PRIVACY STATEMENT
Updated Apr 18, 2025
katarinaesko.com respects your privacy. This privacy statement describes how katarinaesko.com processes your personal data. The statement is in accordance with the General Data Protection Regulation (GDPR) of the EU and national legislation, serving as both a privacy statement and an information document for registered individuals. The use of cookies is further explained in a separate pop-up window.
Katstar Oy / katarinaesko.com
Business ID: 3108206-1
Katarina Uusi-Esko
katarinaesko.com customer register
katarinaesko.com newsletter register
The purpose of processing personal data stored in the customer register is to establish and maintain customer relationships, provide customer service and facilitate necessary contacts, process customer orders, deliver ordered products, and for marketing purposes.
The purpose of the newsletter register is to facilitate necessary contacts for customer service, maintain customer relationships, inform about services, and for marketing.
The legal basis for processing personal data in accordance with the GDPR (2016/679) is the consent of the data subject, contract, or legitimate interest.
The customer register may contain the following information about the registered individuals:
name
title
phone number
address
information about customer orders, deliveries and discounts (= order details)
user names and passwords
name of the company
The register may also contain other information necessary for activities preceding the customer relationship and during the customer relationship (such as information related to customer experiences in coaching sessions).
The newsletter register may contain the following information about the registered individuals:
name
6. Regular Sources of Information
Personal data is added to the customer register by katarinaesko.com when becoming a customer. Personal data is collected from the data subject themselves in connection with orders placed in the online store, through payment systems, return and other related forms, by phone, email, or in similar situations where the data subject provides their information. Information may be collected during activities preceding and during the customer relationship.
Personal data for the newsletter register is collected from the katarinaesko.com website’s newsletter subscription form when the data subject has consented to receiving the newsletter.
Personal data from the customer and newsletter registers are used solely for managing customer relationships. Information may be disclosed to the online platform provider, our payment service providers, and the newsletter service provider to the extent necessary.
Information may be disclosed for actions related to the technical administration of the online store, such as server or online store platform management, order delivery, debt collection for unpaid invoices, and to authorities if required and permitted by law.
Personal data stored in the customer register is disclosed to the company’s accountant for accounting purposes.
The newsletter service provider and the digital product sales platform Kit is registered in the United States. More information about Kit’s privacy policy and terms of use can be found here: https://kit.com/privacy.
The digital product sales platform Payhip is registered in the United Kingdom. More information about Payhip’s privacy policy and terms of use can be found here: https://payhip.com/privacy.
We have ensured that all our service providers are committed to complying with data protection legislation.
The data controller may outsource the processing of personal data to third-party companies, which may also be located outside the EU/EEA, such as the United States. These companies may process personal data to provide infrastructure and IT services or other services such as newsletter deliveries. In such cases where the data subject’s information is used outside the EU/EEA, appropriate and adequate data security and processing of customer and newsletter registers are ensured by using EU Commission-approved standard contractual clauses. The personal data that may be transferred in the above-described situations may include the data subject’s name, address, email address, and phone number.
The data controller’s information system and files are protected by technical security measures commonly used in business operations. All paper printouts or similar paper-based documents containing information collected from data subjects are immediately and properly destroyed. Access to the customer and newsletter registers requires a personal username and password, granted only to employees of the data controller who have the necessary role and tasks related to the use of the register. Processors of the customer and newsletter registers are bound by confidentiality obligations. Regarding accounting records, the company’s accountant has access to such data, such as the company’s invoices. Accounting records are stored in electronic software and protected by appropriate technical security measures.
The data controller will report any data breaches in accordance with applicable legislation.
Personal data is generally stored for as long as the customer relationship is valid and for a necessary period after the termination of the customer relationship. However, personal data is stored for no longer than necessary for the purpose of processing personal data. Personal data is therefore stored for different periods depending on the purpose of processing personal data.
Personal data based on customer and contractual relationships is processed during the validity of the customer and contractual relationships and for a necessary time after the termination of the customer and contractual relationships. Personal data processed based on the data subject’s consent is stored until the data subject withdraws their consent or the data is no longer needed for the purpose for which it was collected.
Order, billing, and payment information included in accounting records are stored as required by the Finnish law.
The data subject has the right to access the information about them in the customer and newsletter registers and request the correction of inaccurate or incomplete information. Requests for inspection and correction should be sent to katarinaesko.com at the email address mentioned in section 2 of this statement.
The data subject has the right to request the deletion of incorrect or outdated data or the transfer of data from one system to another. The data subject also has the right to restrict or object to the processing of their data under Articles 18 and 21 of the GDPR. The data subject has the right to withdraw their consent to the processing of data previously given or to lodge a complaint about the processing of their personal data with the supervisory authority if the data subject believes that the data controller has not complied with the applicable data protection regulations.
Personal data is not used for automated decision-making or profiling.
The websites use cookies. A cookie is a small text file sent to and stored on the user’s computer. Cookies do not harm users’ computers or files. The company collects information from individuals visiting katarinaesko.com websites. The information is used to develop business and target advertisements.
Other websites linked to may collect and use cookies according to their needs.
Users must accept cookies on each website. If a user does not consent to the collection of their information, the use of the respective website should be immediately discontinued. The cookie function can be disabled in your browser settings. Disabling cookies may affect the user experience on the website.”