Skip to Content

Geardom Oy – Privacy Policy

11. Changes to this policy10. Information security9. Cookies & similar technologies8. Data subjects’ rights7. Retention periods6. International transfers5. Regular disclosures & processors4. Where we obtain data3. What personal data we process – and why2. Point of contact for data‑protection matters1. Controller

Last updated: 15 July 2025

1. Controller
Company name Geardom Oy
Business ID (Y‑tunnus) 3550312‑6
Email
 [email protected]

If you have any questions about how we handle personal data, please contact us using the details above.

2. Point of contact for data‑protection matters

Geardom’s privacy lead can be reached at [email protected] or by post at the controller’s address. Geardom has assessed that the nature and scale of its processing does not require the formal appointment of a Data Protection Officer under Article 37 GDPR, but a dedicated privacy lead is in place to answer requests and implement data‑protection controls.

3. What personal data we process – and why

Category Typical fields Purpose Legal basis (GDPR art.)
Customer identification & contact data name, postal address, e‑mail, telephone order fulfilment, customer service, returns Contract (6 § 1 b); Legal obligation (6 § 1 c)
Authentication & account data login credentials, session tokens secure access to your account Legitimate interest (6 § 1 f)
Order & payment data products, delivery method, payment method, invoices, transaction IDs processing and delivering your order, bookkeeping, warranty & recall management Contract (6 § 1 b); Legal obligation (6 § 1 c)
Marketing preferences newsletter opt‑ins, product alerts, cookie consents sending direct marketing only when you have opted‑in Consent (6 § 1 a)
Usage & technical data IP address, device & browser, log files, page interactions, cookies site security, analytics, fraud prevention, UX improvements Legitimate interest (6 § 1 f)

We do not knowingly collect special categories of personal data (GDPR art. 9) such as health or biometric information.

4. Where we obtain data

  • Directly from you when you create an account, place an order, contact customer service or subscribe to marketing.
  • Automated collection through cookies and similar technologies when you browse our website.
  • Payment service providers (e.g. Paytrail/Stripe) confirm payment status.
  • Logistics partners provide tracking updates.

5. Regular disclosures & processors

We share the minimum necessary data with trusted partners who act as data processors under written agreements that meet GDPR art. 28 requirements:

  • E‑commerce platform & hosting: Odoo S.A. (EU data centre)
  • Payment processing: Paytrail Oyj (FI) / Stripe Payments Europe Ltd (IE)
  • Logistics: Posti Oy, DHL Express (Finland) Oy, Matkahuolto Oy
  • Email & marketing automation: Mailchimp (Intuit Inc., EU region)
  • Analytics: Google Analytics with IP anonymisation enabled

Public authorities may receive data where required by law (e.g. customs, tax or product‑safety recalls).

6. International transfers

Geardom stores primary customer data in the EU/EEA. If a processor or sub‑processor is located outside the EEA, we ensure an adequate level of protection via:

  • an EU Commission adequacy decision; or
  • standard contractual clauses (SCCs) supplemented by transfer‑impact assessments.

7. Retention periods

Data set Retention rule
Accounting & invoicing records 6 years after the end of the financial year (Finnish Accounting Act)
Order history & warranty information 5 years after the last transaction or until all statutory warranty/recall periods have expired
Customer account data 5 years of inactivity, then anonymised
Marketing consent records until consent is withdrawn or 3 years after last interaction
Server and security logs 12 months, unless needed for incident investigation

Data scheduled for deletion is placed in a restricted queue and securely erased or anonymised once the retention period ends.

8. Data subjects’ rights

You have the right to:

  1. Access – obtain a copy of your personal data.
  2. Rectify – correct inaccurate or incomplete data.
  3. Erase – request deletion (“right to be forgotten”) when legal grounds allow.
  4. Restrict processing under conditions set in art. 18 GDPR.
  5. Object to processing based on legitimate interests or direct marketing.
  6. Data portability – receive data you provided in a structured, commonly used format.
  7. Withdraw consent at any time (marketing communications).
  8. Lodge a complaint with the Office of the Data Protection Ombudsman (Finland) if you believe your rights are infringed.

Requests can be sent to [email protected]. Identity verification is required before we act on a request.

9. Cookies & similar technologies

Geardom uses cookies to:

  • keep your shopping basket functional,
  • remember language and currency preferences,
  • perform aggregate analytics to improve our service,
  • show relevant products and limit repetitive ads.

You can manage non‑essential cookies via the cookie banner or your browser settings at any time. Essential cookies are required for the website to function.

10. Information security

Geardom employs industry‑standard safeguards, including:

  • TLS encryption for all web traffic (HTTPS)
  • encryption at rest for databases and backups
  • role‑based access controls and MFA for staff
  • continuous monitoring, patch management & logging
  • annual penetration testing and vulnerability scans

In the event of a personal‑data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users and the supervisory authority without undue delay.

11. Changes to this policy

We may update this Privacy Policy to reflect changes in legislation or our practices. Significant changes will be announced on our website or by e‑mail when appropriate. The revision date at the top indicates the latest update.

© 2025 Geardom Oy – All rights reserved