The data controller is JL Equestrian Oy (VAT-number FI33152166)

JL Equestrian Oy
Vinttikaivonpiha 5, Lieto, Finland
Email: info@jlbrowbands.fi

This privacy policy concerns the customer register of JL Equestrian Oy.

Personal data may be processed for the following purposes:

- Customer relationship maintenance and development
- Processing orders
- Data statistics and analysis
- Customer-oriented marketing and communication

We use personal data for marketing and communication purposes only with the permission given separately by the customer.

Personal data is processed either on the basis of the registered person's customer relationship and sales contract, or on the basis of consent obtained via a contact form on the website.

The following data can be collected in our customer register:

- Basic information and contact information (first name, last name, address, phone number, email address)
- Order and delivery information
- Billing and payment information
- Direct marketing permits and prohibitions
- IP-address

Personal data is entered into the customer register when a customer places an order via the website or fills in their information at the checkout without proceeding to pay.

Personal data is also entered into the customer register when a customer fills out a contact form on the website.

Data can also be obtained using cookies or other similar technologies.

We store necessary personal data only for as long as it is required to manage the customer relationship and/or by the law.

The registered person can leave our marketing list and deny direct marketing themselves via the link in every marketing email we send.

Personal data is processed by the controller and the controller's employees. If necessary, we can also partly outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with valid data protection legislation and otherwise appropriately.

We may hand over data necessary for filling and delivering orders, such as the customer's basic information, delivery address or payment method, to the transport companies or to the payment service provider.

In our online store, we use the online store platform provided by Shopify Inc. Data collected from our customers through the online store is stored in Shopify's systems. Shopify may export data outside the EEA to, for example, the United States and Canada, but complies with the Canadian Private Sector Privacy Protection Act (PIPEDA) when exporting data, which is considered sufficient under the GDPR. You can read more about Shopify's data protection here.

Care is taken when processing personal data and maintaining the register. Personal data is stored in a system, access to which requires entering a username and password. The system is maintained on servers for which Shopify is responsible for technical maintenance and data security.

We or our payment service provider may use automated decision-making, for example, to combat fraud or other criminal activity.

According to the applicable legislation, every person in the register has the right to:

- Get access to their own personal data
- Correct their own personal data
- Delete their own personal data
- Limit the processing of their own personal data
- Object to the processing of their own personal data
- Transfer their own personal data from one system to another
- Withdraw their consent at any time

Requests must be sent to the controller in writing. We respond to the customer within the time stipulated in the EU data protection regulation.

The right to delete your own data does not apply to personal data that we have to keep for maintenance, legal or information security reasons. The registrar must present a justified reason to the requester if the registrar does not agree to delete personal data from the register.

Any disagreements are primarily resolved by negotiating with the registered person. The registered person has the right to submit the matter regarding the processing of personal data to the supervisory authority for investigation.

We use cookies on our website. When the user visits our website, they can either accept or deny the use of cookies in the cookie settings.

Cookies are small text files that are sent and saved to the user's device when they visits the website and if they have given permission for the use of cookies. Cookies can be used to both improve the site's functionality and user experience and collect information. The user visiting the website cannot be identified using the information obtained from the cookies alone. However, information obtained from cookies can be linked to information obtained by the user in other contexts.

Shopify, the provider of our online shopping platform, uses cookies in its service. You can read more information about the cookies used by Shopify here.

The cookies stored on the device are generally valid for a maximum of 24 months from the time the user visiting the site has given the website permission to use cookies. The user has the option to prevent the use of cookies at any time by changing the settings of their browser. Blocking the use of cookies may affect the site's functionality.

Our website may contain links or embedded material that take you to third-party services and websites. The registrar is not responsible for the site, material belonging to a third party, or for what kind of information third parties collect about the user on their own sites.

The privacy policy was last updated on 13th of July 2023.

We may make changes to this privacy policy from time to time due to, for example, updating data protection practices or changes in legislation.