PRIVACY POLICY

for paiviluoma.com

Last updated: Dec 19, 2025

I respect your privacy and want to be transparent about how your personal data is handled. This Privacy Policy explains what information is collected, why it is collected, and what rights you have under EU data protection law (GDPR).

I’ve also included a short, human-friendly summary below — the full legal version follows after that.

SHORT VERSION

My name is Päivi Luoma, and I personally manage this website.

When you place an order, I only process the information that is necessary to:

  • fulfill your order

  • communicate with you if needed

Your products are printed and shipped by Printful, who receives only your name and shipping address for delivery purposes.

The website is hosted by Squarespace, which uses cookies and basic analytics to show things like:

  • number of visitors

  • browser type

  • general location (country/city level)

  • referral sources (for example Instagram)

I do not sell your data, and I don’t use it for anything unrelated to running this store.

If you ever have questions or concerns, you can always contact me directly info@paiviluoma.com

Payment Providers

Payment processing on this website is handled by trusted third-party payment providers, including PayPal and Stripe.

These payment providers process payment information (such as credit card details, billing information, and PayPal account data) directly and independently as separate data controllers. Impossible P does not store or have access to your full payment details at any time.

PayPal and Stripe process personal data in accordance with their own privacy policies and applicable data protection laws.

PRIVACY POLICY

(Full Version)

1. Data Controller

Operated by: Päivi Luoma
Country: Finland
Email: info@paiviluoma.com
Website: https://www.paiviluoma.com

I am the data controller responsible for processing your personal data under the EU General Data Protection Regulation (GDPR).

2. Legal Basis for Processing Personal Data

Under GDPR, personal data is processed based on the following legal grounds:

  • Performance of a contract – to process and deliver your orders

  • Legal obligation – to comply with accounting, tax, and consumer protection laws

  • Legitimate interest – to operate and improve the website and customer service

  • Consent – where required (for example, optional marketing emails or cookies)

3. Personal Data We Collect

Information you provide:

  • Name

  • Email address

  • Shipping and billing address

  • Phone number (if required for delivery)

Automatically collected data:

  • IP address

  • Browser type and version

  • Device information

  • Pages visited and time spent on the site

  • Referral source

This data is collected through cookies and similar technologies.

4. How Your Personal Data Is Used

Your personal data is used to:

  • Process and deliver orders

  • Communicate with you about purchases or customer service requests

  • Maintain and improve website functionality

  • Comply with legal obligations

  • Prevent fraud and misuse

You will only receive marketing communications if you have explicitly opted in.

5. Service Providers and Third Parties

Your data may be shared only with trusted service providers necessary to operate the store:

  • Printful – order fulfillment and shipping

  • Squarespace – website hosting, analytics, and infrastructure

  • Payment providers – to securely process payments (they handle payment data directly)

Each service provider processes data under GDPR-compliant agreements.

6. International Data Transfers

Some service providers may process data outside the EU/EEA (for example in the United States).

In such cases, data transfers are protected by:

  • EU Standard Contractual Clauses (SCCs), or

  • other GDPR-approved safeguards

All reasonable steps are taken to ensure your data is protected.

7. Data Retention

Personal data is retained only for as long as necessary:

  • Order and customer data: as required for contractual and legal obligations

  • Accounting records: as required by Finnish law

  • Analytics data: retained for a limited period for statistical purposes

When data is no longer needed, it is securely deleted or anonymized.

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data (“right to be forgotten”)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

To exercise your rights, contact: info@paiviluoma.com

You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

This website uses cookies that are:

  • essential for functionality

  • used for analytics and preferences

You can manage cookie preferences through your browser or cookie banner.
More details are available in the Cookies section of this site.

10. Security

Reasonable technical and organizational measures are used to protect your personal data.

However, no online transmission or storage method is 100% secure.

11. Children’s Privacy

This website is not intended for children under 13, and personal data from children is not knowingly collected.

12. Links to Other Websites

This website may contain links to third-party websites.
I am not responsible for their privacy practices or content.

13. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time.
Any changes will be posted on this page with an updated revision date.

14. Contact

If you have any questions about this Privacy Policy or your personal data, contact:

info@paiviluoma.com