Privacy Policy

Last Updated:

1. Introduction

Khelvornuizik ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website or use our services. By accessing or using our website, you agree to the terms outlined in this policy.

We operate in accordance with the General Data Protection Regulation (GDPR) and Finnish data protection laws. This policy applies to all visitors, customers, and users of our services located in Finland and the European Union.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

  • Place an order for flowers or floral services
  • Create an account on our website
  • Subscribe to our newsletter or marketing communications
  • Contact us through our contact form, email, or phone
  • Participate in surveys, promotions, or contests
  • Leave reviews or feedback about our products or services

The personal information we may collect includes:

  • Full name and contact details (email address, phone number, postal address)
  • Delivery addresses for recipients
  • Payment information (processed securely through third-party payment processors)
  • Order history and preferences
  • Communication preferences
  • Any other information you choose to provide

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and browsing behavior, including:

  • IP address and geographic location
  • Browser type and version
  • Operating system
  • Pages visited and time spent on each page
  • Referring website or source
  • Date and time of access
  • Device identifiers and characteristics

This information is collected through cookies, web beacons, and similar tracking technologies. For more details, please refer to our Cookies Policy.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

  • Processing and fulfilling your orders
  • Arranging delivery of flowers to specified addresses
  • Communicating with you about your orders and deliveries
  • Providing customer support and responding to inquiries
  • Managing your account and preferences

3.2 Business Operations

  • Improving our website functionality and user experience
  • Analyzing customer behavior and preferences
  • Conducting market research and business analytics
  • Preventing fraud and ensuring security
  • Complying with legal obligations and regulations

3.3 Marketing and Communications

  • Sending promotional materials and special offers (with your consent)
  • Providing personalized recommendations based on your preferences
  • Notifying you about new products, services, or events
  • Conducting customer satisfaction surveys

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing is necessary to fulfill our contractual obligations when you place an order
  • Consent: You have given explicit consent for specific processing activities, such as marketing communications
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services and preventing fraud
  • Legal Obligation: Processing is required to comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. However, we may share your data with the following categories of recipients:

5.1 Service Providers

We work with trusted third-party service providers who assist us in operating our business, including:

  • Payment processors for secure transaction handling
  • Delivery and logistics companies for order fulfillment
  • Web hosting and IT infrastructure providers
  • Email marketing platforms
  • Analytics and data analysis services

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information when required by law, such as:

  • Responding to legal processes, court orders, or government requests
  • Enforcing our terms and conditions
  • Protecting our rights, property, or safety, or that of our customers
  • Investigating potential violations or fraudulent activities

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your data.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit using SSL/TLS protocols
  • Secure storage of data on protected servers
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Employee training on data protection practices
  • Incident response procedures

While we strive to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but continuously work to maintain the highest standards of protection.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

  • Order and transaction data: 7 years (for accounting and tax purposes)
  • Customer account information: Until account deletion is requested
  • Marketing communications data: Until you withdraw consent or unsubscribe
  • Website analytics data: 26 months
  • Customer support communications: 3 years

After the retention period expires, we securely delete or anonymize your personal information.

8. Your Rights

Under GDPR and Finnish data protection laws, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data under certain circumstances
  • Right to Restriction: Request limitation of processing in specific situations
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw previously given consent at any time
  • Right to Lodge a Complaint: File a complaint with the Finnish Data Protection Ombudsman

To exercise any of these rights, please contact us using the information provided in Section 12. We will respond to your request within one month.

9. International Data Transfers

Your personal information is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for intra-group transfers

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. We will notify you of significant changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification to registered users
  • Displaying a prominent notice on our website

We encourage you to review this policy regularly to stay informed about how we protect your information.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Khelvornuizik
Mannerheimintie 5
00100 Helsinki, Finland

Phone: +358 9 6226 260
Email: notifyuse@khelvornuizik.world

13. Data Protection Officer

For matters specifically related to data protection and privacy, you may contact our Data Protection Officer at the address above or via email.

14. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman
P.O. Box 800
00521 Helsinki, Finland
Website: tietosuoja.fi