Privacy statement Firstbuy Oy 1.1.2020

1.1 The Registrar

Firstbuy Oy
PL 1
15140 Lahti

1.2 Registry Officer

Firstbuy Oy
PL 1
15140 Lahti

1.3 Name of the register's customer register

1.4 Basis and purpose of processing personal data

The legal basis for the processing of personal data is an agreement, consent or legitimate interest. Personal data stored in's customer register is registered:
  • To identify loyal customers and provide loyal customer benefits
  • For delivery of orders
  • So that we can manage and maintain your right to return products and complain
  • For marketing and information
  • To improve the user experience of the site
  • Compliance with accounting legislation

1.5 Information content of the register

When purchasing a product from or communicating with us through our website, we may register the following information:
  • Contact information such as name, address, phone number, email address
  • Customer relationship information: product and order information, customer feedback and contacts, your chosen payment and delivery method, and marketing authorizations and prohibitions
  • Information collected through cookies that improves the user experience of the website. This information includes e.g. an encrypted list of products you have added to your wish list and products you have recently browsed
  • Any other information collected with the customer's consent

1.6 Regular transfers of personal data forwards your name, address, telephone number and the desired delivery method to Posti, which takes care of the transport and delivery of the products. In addition, we use external partners, e.g. the technical operation of our site, the sending of a newsletter and the evaluation of our company and our products. We may also forward your name and email address to these partners. All of our external partners treat your personal information in the strictest confidence and may not use your personal information except to fulfill the agreement they have with us.
A few of the external processors we use, such as Google Analytics and Shopify Inc., are located outside the EU, specifically in the United States.

1.7 Retention period of personal data

Personal data will be kept for as long as is necessary for the provision of the service or statutory obligations. Among other things, the Accounting Act requires data to be retained for a certain period of time.

1.8 Protection of personal data has taken all recommended appropriate technical and organizational measures to protect personal data from accidental or illegal loss, disclosure, misuse, alteration, destruction or unauthorized access. Access to the register requires the entry of a username and password. The data stored in the system shall be accessible and authorized only to those employees who are entitled to it on behalf of their duties and who need the data in the course of their duties.

1.9 Rights of the data subject

  • the right to inspect personal data about you
  • the right to rectify the data
  • the right to restrict processing (for example, you can ban marketing)
  • the right to object to the processing
  • the right to withdraw consent (for example, you can withdraw your consent to marketing)
  • the right to lodge a complaint with the supervisory authority
  • Please note that you only have the "right to be forgotten" if we have no legal obligation to continue processing your personal information.

    1.10 Exercise of Rights

    A request for the exercise of rights must be made in writing and signed. If necessary, the controller may request additional information from the data subject to confirm his / her identity.
    If the customer's requests are manifestly unfounded and unreasonable (eg less than one year has elapsed since the previous request for access to the data), the controller has the right to charge a reasonable fee for the execution of the request

    1.11 Correcting information

    The controller shall correct, delete or supplement personal data in the register that are incorrect, unnecessary, incomplete or out of date for the purpose of processing on its own initiative or at the request of the data subject. The data subject must contact the data controller of the registrar to correct the information. A registered customer can also correct their own data by logging in to their data in the registrar's online service.

    1.12 Right to change reserves the right to make changes to the privacy statement. For all questions related to privacy, this description and data processing, please contact
    You have successfully subscribed!
    Recently viewed