Privacy Policy
General
The fourreasons.fi website is owned by Miraculos Oy.
Miraculos Oy is committed to protecting its customers’ privacy and offers them a chance to influence how their data is processed.
With this privacy policy, we inform our customers about how their personal data is processed. The customer must accept the terms of this privacy policy to use the services of fourreasons.fi. When we refer to “you” in this privacy policy, we mean any person who provides information about themselves to be used by our website. By “website”, we mean all pages under fourreasons.fi.
The data we collect can be divided into data provided by the user, data collected based on the use of online services and data generated using analytics.
We use the data to:
- Provide an easy-to-use and secure service
- Offer a good customer experience
- Develop customer service and the website
Details of the register
Name of the register
The customer register of the fourreasons.fi website. The register consists of multiple subregisters.
Details of the company
Miraculos Oy
Business ID 1107719-3
Salomonkatu 17 A, 10th floor
00100 Helsinki
Switchboard: +358 (0)201 410 410
Email: firstname.lastname@fourreasons.fi
E-invoice
EDI: 003711077193
Operator ID: 003708599126
Invoices by email: info@fourreasons.fi
The data controller of the personal data to be processed is:
Miraculos Oy, business ID 1107719-3
Salomonkatu 17 A, 10th floor
00100 Helsinki
Person responsible for matters related to the register
aspa@fourreasons.fi
+358 (0)201 410 410
You can ask more about data protection and the processing of personal data by email: aspa@fourreasons.fi.
Customer data can only be accessed by Miraculos Oy’s own employees, and our employees have been trained in the secure and ethical use of personal data. Each of our employees can only access customer data to the extent that is necessary for performing their duties.
We work with trusted contract partners, which means that data can be transferred to third parties. The requirements set out by the GDPR and other relevant legislation has been taken into account in all contracts made with partners. You can read more about third parties in the section “Disclosure of personal data to third parties.”
Collection of data for marketing purposes
In addition to fulfilling the orders you have placed through the fourreasons.fi website, we may use your data for improving your browsing experience and making it more customer-friendly and personal.
We will use data that is available for this purpose, such as receipt and reading confirmations for emails as well as information about the device you are using, your internet connection, the operating system, the browser, the platform, the date and time of the visit to the website as well as the products you viewed and the data we have received from you (including automatically sent or generated data).
You can prohibit the use of your personal data for marketing purposes or specific actions at any time. You can unsubscribe from the newsletter or the emails asking for product reviews at any time at the bottom of the newsletter. Or you can ask to be removed from the list by sending an email to aspa@fourreasons.fi.
Storage and protecting of personal data
Protection of data
All personal data is protected from unauthorized access and accidental or illegal destruction, alteration, disclosure or transfer and other illegal processing.
Miraculos Oy stores the customer data in Finland. The technical data security of our servers as well as the warehouse management system and the online store system is at a very high level, as is the data security of our processes. Passwords are carefully protected and we use two-factor authentication when possible. We update passwords regularly. Our servers are protected against data breaches and denial-of-service attacks.
We use good data protection practices – e.g. data consolidation, minimization, pseudonymization, anonymization and encryption – when processing personal data and in our technical solutions. The requirements imposed by the GDPR, in force from 25 May 2018, are taken into account in the processing of personal data.
All access to personal data is monitored in accordance with good practice.
Storage of data
We store your personal data only for as long as needed to fulfill the purposes described in this privacy policy. In addition, some data may be stored for a longer time if it is necessary to meet legal obligations, such as those related to accounting and business-to-consumer retail, and prove that the obligations have been met appropriately.
On the customer’s request, the personal data about them can be erased from Miraculos Oy’s systems or anonymized. Data erasure and anonymization are irreversible, and we are unable to restore deleted customer accounts.
Legal obligations to store the data for a longer period apply to some of the data, for purposes such as the following:
- The Accounting Act specifies longer storage periods for data, regardless of whether the data contains personal information.
- Meeting the responsibilities related to business-to-consumer retail.
- The systems’ log data is collected and stored as required by law so that we can offer a lawful and secure online store to our customers.
- Making sufficient backup copies of the store’s databases and systems to secure data, correct errors and ensure data security and continuity.
If we are unable to delete a piece of data from our system, we will inform the customer about it and explain the reason.
Register protection
Access to the register requires access rights to Miraculos Oy’s internal network. Access rights are limited to the data the person needs to perform their job duties and require the use of personal user credentials. Backup copies are made of the data regularly in case of disruptions.
The employees processing data in the customer register are bound by an obligation of confidentiality. The data can be shared or disclosed to third parties only based on the legal duty to report – for example, based on the customer’s request or a request made by the authorities on the basis of the relevant legislation.
Regular sources of data
The contact and customer details in the register are obtained as the customer relationship is created and as information is provided by the customer to the data controller during the customer relationship. The customer relationship is created when the customer registers as an user of the service, subscribes to the newsletter or makes a purchase.
Consent is sought from the customer separately for electronic direct marketing (email and SMS marketing) in accordance with the Personal Data Act. The customer’s credit rating at the time of the order is obtained from Klarna Oy’s (business ID 2247127-6) system.
The rights of the customer
As a customer, you have the right to:
- Access your personal data, including the right to obtain a copy of your personal data
- Request the rectification or erasure of your personal data
- Request a restriction of the processing or your personal data or object to the processing of your personal data, if certain requirements are met.
In addition, if the processing is based on consent, you have the right to withdraw your consent at any time. Please note that this does not affect the lawfulness of the data processing that was performed before the withdrawal of consent.
You can make requests related to the exercise of your rights by contacting our customer service (aspa@fourreasons.fi). The request must contain enough information for our customer service to identify you. We will let you know if we are not fully able to comply with your request – for example, if we are not able to erase data that we have a legal obligation (e.g. credit information) or right to store.
If you notice that the processing has not been carried out correctly or it is illegal, you have the right to lodge a complaint with a data protection authority.
Accessing stored data
You can request to access your personal data stored in Miraculos Oy’s systems by sending an email to aspa@fourreasons.fi.
The section “Collection, processing and use of data” contains more detailed information about the personal data we collect and store.
Disclosure of personal data to third parties
We may disclose certain necessary data to third parties to ensure delivery and for marketing purposes. In connection with credit decisions, your personal data is disclosed to the creditor.
We also share customer data with third parties for the purposes of analytics and personalization. We use buying behavior and browsing data together with partners in order to be better able to offer you interesting products and special offers. The data used for analytics and personalization is anonymized or pseudonymized when possible. Only we are able to connect the pseudonymized data to your name.
If needed, we may also disclose data to the authorities. We will always inform our customers about information requests if permitted by law.
The third-party tools we use and the data they collect:
- Marketing tools: Facebook (incl. Instagram advertising), Google (incl. Google Ads, YouTube, Display Network advertising)
- Analytics tools: Google Analytics
- CRM: Salesforce
- Newsletter sending and marketing automation: Account Engagement
- Online store: WooCommerce
We have activated Google Signals in Google Analytics. It allows monitoring cross-device functions and personalised advertising. This means that we collect data such as location, search history, YouTube history and functions on our website so that we can customise our advertisements and services to better match the needs and interests of users. Data will only be collected if the user has accepted personalised advertising on their Google account and accepted marketing cookies on our website. The stored data always consist of summaries and are anonymous.
Google Signals helps us to assess user behavior, wishes and interests better so that we can optimise and customise our products and services. By default, the data expire within 26 months. Users can manage or delete their data on their Google account and change their consent to personalised advertising in their Google account settings.
In accordance with the GDPR, Miraculos Oy ensures a high level of data protection and security when data is being transferred and processed. The level of data processing by third parties is ensured by using model contractual clauses approved by the European Commission or other approved methods that comply with the GDPR.
Changes to this privacy policy
We reserve the right to change this privacy policy due to service development and changes to the legislation. We will inform our registered customers about significant changes to the privacy policy at the time of the change.
Contact details for matters related to data protection
If you have questions about privacy, the processing of data or this privacy policy, please send them by email to aspa@fourreasons.fi.