Squidralshak

Privacy Policy

Last Updated: January 2024

1. Introduction

This Privacy Policy explains how Squidralshak ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at https://squidralshak.world (the "Website") or use our services. We are committed to protecting your privacy and ensuring transparency in our data processing practices.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our Website, you consent to the data practices described in this policy.

2. Data Controller Information

Company Name: Squidralshak

Registered Address: Keilaranta 3, 02150 Espoo, Finland

Contact Email: partnership@squidralshak.world

Contact Phone: +358 10 429 5000

We are the data controller responsible for your personal information. If you have any questions about this Privacy Policy or our data practices, please contact us using the information above.

3. Information We Collect

3.1 Information You Provide Directly

When you interact with our Website, you may provide us with the following personal information:

  • Contact Information: Name, email address, phone number, and mailing address when you place an order or contact us
  • Order Information: Details about products you purchase, including order history and preferences
  • Communication Data: Messages, inquiries, and feedback you send to us through contact forms or email
  • Account Information: If you create an account, we collect username, password, and profile information
  • Payment Information: Payment card details and billing information processed securely through our payment processors

3.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information about your device and browsing behavior:

  • Technical Data: IP address, browser type and version, operating system, device type, and unique device identifiers
  • Usage Data: Pages visited, time spent on pages, links clicked, referring website, and navigation paths
  • Location Data: Approximate geographic location based on IP address
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see our Cookies Policy for details)

3.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Payment processors and fraud prevention services
  • Analytics providers and advertising networks
  • Social media platforms if you interact with our social media presence
  • Public databases and data enrichment services

4. How We Use Your Information

We process your personal information for the following purposes, based on the legal grounds specified:

4.1 Order Processing and Service Delivery (Contract Performance)

  • Processing and fulfilling your orders
  • Communicating with you about your orders and deliveries
  • Providing customer support and responding to inquiries
  • Managing returns, refunds, and exchanges

4.2 Business Operations (Legitimate Interest)

  • Improving our Website, products, and services
  • Conducting market research and analyzing customer trends
  • Detecting and preventing fraud, security threats, and illegal activities
  • Maintaining business records and accounting
  • Enforcing our terms and conditions

4.3 Marketing and Communications (Consent or Legitimate Interest)

  • Sending promotional emails about new products, special offers, and updates (with your consent)
  • Personalizing your experience on our Website
  • Displaying targeted advertisements based on your interests
  • Conducting surveys and requesting feedback

4.4 Legal Compliance (Legal Obligation)

  • Complying with applicable laws, regulations, and legal processes
  • Responding to requests from law enforcement and regulatory authorities
  • Protecting our legal rights and interests
  • Maintaining records required by law

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: You have given explicit consent for specific processing activities, such as marketing communications
  • Contract Performance: Processing is necessary to fulfill our contractual obligations to you
  • Legal Obligation: Processing is required to comply with legal requirements
  • Legitimate Interest: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms

6. Data Sharing and Disclosure

We may share your personal information with the following categories of recipients:

6.1 Service Providers

We engage third-party companies to perform services on our behalf, including:

  • Payment processors and financial institutions
  • Shipping and logistics companies
  • Cloud hosting and data storage providers
  • Email service providers and marketing platforms
  • Analytics and advertising services
  • Customer support and communication tools
  • IT security and fraud prevention services

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity. We will notify you of any such change and the choices you may have.

6.3 Legal Requirements

We may disclose your information when required by law or in response to:

  • Court orders, subpoenas, or legal processes
  • Requests from law enforcement or government authorities
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

6.4 With Your Consent

We may share your information with other parties when you have given explicit consent for such sharing.

7. International Data Transfers

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA) that may have different data protection laws. When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for transfers within corporate groups
  • Your explicit consent for specific transfers

We take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

  • Order and Transaction Data: 7 years for accounting and tax purposes
  • Customer Account Information: Until account deletion or 3 years of inactivity
  • Marketing Communications: Until you withdraw consent or 2 years of inactivity
  • Website Analytics Data: 26 months from collection
  • Customer Support Records: 3 years from last interaction
  • Legal Claims Data: Duration of applicable statute of limitations

After the retention period expires, we securely delete or anonymize your personal information. Anonymized data may be retained indefinitely for statistical and research purposes.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption: SSL/TLS encryption for data transmission and encryption at rest for sensitive data
  • Access Controls: Strict access controls and authentication mechanisms limiting data access to authorized personnel
  • Network Security: Firewalls, intrusion detection systems, and regular security monitoring
  • Secure Development: Security-by-design principles in our systems and applications
  • Employee Training: Regular security awareness training for all staff handling personal data
  • Vendor Management: Due diligence and contractual safeguards with third-party processors
  • Incident Response: Procedures for detecting, responding to, and reporting security breaches
  • Regular Audits: Periodic security assessments and vulnerability testing

While we strive to protect your personal information, no method of transmission or storage is completely secure. We cannot guarantee absolute security but continuously work to enhance our security measures.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal information:

10.1 Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of your data along with information about how it is processed.

10.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information we hold about you.

10.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

10.4 Right to Restriction of Processing

You can request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

10.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

10.6 Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds that override your interests.

10.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged infringement occurred.

Exercising Your Rights

To exercise any of these rights, please contact us at partnership@squidralshak.world or write to us at Keilaranta 3, 02150 Espoo, Finland. We will respond to your request within one month, though this may be extended by two additional months for complex requests. We may request verification of your identity before processing your request.

11. Children's Privacy

Our Website and services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. For detailed information about the cookies we use, how we use them, and your choices regarding cookies, please refer to our Cookies Policy.

13. Third-Party Links

Our Website may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by our Website.

14. Marketing Communications

With your consent, we may send you marketing communications about our products, services, and promotions. You can opt out of marketing emails at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us at partnership@squidralshak.world
  • Updating your communication preferences in your account settings

Please note that even if you opt out of marketing communications, we will still send you transactional messages related to your orders and account.

15. Automated Decision-Making and Profiling

We may use automated decision-making and profiling to personalize your experience, prevent fraud, and improve our services. You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. If we engage in such processing, we will inform you and provide an opportunity to contest the decision or request human intervention.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our Website with a new "Last Updated" date
  • Sending an email notification to registered users
  • Displaying a prominent notice on our Website

We encourage you to review this Privacy Policy periodically. Your continued use of our Website after changes are posted constitutes your acceptance of the updated policy.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: partnership@squidralshak.world

Phone: +358 10 429 5000

Postal Address: Squidralshak, Keilaranta 3, 02150 Espoo, Finland

We will respond to your inquiry as promptly as possible, typically within 48 hours for general inquiries and within one month for formal data subject requests under GDPR.

18. Data Protection Officer

For matters specifically related to data protection and privacy, you may contact our Data Protection Officer at partnership@squidralshak.world. Our DPO is responsible for overseeing our data protection strategy and ensuring compliance with applicable data protection laws.