Privacy statement

Privacy statement

This is a report on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).


Topaz Oy

Kaukassalontie 70, 25630 Särkisalo

Y ID: 2903504-7


Contacts regarding data protection matters

In all questions related to the processing of personal data and in situations related to exercising their own rights, the data subject must contact the controller in writing by sending an email to customer service at the address

Personnel register name

Saari Taika Shop's customer register

The basis and purpose of processing personal data

The legal basis for processing personal data is:

- Consent given by the registered person to the processing of personal data

- Contractual relationship between the registered and the controller

- Implementation of the legal obligations of the controller

-The legitimate interest of the data controller, which is based on customer service, customer relationship management, order delivery, order processing and order archiving, complaint handling, product development, service improvement, statistical purposes and marketing, which can be direct marketing by e-mail or targeted advertising in electronic media.

- Public interest or exercise of public authority belonging to the controller The purposes of personal data processing include customer service, customer relationship management, matters related to order delivery, processing and order archiving, handling of complaints, product development, service improvement, statistics and marketing, which can be direct marketing by e-mail or targeted advertising in electronic media.

Regular data sources

The personal data to be processed is obtained from the registrant himself in accordance with the rules.

Information is collected using cookies in our online store, from registration or order information entered by the customer. Personal data also comes from e-mails sent by the customer and participation in sweepstakes, which are not used for marketing.

Personal data to be processed

The registrar only collects such personal data from the registrants that are relevant and necessary for the purposes described in this privacy statement.

The following information is processed about the registered:

Name, phone number, home address and email address. We never store the customer's payment information or other identifying information

Disclosure of personal data

Personal data will not be disclosed to outsiders, unless the law imposes an obligation to do so. Information can therefore exceptionally be disclosed to the authorities, for example, as required by law.

Transfers of personal data to third countries

Personal data is not transferred outside the EU and the European Economic Area.

Protection of personal data

The controller processes personal data in a way that aims to ensure the appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction or damage.

The data controller uses appropriate technical and organizational safeguards to ensure this goal, including the use of firewalls, encryption technologies and secure device spaces, appropriate access control, careful management of user IDs for information systems, and instructing personnel involved in the processing of personal data.

Based on the Employment Contracts Act (55/2001) and supplementary confidentiality agreements, all employees who process personal data have a duty of confidentiality regarding matters related to the processing of registered personal data


Personal data is not used for profiling or other automatic decision-making.

Registered rights

The right to access personal data

The registered person has the right to receive confirmation as to whether personal data concerning him/her is being processed, and if processed, the right to receive a copy of his/her personal data.

Right to correct data

The registered person has the right to request that inaccurate and incorrect personal data concerning him be corrected.

The registered person also has the right to have incomplete personal information completed by submitting the necessary additional information.

The right to delete data

The registrant has the right to request the deletion of personal data about him, if

  1. personal data is no longer needed for the purposes for which it was collected;
  2. the data subject withdraws the consent on which the processing of personal data was based, and there is no other legal basis for the processing; or
  3. personal data has been processed illegally. The right to restrict processing

The registrant has the right to restrict the processing of personal data concerning himself, if

  1. the data subject denies the accuracy of his personal data;
  2. the processing is illegal, and the data subject objects to the deletion of his personal data and instead demands the restriction of their use; or
  3. the controller no longer needs the personal data for the original purposes of the processing, but the data subject needs them to prepare, present or defend a legal claim.

Right to object

The registered person has the right to object to the processing of personal data concerning him at any time on grounds related to his personal special situation. The controller may no longer process the data subject's personal data, except if the controller can demonstrate that there is a significantly important and justified reason for the processing that overrides the interests, rights and freedoms of the data subject, or if it is necessary to prepare, present or defend a legal claim.

If personal data is processed for direct marketing, the data subject has the right at any time to object to the processing of personal data concerning him for such marketing, including profiling when it is related to such direct marketing.

Right to withdraw consent

The registered person has the right to withdraw his consent to the processing at any time without affecting the legality of the processing carried out on the basis of the consent before this.

The right to transfer data from one system to another

The registered person has the right to receive personal data concerning him and that he has provided himself in a structured, commonly used and machine-readable format and the right to transfer the data in question to another data controller.

The right to file a complaint with a supervisory authority

The national supervisory authority for personal data matters is the Office of the Data Protection Commissioner operating in connection with the Ministry of Justice. You have the right to submit your case to the supervisory authority if you consider that the processing of personal data concerning you violates the relevant legislation.

Change of privacy policy

The data controller is constantly developing its operations and may therefore have to change and update its data protection policies as necessary.Changes may also be based on changes in data protection legislation

If the changes contain new purposes for the processing of personal data or otherwise change significantly, the controller will notify them in advance and, if necessary, request consent.

Cookie policies

Updated: 1/18/2021

Our website uses cookies. By pressing the "I accept cookies" button, you accept the use of cookies. Cookies make using our site easy, fast and user-friendly.

A cookie is a small text file that the internet browser saves on the user's device. Cookies are placed on the user's terminal device only with the site called by the user. Only the server that sent the cookie can later read and use the cookie. Cookies or other technologies do not damage the user's terminal device or files, and cookies cannot be used to run programs or spread malware. The user cannot be identified using cookies alone.

Cookies are used to improve analytics, marketing, and communication. Cookies are divided into subgroups: functional cookies, product development and business reporting, advertising reporting and advertising targeting.

There are some third-party tools or plugins that are mandatory for the operation of the service. Such tools include, for example, embeddings of social media or video services on websites, or the sharing and liking functions of social media. Such third-party plugins may also collect information about users of online services, for example to recommend content or monitor the number of visitors.

If you wish, you can prevent your browser from using cookies, delete saved cookies or ask your browser to notify you of new cookies. You can find instructions for deleting cookies at: Preventing the use of cookies or deleting them may hinder some functions of our website.

You can read more about cookies and Finland's cookie requirements on the Finnish Communications Regulatory Authority's website https://www.kybertalvallissäömöllingen-veistinta

We reserve the right to update cookie policies, for example due to the development of services or mandatory legislation.