Privacy and cookie policy

Customer basic information related to purchase transactions and customer maintenance:

• Name
• Address
• Phone number
• Email address
• Date of birth
• Social security number (when paying through our billing partner, for example)
• Username
• Preferred language of communication

Information related to purchase transactions:

• Details related to orders, processing, deliveries, and archiving
• Receipt details
• Purchase accumulation data related to loyalty programs
• Transmission and reception details of post-purchase product and site evaluation surveys, including customer responses with possible attachments

Information related to customer service:

• Customer messages and feedback along with associated details
• Information related to requested refunds and compensations, including reasons, amounts, and payment details

Information related to marketing:

• Consent for receiving email marketing
• Consent for "Back in Stock" email notifications for selected products
• Details of sent email messages and their open, purchase, and click-through rates as part of a larger analysis dataset

Customer and website visitor analysis data is collected for the following purposes:

• Maintaining customer relationships
• Information related to payment transactions
• Developing the functionality and services of the online store
• Providing sales and services through electronic channels and stores
• Preventing misuse
• Improving customer experience
• Analytics and statistics
• Targeting benefits correctly in sales situations, such as discounts targeted only to loyal customers
• Maintaining and developing customer loyalty programs
• Producing, developing, and monitoring products and services, as well as implementing and developing customer service
• Managing customer relationships, including producing more personalized targeted content and marketing, developing customer relationships, and personalizing services.

The information is processed based on the customer's relationship with Yeppo & Soonsoo, agreements, website usage, the customer's explicit consent, or legal obligations.

Personal data is not sold on to third parties. We share personal data only with our partners who help provide our services.

We collect, store, and share information about:

• Your device's location
• Browser type
• Search results
• Other information about the use of our website.

We collect this information to develop our website, product offerings, and to analyze the preferences of our website visitors, demographic location, and other information relevant to the development of our services. Information about the number of individual visitors to our site, the frequency of visits, the value of orders, and so on, is kept for statistical purposes. By adjusting cookie settings, you can choose what information about the use of our website you consent to share. You can read more about our cookie policy below.

We apply the above procedures based on our legitimate interests to develop our business and website.

Additionally, we collect and store information about your membership to fulfill and process orders by our partner.

We collect and use your personal data for targeted marketing purposes. You have the right to request the restriction of the processing of personal data for that purpose at any time, including direct marketing.

We may store cookies when you browse our website in order to analyze your preferences, to offer you targeted marketing either on our site or on the platforms of our partners, based on your interests. We apply the aforementioned procedures based on our legitimate interests to develop our company and our website.

We also hand over your email address to our partner when you subscribe for our newseltter, or to ask you to evaluate your purchase and customer experience. You can always cancel receiving such messages or e-mails if you do not want to receive messages for marketing purposes. When canceling receipt, you must contact the sender to cancel marketing messages.

We apply the aforementioned procedures based on our legitimate interests to develop our company and website and to provide our customers with unique and relevant content and offers.<

If you do not wish to receive targeted advertising, this does not mean that you will not see advertisements on our website or other platforms or sites from our company in the future.

It should be noted that when you ask us to refrain from contacting a certain email address by email, we will keep the address regarding the ban request in the list of emails that sent the ban request.

Some of the functions of the online store are based on the legitimate interest of the controller, so that we can offer the best possible service experience. Such functions include the customized content of the online store, surveys and product review requests, as well as customer-based reminders.

Legitimate interest pertains to the following information:

• Information related to payment transactions
• Correct targeting of benefits in sales situations
• Provision, development, and monitoring of services as well as implementation of customer service
• Development of the range of products and services<
• Analysis of customer data, reporting, and system development for business development
• Management of customer relationships including service communication, development of customer relationships, and service personalization
• Processing of customer feedback and service requests and responding to them
• Targeting of product review requests after sales transactions
• Implementation of customer communication and marketing in the marketing channels we use
• Conducting competitions and draws
• Analysis and categorization of customer data for better-targeted marketing communications

With these functions, we offer e.g.:

• Products and offers that match the customer's preferences
• We ask our customers' opinions about our service
• Better and more transparent product reviews for our customers
• Content related to guiding our new customers in using the service
• Useful content and additional services related to your previous purchase history
• Reminders about renewing the wear parts of previously purchased products to improve the life of the products
• Information about current services and changes in transactions, if it has been a while since our customers' previous transactions

The personal data processed includes our customers' contact information for possible communication, as well as information about their behavior based on purchase or browsing history or information entered by customers.

The legitimate interest of Yeppo & Soonsoo is realized when a customer relationship is established between the data controller and the data subject. This may mean that the data subject visits the website and gives consent to the use of cookies, the data subject creates an account on the website, and/or the data subject places an order in the online store. The aforementioned actions fulfill the lawful processing basis of the data controller's legitimate interest in handling personal data.

• Processing of orders, purchases, and returns
• Invoicing and crediting through partnerships
• Debt collection through partnerships
• Accounting
• Prevention of abuse
• Prevention and investigation of crimes
• Preparing, defending, and responding to legal claims, for example, in criminal and tort cases as well as consumer law matters
• Enforcing the seller's liability for defects in consumer sales, fulfilling product liability obligations
• Recalls of hazardous products

• Identification information, such as name
• Personal identification number (e.g., social security number) for customer identification when making credit agreements
• Contact information, such as address, email address, and phone number
• Payment information, including credit agreements and other billing information
• With the customer's consent, location information used for estimating delivery times
• Email address and token used for Google, Facebook, or Microsoft login
• Data observed from the use of services and derived through analytics
• Purchase history, including ordered products and their price information
• Delivery information, such as chosen delivery method and delivery address
• Product reviews
• Usage and browsing information on the online store and device identification information
• Data and identifiers used for product recommendations and other targeted content
• Providing identification, contact, and payment information is mandatory when purchasing through Yeppo & Soonsoon's online store.

Providing identification, contact and payment information is mandatory when you buy via our webstore.

The main source of information is the user himself, in addition to which we may receive additional information from our partners, for example from a credit service provider. In accordance with the provisions of the Data Protection Regulation, we inform you about the personal data we receive from third parties in the first contact with the customer or within one month of receiving the personal data at the latest.

All personal data is protected from unauthorized access and from accidental or unlawful destruction, alteration, disclosure, transfer, or other unlawful processing.

Yeppo & Soonsoo stores customer data within the EU on the Shopify platform. The company complies with PCI Security Standards Council Level 1 PCI DSS and Service Organization Control (SOC) 2 Type II and SOC 3 security standards. The servers are protected against data breaches and denial-of-service attacks.

In the processing of personal data and in technical solutions, we adhere to good data protection practices, including data consolidation, minimization, pseudonymization, anonymization, and encryption. The processing of personal data complies with the requirements of the EU General Data Protection Regulation (GDPR) applicable since May 25, 2018.

All access to personal data is monitored according to best practices.

We only retain your personal data for as long as necessary to fulfill the purposes described in this privacy policy. Additionally, some information may be retained for longer periods as required by law, such as for accounting and consumer trade obligations, to ensure their proper implementation and to demonstrate compliance.

Legislation imposes obligations for longer-term retention of certain information, including but not limited to the following purposes:

1. Accounting Law: The Accounting Act defines longer retention periods for data, regardless of whether the material contains personal data or not. According to the Accounting Act, receipts and business-related correspondence must be retained for at least six years after the end of the financial year.

2. Compliance with Consumer Trade Obligations: Fulfillment of consumer trade obligations may necessitate longer retention periods for certain data.

3. System Log Data: System log data is collected and stored in accordance with legal requirements to ensure that we can provide a lawful and secure online store for our customers.

4. Backup Procedures: Taking sufficient backups of the store's databases and systems to safeguard data, rectify error situations, and ensure the verification of security and continuity.

These measures ensure compliance with legal requirements and contribute to maintaining the security and integrity of our systems and data.

Here are the retention periods for data, to the extent they can be disclosed:

1. Customer Data Based on Contracts: Customer data based on contracts will be retained in accordance with the Accounting Act for a minimum of 6 years.

2. Customer Data Based on Loyalty Programs: Data based on loyalty programs will be retained for the duration specified in ReceiptHero's privacy settings. The data subject can request the deletion of their information from the loyalty program registry through the "Delete Account" function in the ReceiptHero application. Please carefully review ReceiptHero's privacy policy and data retention principles separately. End-user data from ReceiptHero will be deleted upon request or if the data subject has not used the ReceiptHero service in any way for a period of 5 years.

3. Deletion of loyalty program data does not affect the retention of customer data based on contracts.

4. Post's Privacy Policy

5. Postnord's Privacy Policy

6. UPS's Privacy Policy (service no longer available in our selection)

7. Growave's Privacy Policy: Customer data will be retained for as long as the customer relationship is active or until the data controller's partnership with the service provider ends.

8. Dibble Development: Customer data from requested "Back in Stock" email notifications will be retained for a maximum of one year from the date of email delivery. Information about sent notifications will be deleted once a year, in February, March, or April.

Upon the customer's request, their personal data can be deleted or anonymized from Yeppo & Soonsoon's systems. The deletion and anonymization process is irreversible, and deleted customer accounts cannot be restored. Please contact info@yepposoonsoo.com if needed.

The main recipients of personal data through the website include e.g:

• Yeppo & Soonsoon's customer service, marketing and administrative team members
• Partnerships: Various collaborative partners.
• Credit and Billing Service Providers: Providers of credit and billing services.
• Payment Transaction Intermediaries: Intermediaries for payment transactions in stores and the online shop.
• IT Service Providers: Such as Shopify, Google, and ReceiptHero.
• Marketing Service Providers: Providers of marketing services.
• Transportation and Postal Service Providers: Such as Posti and Postnord.

When creating a customer account, customer data (name and email address) is shared with Shopify and Growave partners to provide email marketing, information about order status, and tailored benefits in the online store. The Growave partnership will end in August 2024, after which all customer data will be removed from the Growave partner. Following this, our loyalty partner will only be ReceiptHero, and you give separate consent for the processing of personal data in accordance with their terms by enabling the service through ReceiptHero.

By accepting marketing cookies or statistical and measurement cookies, data is shared with Google to measure customer relationships and experiences in accordance with Google Consent Mode v2.<

When subscribing to notifications for product restocking in your email, you consent to sharing your email address with our service-providing partner (Dibble Development).

Access to customer data is limited to Yeppo & Soonsoo's own employees. Our staff is trained to handle data safely and ethically. Each member of our staff only has access to customer data to the extent necessary for performing their job duties.

Additionally, we use trusted contractual partners, and data is transferred to a third party only when necessary for providing the service. All contracts with partners comply with the requirements of the EU General Data Protection Regulation and other applicable laws. Customer data is disclosed to payment service providers, such as banks, credit institutions, and other companies providing payment services, such as Klarna, to the extent necessary for the provision of the service.

Yeppo's data protection principles do not apply to personal data that you hand over to a third party, for example through payment services.

Third-party links on our website may apply the privacy policies, practices or different rules of those parties. Please also familiarize yourself with them carefully.

We may also present your personal data to third parties if we have strong reasons to suspect that the sharing, access, use or retention of the data is necessary for the following reasons:

• Complying with a legal decision, government order or decision or other legal obligation,
• The enforcement or application of our Agreement,
• Administering and maintaining the security of our products, including preventing or stopping an attack on our computer systems and network; and
• To protect the rights, property, or safety of Yeppo, its customers, licensees, or others.

The third-party companies we choose apply the valid data protection policy when processing your personal data. In order to implement the service, if necessary, we hand over data outside the EEA countries, for example to provide the services of our IT partners. Such partners are e.g. Growave, Dibble Development.

We share your personal data in situations where it is necessary for the provision of our services, processing of payment transactions, or enhancing customer experience.

For managing the operation of our website or processing your order, we transmit necessary personal data such as name, address, email address, and phone number to our partners. These partners include, among others, Posti, Transval, and Postnord. Additionally, companies assisting in the management of our loyalty program and newsletter, or our system administration services, are involved. These partners may include ReceiptHero, Shopify, Dibble Development, Google, and Growave.

The third-party companies we select adhere to applicable privacy policies when processing your personal data. We only share your information with third parties when necessary. By adjusting your cookie settings, you can specify what information about you is collected and shared with third parties. Limiting cookie settings may restrict access to features aimed at personalizing our services and enhancing customer experience.

• Shopify 
• Growave: support@growave.io
• ReceiptHero: support@receipthero.io
• Dibble Development: hi@dibbledevelopment.com
• Posti, Transval
• Postnord

 

As a registered user, you have the right to access your personal data, including the right to receive a copy of your personal data, to request correction or deletion of your personal data and, under certain conditions, to request restriction of processing or to object to the processing of personal data. Find out more about the data subject's rights below:

• the right to receive information about the processing of personal data
• the right to access information
• the right to correct information
• right to delete data (right to be forgotten)
• the right to restrict data processing
• notification obligation regarding the correction or deletion of personal data or restriction of processing
• the right to transfer data from one system to another
• the right not to be subject to automatic decision-making without a legal basis

• the right to receive information about the processing of personal data
• the right to access information
• the right to correct information
• right to delete data (right to be forgotten)
• the right to restrict data processing
• notification obligation regarding the correction or deletion of personal data or restriction of processing
• the right to object to data processing

• the right to receive information about the processing of personal data
• the right to access information
• the right to correct information
• right to delete data (right to be forgotten)
• one of the reasons for having the data deleted is that the data subject withdraws the consent on which the processing was based, and there is no other legal basis for the processing
• the right to restrict data processing
• notification obligation regarding the correction or deletion of personal data or restriction of processing
• the right to transfer data from one system to another
• the data subject can allow automatic decision-making (including profiling) with his express consent

• the right to receive information about the processing of personal data, unless an exception is specifically provided for in the law
• the right to access information
• the right to correct information
• the right to restrict data processing
• notification obligation regarding the correction of personal data or restriction of processing
• the right not to be subject to automatic decision-making without a legal basis
• this can be made possible by legislation that establishes appropriate measures to protect the registered rights and freedoms and legitimate interests

If you consider that your personal data is not processed in accordance with the EU General Data Protection Regulation, each data subject has the right to file a complaint with the supervisory authority, especially in the Member State where you have your permanent residence or workplace, or where the alleged violation of the Data Protection Regulation has occurred. In Finland, the authority in question is the Data Protection Commissioner.

Office of the Data Protection Commissioner

Visiting address: Ratapihantie 9, 6. Krs, 00520 Helsinki
Postal address: PO Box 800, 00521 Helsinki
Phone (switchboard): + 358 29 56 66700
E-mail: tietosuoja@om.fi

You have the right at any time to demand the restriction of the processing of your personal data based on your individual situation in accordance with Article 21 GDPR (Article 6 (1) f)).

When you submit a rectification claim, we will stop processing your personal data if we cannot present essential legal reasons for processing personal data that override your own interests, rights and freedoms, or if the processing of personal data takes place for the preparation, implementation or defense of legal claims.

First-party cookies come directly from our website. In addition, our site uses external services that send their own cookies (third-party cookies). Permanent cookies are cookies that are stored on your computer and are not deleted automatically when you close the browser. Session-specific (temporary) cookies, on the other hand, are deleted when the session ends.

We use cookies on our website to ensure that our pages serve you as well as possible. With the help of cookies, we can develop the website and offer better customer experiences when it is possible to customize the website according to wishes, choices and interests.

The website is always operated using a secure connection (https). Necessary cookies ensure the technical functionality of the website and are not used for other purposes. Permanent cookies are used e.g. to save personal settings in the online store so that you do not have to make the same choices every time you visit the online store.

If you do not accept the use of cookies, please note that the functionality of the site may be limited, and the online store may not work as intended.

Non-necessary cookies are visitor tracking cookies, which we use to make the site more user-friendly and to improve our selection, for example by identifying products and brands that our customers are looking for. Cookies are also used to modify information and marketing to make them as relevant as possible to you. Temporary cookies are used, for example, to store statistical information about the use of the website.

By accepting the site's terms of use, privacy policy and using the website, you accept the use of cookies. If you do not accept the use of cookies, you can disable cookies either from the Cookies banner offered by our site or from the security settings of your web browser.

You can also set your web browser to ask you every time a website wants to set a cookie on your computer. You can also delete previously saved cookies from your web browser. You can get more information from the help pages of your web browser. You can also manually delete cookies from your hard drive at any time.

If you do not accept the use of cookies, please note that the functionality of the site may be limited, and the online store may not work as intended.