Privacy Policy

I. Name and Address of the Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states, as well as other data protection provisions, is: Riikka Laakso Böcklinstr. 10 10245 Berlin Tel.: +49 178 5339145 Email: shop@riikkalaakso.com Website: shop.riikkalaakso.com

II. General Information on Data Processing

1. Scope of Processing of Personal Data We collect and use personal data of our users and customers only as far as it is necessary to provide a functional website, our services, to process contracts concluded with you in our online shop, and for advertising purposes within the framework of applicable law. Personal data is collected and used only with the consent of the user or if the processing of the data is permitted by legal regulations. 2. Legal Basis for the Processing of Personal Data If we obtain the consent of the data subject for processing personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures. If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override this interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis. 3. Data Deletion and Storage Period The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a contract conclusion or fulfillment.

III. Log Files When Visiting the Website

1. Description and Scope of Data Processing When you visit our website shop.riikkalaakso.com, information is automatically sent by the browser used on your end device to our server. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automated deletion: – IP address of the requesting computer – Date and time of access – Name and URL of the accessed file – Browser used and, if applicable, the operating system of your computer 2. Purposes of Data Processing The mentioned data is processed by us for the following purposes: – Ensuring a smooth connection of the website – Ensuring comfortable use of our website – Statistical evaluation – Evaluation of system security and stability 3. Legal Basis for Data Processing The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes of data collection listed above. Under no circumstances do we use the collected data to draw conclusions about your person.

IV. Contracts in Our Online Shop

1. Description and Scope of Data Processing For contract conclusions in our online shop and pre-contractual measures, it is necessary for us to process your personal data to properly fulfill our obligations under the online purchase contracts concluded with you. The data is entered into an input form and transmitted to us and stored. The following data is collected and stored as part of contract conclusions: – First and last name – Address, including alternative shipping address if applicable – Telephone number – Email address – Preferred payment method (PayPal) – Date and time of the order – Product data – IP address from which the order is made 2. Transfer of Personal Data For billing purposes of items purchased in our online shop, we use the external payment service provider PayPal. For the fulfillment of the contract and delivery of the ordered items, we share your billing data and payment information with our payment service provider and your delivery address with the shipping company DHL. In the case of PayPal, name, delivery address, order total, and the contents of your shopping cart are transmitted. 3. Legal Basis for Data Processing and Transfer The processing of your data and the transfer of your billing, payment, and address data serve to identify our contracting parties clearly and to fulfill and process contracts to which you are a party or to carry out pre-contractual measures. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR. 4. Purposes of Data Processing and Transfer The processing of the mentioned data and the transfer of payment and shipping information to our external service providers is required to conclude contracts, fulfill the contracts concluded with you, or carry out pre-contractual measures. 5. Storage Period, Objection, and Elimination The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. Even after the contract is completed, there may be a need to store and process personal data of the contracting party to comply with contractual or legal obligations. For tax purposes, retention periods of ten years (for invoices, books, records, etc.) or six years (for correspondence and other items) apply, according to Sec. 147 para. 3 AO.