Privacy Policy

This Privacy Policy explains how Sisumo Oy collects, uses, and protects your personal information when you engage with our services, including purchasing products or contacting us through related platforms.

1. Information We Collect

To process your order or respond to inquiries, we may collect the following types of personal information:

• Name and contact details (e.g. email address, postal address)
• Payment and billing information (processed via the Shop platform)
• Order details and purchase history
• Optional information you voluntarily provide (e.g. custom requests or file uploads)

2. Legal Basis for Processing

Sisumo Oy processes your personal data in accordance with the General Data Protection Regulation (EU 2016/679), based on:

• Contractual necessity – to fulfill your order and provide customer support
• Consent – for optional marketing communications or custom processing
• Legal obligations – for tax, accounting, and record-keeping compliance
• Legitimate interests – for business operation, fraud prevention, and improving service quality

3. Data Sharing and Disclosure

We share personal data only when necessary and for specific purposes:

• With Shop platform providers (e.g., payment processors) under their Terms of Use and privacy policy
• With third-party service providers (e.g., email, hosting, delivery), bound by confidentiality obligations
• Where required by law, court order, or government request

4. Data Retention

We retain personal data only for as long as necessary to:

• Provide the service or fulfill the transaction
• Comply with applicable legal obligations

By default, data is stored securely for up to four (4) years unless otherwise required by law.

5. International Data Transfers

If data is transferred or processed outside the EU/EEA (e.g., via cloud services or external providers), we ensure:

• Use of Standard Contractual Clauses (SCCs) or
• Other legally recognized mechanisms approved by the European Commission

We do not rely on the invalidated EU–U.S. Privacy Shield framework.

6. Your Rights (EU/EEA Residents)

You have the following rights under GDPR:

• Right to access – to know what data we hold about you
• Right to rectification or deletion – correct or request erasure of your data
• Right to restriction or objection – to limit or challenge certain processing
• Right to lodge a complaint – with your local data protection authority (e.g., Tietosuojavaltuutetun toimisto in Finland)

To exercise your rights, contact us at:

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, loss, or alteration.

8. Contact – Data Controller

For the purposes of EU data protection law (GDPR), Sisumo Oy is the data controller:

Sisumo Oy
Business ID: 3540501-6
Address: Norkkokuja 1 C 11, 01360 Vantaa, Finland
Email:

9. Updates to This Policy

This Privacy Policy may be updated periodically to reflect legal or operational changes. Updated versions will be posted on our website with a revised date.