Privacy Policy

1. Introduction

Thefrynnfrex ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website thefrynnfrex.world and use our services.

We comply with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Finnish Data Protection Act (Tietosuojalaki 1050/2018), and other applicable data protection laws.

2. Data Controller Information

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide Directly

• Full name
• Email address
• Phone number (optional)
• Delivery address
• Messages and communications you send us

3.2 Information Collected Automatically

• IP address
• Browser type and version
• Device information
• Pages visited and navigation patterns
• Time and date of visits
• Cookies and similar technologies (see our Cookie Policy)

4. Purposes of Data Processing

We process your personal data for the following purposes:

• Order Processing: To process and fulfill your orders, including delivery and payment handling
• Customer Communication: To respond to your inquiries, provide customer support, and send order updates
• Legal Obligations: To comply with legal and regulatory requirements, including tax and accounting obligations
• Website Improvement: To analyze usage patterns and improve our website functionality and user experience
• Marketing: With your consent, to send promotional communications about our products and services

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you
• Consent: When you have given explicit consent for specific processing activities
• Legal Obligation: Processing required to comply with applicable laws
• Legitimate Interests: Processing necessary for our legitimate business interests, balanced against your rights

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Order Data: Retained for 7 years to comply with tax and accounting regulations
• Communication Records: Retained for 3 years after the last interaction
• Marketing Preferences: Retained until you withdraw consent or unsubscribe
• Website Analytics: Aggregated data retained for 26 months

7. Data Sharing and Transfers

We may share your personal data with:

• Service Providers: Third-party companies that help us operate our business (payment processors, shipping companies, hosting providers)
• Legal Authorities: When required by law or to protect our legal rights

We do not sell your personal data to third parties. When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data under certain conditions
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise your rights, please contact us using the contact details in section 14. We will respond to your request without undue delay and in any event within one month of receipt. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure server infrastructure
• Access controls and authentication procedures
• Regular security assessments and updates
• Employee training on data protection

10. Cookies

We use cookies and similar technologies on our website. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

11. Children's Privacy

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a new effective date.

13. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the supervisory authority in your country of residence or with the Finnish supervisory authority:

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: