Privacy Policy

Personal Data Act (523/99) §10 – Drafted: March 1, 2020

1. Data Controller and Contact Information

MexLink Oy (Business ID: 3098646-4)
Pirkkalaistie 1, 37100 Nokia, Finland
Email: pasi.julkunen@mexlink.fi

2. What Information We Collect

The customer registry stores the following information:

• First and last name
• Street address, postal code, city, country
• Email address and phone number
• Language and currency used during transactions

For business customers, the following is also stored:

• Company name
• Business ID (Y-tunnus)
• VAT number

Additionally, order information provided during purchases is stored, including:

• Product contents of the order
• Payment method and delivery method
• Data collected via cookies

The main source of information is the data provided by the customer and any restrictions related to offerings.

3. Purpose of Processing Personal Data

We use personal data for:

• Managing the customer relationship
• Processing and delivering orders, and archiving
• Statistical purposes
• Marketing purposes

The legal basis for processing personal data is contract, consent, or legitimate interest. Processing also complies with the EU General Data Protection Regulation (GDPR) effective from May 25, 2018.

4. Data Retention

We retain personal data as long as it is necessary for the purposes of the registry. Some data may be stored longer if required by law, e.g., for accounting obligations or consumer trade responsibilities.

5. Disclosure of Information to Third Parties

Personal data may be shared with partners handling logistics and payment services to facilitate the operation of our online store.

• No data is transferred outside the EU or EEA.
• Data is stored in a secure system protected by multiple layers of security software.
• Access requires a username and password, and only authorized, pre-defined employees of MexLink Oy may access it.
• Data is stored in locked and monitored facilities.

6. Customer Rights

Customers have the following rights:

• Right of access – to check personal data stored about them
• Right to correction – to correct inaccurate, unnecessary, incomplete, or outdated data
• Right to withdraw consent – to revoke previously given consent
• Right to deletion – to request erasure of personal data

Customers may also prohibit the controller from using their data for direct marketing, distance selling, market research, opinion polls, personal registries, or genealogical research.

• Requests must be made in writing and addressed to the person responsible for registry matters.
• Customers have the right to inspect their stored data and receive copies.
• Requests for corrections must be directed to the person responsible for registry matters.