Privacy Policy

Five Letter Foods Oy (hereinafter “us“, “our“ and similar expressions) offers an online service for ordering dog foods and related services (“Platform”). When a user of our service (hereinafter “you”, “your”, “yourself” and similar expressions) uses and/or registers for our service, we collect, use, share and store information on the user (“your information”) in the manner described in this policy. Below, we wish to inform you on how your information, and in particular any personally-identifiable information we may hold about you, is collected, used, stored, disclosed and removed (each and all referred to as “processing”).
The Information We Process
For purposes of this Privacy Policy, “Personal Data” means personally identifiable information that specifically identifies you as an individual.

Situations where you make, or may make, Personal Data available to us include without limitation:
The Personal Data we collect and process may include without limitation:
Legal Bases of Processing
For the activities described in this notice, we rely on the following legal bases for processing Personal Data:
In individual cases, and where legally required, we may also rely on your separate consent. You may later revoke your consent at any time.

If you need details about the grounds we are relying on with respect to specific data or circumstances, please contact us as set out below.
How We Use Your Information
We may use and process your information to:
How We Share Your Information
Your Personal Data may be disclosed only for the purposes specified in this Privacy Policy.
We may disclose your information to:
We store your personal data in secure locations and servers mostly within the European Economic Area. Your personal data may be transferred to countries outside the European Union or the European Economic Area only where the European Commission has held that the country in question ensures an adequate level of protection for personal data, or where we have taken appropriate safeguards to require that your personal data remains protected in accordance with this policy, such as by implementing the Standard Contractual Clauses adopted by the European Commission for international transfers of personal data. You may contact us for more information on the safeguards in place. In individual cases, international transfers of personal data may also take place based on your separate and explicit consent or on the performance of a contract between you and us or on the implementation of pre-contractual measures taken at your request or other derogation based on an exemption or exception under the applicable law.
How We Secure and Store Your Information
To protect your personal data, we use appropriate technical and organisational measures designed to provide a level of security appropriate to the risk of processing. Those measures include, inter alia, as appropriate, the encryption of personal data, procedures which ensure the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident and procedures by which the effectiveness of technical and organisational measures are regularly tested, assessed and evaluated to ensure the security of the processing. In assessing the appropriate level of security, we take account in particular of risks that are presented by processing, in particular from accidental or unlawful destruction, loss alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

We also strive to ensure that any natural person acting under our authority who has access to personal data does not process them except on instructions from us. We will see to that only such employees and employees of a service provider providing us services have access to personal data who, due to the nature of their work tasks, need that access. 
Data Retention
We keep your personal data only as long as we have a legitimate commercial reason to retain it for a purpose described above.

To determine the appropriate retention period, we consider and evaluate the scope, nature and sensitivity of the personal data we process, the potential risk of harm or damage from unauthorised use or disclosure, the purposes for which we process the data and the relevant legal requirements. We will also regularly assess the data we keep, and where we deem retention unnecessary, we will either erase or anonymise the data or, if this is not possible – for example, in case of information stored in backup archives – we will store the data securely and block any further processing until deletion is possible. 

We will usually retain personal data related to a customer relationship only for the duration of the relationship and for a reasonable period thereafter in order for us to be able to respond to customer inquiries, solve pending issues related to the customer relationship or prepare ourselves to potential legal issues related to the customer relationship. This retention period is usually three (3) years from the termination of the customer relationship, unless, during that period, a reason to continue the retention of certain information appears as a result of, e.g., a need to solve an open claim.

We retain some data for a longer period than described above where we deem the retention necessary for compliance with applicable laws and regulations or to secure our legal rights or those of our customers or our partners. Certain information related to retention obligations, e.g., in the fields of accounting and taxation must usually be retained for six (6) years from the end of the relevant accounting period. If you need detailed information on the retention periods in particular circumstances and/or in connection with particular personal data, please contact us as set out herein.
Your Rights as a Data Subject
Unless otherwise explained in this section, you may invoke the following rights by contacting us as set out above.

Rights of access, rectification and erasure: You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed by us, and where that is the case, access to that personal data. You may need to prove your identity in order to use this right. Your right of access may, however, be restricted on the basis of legislation, the privacy interests of other persons and/or the protection of trade secrets. Considering the purposes of the processing, we will also rectify, complete or erase inaccurate, incomplete or outdated personal data upon your request.

Data portability: If you wish, you may obtain the personal data which you have provided to us and which is being processed automatically on the basis of consent or contract, in a structured, commonly used, and machine-readable format.

Right to prohibit direct marketing: You may prohibit the processing of your personal data for direct marketing purposes by clicking the link at the end of a marketing message or by contacting us as set out above.

Right to object and right to restrict: You may object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on legitimate interest. In such a situation, the processing may be restricted for the period during which we evaluate the basis you have presented for the request to restrict the processing. The processing may also be restricted, inter alia, when you deny the accuracy of your personal data. In those situations, the processing will be restricted for a time during which we can ensure the accuracy of the personal data.

Withdrawal of consent: You may withdraw your consent for the processing of personal data at any time by contacting our customer service or in some cases by another manner offered to you. Please note that only a part of our processing of personal data is based on your consent.

Right to lodge a complaint: If you consider our processing of your personal data to be inconsistent with this Privacy Policy or with applicable data protection laws, you may lodge a complaint with the competent supervisory authority (
Changes to This Policy
We may update this notice from time to time in response to changing legal, technical or business developments. When we update this notice, we will strive to inform you in a manner consistent with the significance of the changes we make.
Data Controller
Five Letter Foods Oy (Business-ID: 3301155-8)
c/o Tiliporras Keski-Suomi Oy