if you wish to exercise your data rights, please contact us:
Nellie Inkinen
nellie@kivikoi.com
Hallimestarinkatu 26, 20780 Kaarina, Finland
Kivikoi (3209590-5)
Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) is the individual’s consent (documented, freely given, specific, informed, and unambiguous), a contract in which the data subject is a party, a legal obligation, the performance of a task carried out in the public interest, or the legitimate interest of the data controller (e.g., customer relationship, employment, or membership).
Personal data stored in Kivikoi’s customer register is used for maintaining and managing customer relationships, handling orders and purchases, as well as for marketing, analysis, and development purposes. Your data is stored in the customer register when you register as a Kivikoi customer, contact us through the contact form, subscribe to our newsletter or other content, purchase Kivikoi products, provide your data to us with consent for marketing (for example, via a form at an event), participate in a giveaway organized by Kivikoi, or sign up for one of our events.
No automated decision-making or profiling is performed using the collected data.
Contents of the Register
What personal data is collected?
The following data may be stored in the register: first and last name, contact details (phone number, email address, street address, postal code, city, country), preferred language and currency during transactions, website addresses, IP address of the network connection, usernames/profiles on social media platforms, information about ordered services and any changes to them, billing details, and other information related to the customer relationship and ordered services.
For business customers, additional data such as company/organization name, business ID, and VAT ID may be collected. Order data may also include customer-provided details at the time of purchase, such as order contents, selected payment method, and delivery option.
If you do not wish for your contact information to be used for marketing purposes, please contact us at nellie@kivikoi.com.
Kivikoi.com collects certain user-specific information using cookies. A cookie is a small text file sent to the visitor’s browser, typically containing an anonymous identifier. Cookies do not reveal the identity of the visitor.
How is personal data used?
Personal data may be used for the following purposes:
– Managing the customer relationship
– Improving customer experience
– Fulfilling, processing, and archiving orders
– Statistical analysis
– Marketing purposes
– Website functionality
– Analyzing visitor traffic
The legal basis for processing personal data is a contract, consent, or legitimate interest.
The processing of personal data complies with the requirements of the EU General Data Protection Regulation (GDPR), effective from May 25, 2018.
How long is personal data stored?
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.
In some cases, data may be retained for a longer period if required by law (such as for accounting or consumer transaction obligations).
Regular Sources of Information
The information stored in the register is obtained directly from the customer, for example, when a customer relationship begins, through messages submitted via website forms, by email, phone, through social media platforms, contracts, customer meetings, and other situations where the customer voluntarily provides their data.
Disclosure and Transfer of Data Outside the EU/EEA
Customer register data is used exclusively by Kivikoi. Information may be disclosed or shared with third parties only as agreed upon with the customer. We share personal data with logistics and payment service partners when necessary to facilitate our operations.
Kivikoi does not, under any circumstances, sell customer data.
Personal data is not transferred outside the EU or EEA, unless it is required for the technical implementation of the website, provision of value-added services, invoicing, credit decisions, or to fulfill legal obligations. Customer data will be deleted from our register upon request, unless retention is required by law, unpaid invoices, or collection processes.
Principles of Register Protection
Data is stored in an electronic system. We handle all register data with care, and information processed through IT systems is protected appropriately. When data is stored on internet servers, both the physical and digital security of the hardware is ensured accordingly.
The data controller ensures that stored data, access rights to servers, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes such tasks. The system is protected by appropriate security measures.
We take all reasonable and necessary steps to ensure that all data in our customer register is processed securely and with confidentiality.
Right to Access and Rectify Data
Every individual whose personal data is stored in our register has the right to request access to their data and to correct any inaccuracies or complete any incomplete information. The data subject also has the right to withdraw previously given consent for data processing at any time and to request the deletion of their data if there is no longer a legal basis for its processing.
Requests must be submitted in writing to the data controller, who may ask the requester to verify their identity. The data controller will respond within the timeframe set by the EU General Data Protection Regulation (typically within one month).
Other Rights Related to Personal Data
Data subjects also have the “right to be forgotten,” meaning they may request the deletion of their personal data from the register. Furthermore, individuals have all other rights provided by the EU GDPR, including the right to restrict the processing of personal data under certain conditions.
All such requests must be submitted in writing to the data controller. The data controller may ask the requester to verify their identity. Requests will be handled within the timeframe set by the GDPR (typically within one month).
Kivikoi reserves the right to modify this privacy policy at any time, as needed to correct errors or to comply with new legal or technical requirements.
