Privacy Policy

Five Letter Foods Oy (hereinafter “us“, “our“ and similar expressions) offers an online service for ordering dog foods and related services (“Platform”). When a user of our service (hereinafter “you”, “your”, “yourself” and similar expressions) uses and/or registers for our service, we collect, use, share and store information on the user (“your information”) in the manner described in this policy. Below, we wish to inform you on how your information, and in particular any personally-identifiable information we may hold about you, is collected, used, stored, disclosed and removed (each and all referred to as “processing”).

The Information We Process

For purposes of this Privacy Policy, “Personal Data” means personally identifiable information that specifically identifies you as an individual.

Situations where you make, or may make, Personal Data available to us include without limitation:

using and registering for the Platform, including registering for our waiting list; or
sending us email messages or through other means of communications directed at us.

The Personal Data we collect and process may include without limitation:

Your name, email address and other contact details as well as other personal details we may ask and you may provide us in the context of the Platform for purposes of identification, directing communications and use of the Platform;
Details on your communications with us, including without limitation any messages, notifications, requests and similar sent to us by email, by using the Platform features or otherwise;
Your account details and Platform activity information, including without limitation your account settings as well as the information and content you provide us in connection with any Advertisement(s) you post on the Platform, or any other information related to your account; and/or
Credit or debit card information and/or other payment information to be processed by our payment service provider partner(s).

Legal Bases of Processing

For the activities described in this notice, we rely on the following legal bases for processing Personal Data:

Performance of a contract between you and us, in particular providing you the Platform service described in the Terms;
Fulfilment of your requests prior to entering into a contract, for example, requests for information;
Compliance with our legal obligations, such as data retention obligations related to accounting and taxation;
Our legitimate interests to conduct and develop our business, where your interests and fundamental rights do not override those interests: This is the legal basis we mainly rely on for activities not covered by the above-mentioned legal bases, such as for managing our customer relationships as well as developing and marketing our services.

In individual cases, and where legally required, we may also rely on your separate consent. You may later revoke your consent at any time.

If you need details about the grounds we are relying on with respect to specific data or circumstances, please contact us as set out below.

How We Use Your Information

We may use and process your information to:

Provide our services to you
Manage your account and your Platform activities
Invoice you for Platform-related services, and for debt recovery purposes
Respond to any issues or inquiries you may have regarding the Platform or our services and provide you with information relevant to your use of the Platform, such as updates on scheduled downtime, new features or issues related to your use of the Platform
Contact you with offers, promotions and other direct marketing – you may always, however, opt out of such communications
Protect and maintain our network and the Platform, and to prevent, identify and repair any technical problems or security issues
Prevent, detect and investigate fraud, criminal activity or other misuse of the Platform
Perform research and statistical analysis on the Platform, including observing how our customers use the Platform
Better allocate our resources and enhance and improve the services provided to you and to other users of the Platform

How We Share Your Information

Your Personal Data may be disclosed only for the purposes specified in this Privacy Policy.

We may disclose your information to:

Partners or agents who assist in or carry out the processing of the transactions you make.
Companies who are involved in performing services for or on behalf of us in connection with our Platform service. For hosting our website, we use Zoner (https://www.zoner.fi/meista/tietosuojaseloste/) and Webflow (https://webflow.com/legal/privacy).
Service providers who help us in reaching our customers by direct marketing, email posting and address management and retargeting, such as Mailchimp (https://mailchimp.com/legal/).
To buyers or potential buyers (and their agents and advisers) in connection with any (possible) purchase, merger or acquisition of any part of our business, provided that the information is used only to the extent deemed necessary for such purposes.
To competent courts and other authorities according to applicable laws as well as to third parties where we deem that disclosing your personal data is necessary to protect your vital interests or those of any other person, or for compliance with laws or regulations, or to protect, defend or secure our legal rights, including when we enforce or apply agreements between you and us, or to counter the potential misuse of our services, or to secure the rights, assets or security of us, our users or third parties. This includes exchanging information with other organisations for the purposes of preventing fraud and any other criminal activity.
To any other person – but only with your separate consent unless otherwise provided by applicable laws.
We may also transfer your information to other third parties, if we need to counter or prevent any malicious or fraudulent actions, or to invoke any available legal remedies or to limit potential damage incurred to us, or if we sell, merge, de-merge or otherwise restructure our business operations and a new party becomes the owner of the information.
We may also share your information with carefully selected partner organizations, so they can let you know about their products and services – provided, however, that we have obtained your consent where necessary.

We store your personal data in secure locations and servers mostly within the European Economic Area. Your personal data may be transferred to countries outside the European Union or the European Economic Area only where the European Commission has held that the country in question ensures an adequate level of protection for personal data, or where we have taken appropriate safeguards to require that your personal data remains protected in accordance with this policy, such as by implementing the Standard Contractual Clauses adopted by the European Commission for international transfers of personal data. You may contact us for more information on the safeguards in place. In individual cases, international transfers of personal data may also take place based on your separate and explicit consent or on the performance of a contract between you and us or on the implementation of pre-contractual measures taken at your request or other derogation based on an exemption or exception under the applicable law.

How We Secure and Store Your Information

To protect your personal data, we use appropriate technical and organisational measures designed to provide a level of security appropriate to the risk of processing. Those measures include, inter alia, as appropriate, the encryption of personal data, procedures which ensure the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident and procedures by which the effectiveness of technical and organisational measures are regularly tested, assessed and evaluated to ensure the security of the processing. In assessing the appropriate level of security, we take account in particular of risks that are presented by processing, in particular from accidental or unlawful destruction, loss alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

We also strive to ensure that any natural person acting under our authority who has access to personal data does not process them except on instructions from us. We will see to that only such employees and employees of a service provider providing us services have access to personal data who, due to the nature of their work tasks, need that access.

Data Retention

We keep your personal data only as long as we have a legitimate commercial reason to retain it for a purpose described above.

To determine the appropriate retention period, we consider and evaluate the scope, nature and sensitivity of the personal data we process, the potential risk of harm or damage from unauthorised use or disclosure, the purposes for which we process the data and the relevant legal requirements. We will also regularly assess the data we keep, and where we deem retention unnecessary, we will either erase or anonymise the data or, if this is not possible – for example, in case of information stored in backup archives – we will store the data securely and block any further processing until deletion is possible.

We will usually retain personal data related to a customer relationship only for the duration of the relationship and for a reasonable period thereafter in order for us to be able to respond to customer inquiries, solve pending issues related to the customer relationship or prepare ourselves to potential legal issues related to the customer relationship. This retention period is usually three (3) years from the termination of the customer relationship, unless, during that period, a reason to continue the retention of certain information appears as a result of, e.g., a need to solve an open claim.

We retain some data for a longer period than described above where we deem the retention necessary for compliance with applicable laws and regulations or to secure our legal rights or those of our customers or our partners. Certain information related to retention obligations, e.g., in the fields of accounting and taxation must usually be retained for six (6) years from the end of the relevant accounting period. If you need detailed information on the retention periods in particular circumstances and/or in connection with particular personal data, please contact us as set out herein.

Your Rights as a Data Subject

Unless otherwise explained in this section, you may invoke the following rights by contacting us as set out above.
‍
Rights of access, rectification and erasure: You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed by us, and where that is the case, access to that personal data. You may need to prove your identity in order to use this right. Your right of access may, however, be restricted on the basis of legislation, the privacy interests of other persons and/or the protection of trade secrets. Considering the purposes of the processing, we will also rectify, complete or erase inaccurate, incomplete or outdated personal data upon your request.
‍
Data portability: If you wish, you may obtain the personal data which you have provided to us and which is being processed automatically on the basis of consent or contract, in a structured, commonly used, and machine-readable format.
‍
Right to prohibit direct marketing: You may prohibit the processing of your personal data for direct marketing purposes by clicking the link at the end of a marketing message or by contacting us as set out above.
‍
Right to object and right to restrict: You may object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on legitimate interest. In such a situation, the processing may be restricted for the period during which we evaluate the basis you have presented for the request to restrict the processing. The processing may also be restricted, inter alia, when you deny the accuracy of your personal data. In those situations, the processing will be restricted for a time during which we can ensure the accuracy of the personal data.
‍
Withdrawal of consent: You may withdraw your consent for the processing of personal data at any time by contacting our customer service or in some cases by another manner offered to you. Please note that only a part of our processing of personal data is based on your consent.
‍
Right to lodge a complaint: If you consider our processing of your personal data to be inconsistent with this Privacy Policy or with applicable data protection laws, you may lodge a complaint with the competent supervisory authority (http://www.tietosuoja.fi).

Changes to This Policy

We may update this notice from time to time in response to changing legal, technical or business developments. When we update this notice, we will strive to inform you in a manner consistent with the significance of the changes we make.

Data Controller

Five Letter Foods Oy (Business-ID: 3301155-8)
c/o Tiliporras Keski-Suomi Oy