Privacy policy

Privacy policy

This is Galleria Kääntöpoiju Oy's description of file and data protection pursuant to the Personal Data Act (sections 10 and 24) and the EU's General Data Protection Regulation (GDPR). Prepared on 17. November 2020. The goal of this privacy notice is to describe, how Galleria Kääntöpoiju Oy (later "Galleria Kääntöpoiju" or "we") collects, processes and retains personal data in accordance with the Finnish Data Protection Act and EU's General Data Protection Regulation. This privacy notice will be applied every time you use the services described in it in any of the countries our company operates.


Galleria Kääntöpoiju Oy 

Business ID: 2544599-7 

Kristiinankatu 1

53900 Lappeenranta

Contact information

You can contact us via email at

Collecting of personal data

What personal data does Galleria Kääntöpoiju collect and how?

When you visit our website, join our customer loyalty programme in our shop or our website, contact us through our customer service, or participate in our marketing campaign, we may collect your personal data. Also, when visiting Galleria Kääntöpoiju, your picture may be captured on a surveillance camera.

Personal data are used for:

  • with your specific consent, marketing, for example, if you order our newsletter
  • processing and delivering orders you have made on our online store
  • answering questions you have sent to our customer service
  • other justifiable causes for using personal data, such as improving our online store
  • if we want to use your personal data for other purposes, we ask your specific consent beforehand

What data we collect when you make a purchase in our online store?

When you purchase something from online store, we collect your personal data so we can deliver the products you have purchased. These data include your name, address, phone number, email address, the total cost of your purchase and the products you have purchased. Depending on your payment method, we may also collect your personal identity code or the last four numbers of your credit card.

Data collected upon registering to online store

When you register to online store, we collect the following personal data: your name, address, login information (email address and password) and if you so wish, the product categories you are interested in.

Data collected upon subscribing to our newsletter

When you subscribe to our customer newsletter, we collect your name and email address.

Data collected upon marketing raffles or customer surveys

Upon taking part in our marketing raffle or customer survey, we may collect you personal data (name, address, phone number) to be able to deliver your possible prize.

Data collected upon electronic services

When you use website, we collect data related to the use of the service. This may include personal data, such as your IP address. If you are logged in our online store, you are identified and we collect data related to your use of the site (purchase history, browsing history) and we may connect them to your other user data.

Handling and saving of personal data

Customer service

We use your personal data for customer service. For example, if you contact us to ask about an order you have placed through our online store, we use your name and order number to identify your order. We may also use your personal data, such as your email address or phone number if we need to contact you.

Sending information

After you have placed an order in online store, we use the data you have given us to send you a confirmation of your purchase and emails regarding the status of your order. These messages will be sent to the email address you have given us upon your order.

Marketing and customising

If you have ordered Galleria Kääntöpoiju's newsletter, we use your personal data for sending and customising the newsletter. These personal data include your email address and your possible purchase history, newsletters sent to you, newsletters you have opened and your browsing history in our online store. We use these data to show you ads of our products that we believe you would be most interested in.

We use the personal data collected to customise Galleria Kääntöpoiju's website and online store for you. As an example, we will prioritise products and offers we believe you will find the most interesting based on your purchase or browsing history.

We also customise our online ads outside, for example, in our social media marketing. As an example, if you subscribe to Galleria Kääntöpoiju's newsletter, we may also target our advertising to you on Facebook. In this case, Facebook will be handling the data. See Facebook's privacy policy.

Improving our services

We also use data collected from our customers to improve our products and customer service. We analyse digitally the users of our online store and use this data to improve it. We use primarily only compiled or anonymous data for these analyses.

How long do we store your personal data?

We store your personal data for as long as it is necessary to fulfil our obligations.

By default we will store your data in our customer relationship management system and marketing system for five (5) years from the moment you have last been active. Being active includes any of the following: making a purchase on online store, browsing the online store, opening our newsletter or clicking the links.

We store your personal data on your user account for as long as the account is active.

When you visit our website, your information will be stored by default for 26 months for analytics.

If you subscribe to our newsletter, your contact information will be stored for as long as you want to receive our newsletter.

Your personal data may be stored in multiple places for multiple purposes. Therefore, the personal data that has been deleted from one part of our system may still be stored in another part of our system for different purposes.

Data protection

Galleria Kääntöpoiju maintains a high level of security in processing of personal data. We constantly evaluate our practices regarding the processing of personal data and potential risks, and practice measures that keep these data safe.

The personal data we process are stored in a system that is protected with the appropriate technical and administrative measures. Logging into the system requires entering username and password. The system has also been secured with firewall and other technical measures. Access to the data stored in the register is enabled only to predetermined workers of Galleria Kääntöpoiju. The data stored in the register are held in locked and guarded premises.

We constantly train our staff in data protection. All questions regarding our actions, the Personal Data Act or the EU's General Data Protection Regulation (GDPR) can be sent to

Disclosing personal data

Galleria Kääntöpoiju may authorise outside service providers to produce IT services, payment services or other digital services for Galleria Kääntöpoiju. In order to provide these services, Galleria Kääntöpoiju's affiliates, both within and outside of EU and EEA, may have access to your personal data.

IT providers

Galleria Kääntöpoiju uses several different IT services and IT systems. Some of those are used to storing and processing personal data. Galleria Kääntöpoiju is responsible of confidentiality of personal data during these processes. Some of the systems are installed locally. In these cases only the staff of Galleria Kääntöpoiju has access to the data, and no information is transferred to third parties. Some of the systems include cloud computing. In these cases we transfer personal data to the service provider, and they process personal data under Galleria Kääntöpoiju's commission using our guidelines.

Internal IT systems

We process customer information internally in our customer loyalty programme, enterprise resource planning, online store, customer relationship management system and marketing system. In addition to this, when buying from our online store, information is stored to the systems of selected payment service provider and logistics company (such as Posti, PostNord, Unifaun, GLS or Budbee).

These systems enable delivering your order, answering your questions regarding our services and customer service. All of the personal data collected by us may be used in these systems.

We use Google's office suite and services. That means that we have authorised Google to process personal data. See Google's privacy policy.

Online analytic service and content service providers

We use third party providers to personalise our website and analyse visitors' online behaviour and feedback. These providers handle personal data on our behalf. Analytic services process mainly compiled anonymised data.

Payment service providers

We use outside providers for processing payments. The personal data these providers have access to include your name, address and payment information. Depending on your method of payment, your personal identity code or the last four numbers of your credit card may also be processed. This is necessary for us to be able to the goods and services you have ordered.

Contact information services

We use an outside service to process customer feedback received through different channels, such as email and social media. The following data is stored: customer's name and email address, content of the conversation, country and city, web browser, operating system, current web page and browsing history. These data will be stored for as long as is necessary for processing the feedback.

The chat functionality on website is provided by an outside chat service provider. The conversations between you and our customer service via the chat functionality will not be stored to a cloud storage. Rather they are routed to Galleria Kääntöpoiju's customer service's email address. The messages are saved only if the matters discussed in the chat cannot be handled at once. The following data is stored: content of the conversation, country and city, web browser, operating system, current web page and browsing history. The customer can also provide their name and email address, if they so choose. These data will be stored in Galleria Kääntöpoiju's email for as long as is necessary for processing the feedback.

Tax-free shopping

Customers living outside the EU can shop tax-free in Galleria Kääntöpoiju. The provider of the tax refund may process the personal data required for handling tax-free orders.

Disclosing data outside the borders of the EU or the EEA

Some of the service providers our website uses are located outside the EU and the EEA. Your personal data may be transferred to our affiliates in these countries for purposes mentioned above. In these cases Galleria Kääntöpoiju is responsible that your personal data is handled with enough confidentiality.

Your rights as a customer

Necessary processing of personal data and processing under consent

Personal data may be processed without consent if it is necessary to be able to carry out a transaction with you, or to fulfil legal obligations. Collecting and using your personal data to other purposes requires your consent. You give your consent for processing of personal data when you, as an example, use our services at, subscribe to our newsletter, join our customer loyalty programme in our shop or our website, or contact us through our customer service.

Cancelling your consent

You have the right to inspect your personal data we have stored, make corrections of changes to this information, request the restriction of processing of the data, and request the deletion of your personal data whenever you want. You also have the right to request restricting the processing of your personal data in certain situations, such as marketing.

When you cancel your consent, we delete your personal data and stop processing them in ways that require your consent.

Please note, however, that some data may be used both under consent and to fulfil necessary processes. Therefore, when you cancel your consent and processes that require your consent will be stopped, we may have to store your personal data for other purposes.

Right to review information

You have the right to review your personal information stored in our register. You can ask for this information to be sent to you free of charge once per year. To receive this information, send us a written request with your signature. When you send us the request, clearly mark on the envelope that the letter is about the personal register.


If you believe we are not complying to the Personal Data Act, you can contact the Office of Data Protection.

Changes in privacy policy

We may make changes to our privacy policy. You can find the newest version on our website.