PRIVACY NOTICE

We value your trust and are committed to protecting your personal data. This privacy notice outlines how we handle your information to ensure transparent and secure experience while using our services.

Last updated: 23.2.2026

Data Controller

Hurtta Global Oy
Business ID: 3481827-3

Hurtta Global Oy is part of the Nordic Pet Care Group. This privacy notice covers the data processing activities of Hurtta Global Oy in connection with the Hurtta.com webshop.

Contact the Data Controller:

If you have any questions regarding our processing of personal data, you can contact us by sending an email to: gdpr@nordicpetcare.com 

Data Subjects

We process personal data of the following individuals:

  • Customers purchasing products from our webshop
  • Registered users who create an account on our website
  • Newsletter subscribers
  • Website visitors browsing our website

Processing Personal Data

To operate the webshop and provide services, it is essential to collect and process personal data of our customers and website visitors. All personal data processing respects the privacy of individuals. We ensure that your personal data is processed in accordance with General Data Protection Regulation (GDPR) and other applicable data protection legislation.

The specific purpose of use of each type of personal data depends on the relationship with you and us. In the table below you can read why and on which legal basis we process your personal data.

Purpose of Processing Personal data processed  Legal basis for processing
Registering for the website and managing user account •    Name
•    Email address		 Performance of contract
Processing and fulfilling orders, including
•    Sending and delivering orders 
•    Handling returns and exchanges
•    Communicating with customers regarding orders 
•    Identifying purchases of individual data subjects
 •    Name
•    Email address
•    Phone number
•    Postal address,
•    Individual customer identity number 
•    Order details
•    Notes made by employees in relation to orders
 Performance of contract
Processing payments, including 
•    Documenting payment transactions 
•    Managing purchase and return records for accounting
 •    Payment transaction details

• Performance of contract

• Legal obligation (accounting and bookkeeping laws)
Providing newsletters and marketing communications, including: 
•    Sending newsletters
•    Sending marketing communications
 •    Name 
•    Email address
 • Consent 
• Legitimate interest of company to maintain customer relationships and customer engagement
Ensuring website functionality and security, including 
•    Detecting and fixing technical errors
•    Preventing malicious behavior and denial-of-service attacks
•    Improving website usability and performance
 •    IP address
•    Device data
•    Browser data
 Legitimate interest of company in protecting the website and ensuring IT security
Analyzing website usage and improving user experience, including:
•    Understanding how visitors use the website 
•    Improving website usability and performance
•    Developing services and content based on visitor behavior
 •    IP address
•    Device data
•    Browser data
•    Browsing behavior (e.g., clicks, page views)
 •    Consent (where required for analytics cookies)
•    Legitimate (for basic performance monitoring) in improving our webshop and developing services

 

Not all the above-mentioned personal data is necessarily collected from every data subject. When the legal basis for processing is our legitimate interest, we ensure with appropriate evaluations and balance tests that meeting this legitimate interest will not infringe the data subjects’ rights.

Personal data is primarily collected directly from the data subject, for example when placing an order, creating an account, or subscribing to newsletters. In addition, certain data is collected automatically when visiting our website, such as IP address and browsing behavior through cookies and similar technologies. In some cases, we may also receive necessary information from third-party service providers, such as payment and delivery partners, in connection with fulfilling orders.

Data Retention

We store your personal data as established by the law or when it is no longer relevant and necessary to process such data for the above purposes, after which the personal data is deleted or anonymized. The retention period depends on the character of the data and the purpose for the processing.

For example, data related to purchases is retained to comply with accounting legislation. Data collected via cookies or for session logging is retained only for the duration necessary to fulfill the technical or analytical purpose.

Recipients of Personal Data

Personal data may be shared between relevant companies within the Nordic Pet Care Group for internal administrative and operational purposes.

We use several third parties for the storage and processing of data acting as data processors based on written data processing agreements. These include:

  • E-commerce and Hosting Providers: Providers of our webshop platform, cloud hosting services, and systems integration services.
  • Logistics Partners: Transport and logistics providers used to deliver your orders.
  • Marketing and Analytics Providers: Service providers used for email marketing, product reviews, and website analytics.
  • Payment Service Providers: We use various third-party payment gateways to process payments. These providers process data according to their own privacy policies.

For purchases made outside of Finland, we partner with Global-e, a cross-border e-commerce solution provider. In these instances, Global-e acts as the merchant of record. Consequently, Global-e processes your personal data and payment information as an independent data controller to fulfill the order and process the payment. We recommend reviewing Global-e’s Consumer Privacy Policy when placing an international order.

Transfers of Personal Data

Personal data is primarily processed within the EU/EEA. In some cases, personal data may be transferred outside the EU/EEA where necessary for technical purposes, such as when a service provider or system is located in a third country. In such situations, we ensure that appropriate safeguards are in place, including the use of the European Commission’s Standard Contractual Clauses or other legally approved transfer mechanisms.

Cookies

Hurtta.com uses cookies and similar technologies to ensure the proper functioning and security of our website, to enhance your user experience, and to analyze how the webshop is used.

Cookies are small text files stored on your device when you visit a website. Some cookies are necessary for the technical operation of the webshop, while others are used for analytics and marketing purposes.

We use the following categories of cookies on our website:

  • Necessary cookies, which are required for the basic functionality and security of the webshop
  • Preference cookies, which allow the website to remember your settings and choices
  • Statistics cookies, which help us understand how the website is used and improve its performance
  • Marketing cookies, which may be used to provide relevant marketing communications and measure campaign effectiveness

Please note that if you choose not to accept certain cookies, some features of the website may not function properly, and your user experience may be affected.

Data Security

We have taken the necessary technical and organizational measures to prevent your data from accidental or illegal deletion, disclosure, loss, impairment, or unauthorized access. We ensure that processing only takes place when all principles of data protection are fulfilled.

Such methods include the use of firewalls, encryption technologies, safe server rooms, proper access control systems, the controlled provision of user rights and supervision of their use, providing instructions for data processors, and the thorough selection of competent subcontractors who comply with industry standards for information security management.

Updates to your Data

Since our service depends on the fact that your personal data is correct and up to date, we ask you to inform us about relevant changes in your personal data. You can make use of the contact information provided above to inform us about any changes. If we notice that any data is incorrect, we will update the data and inform you about this.

Your rights

Under the GDPR, you have the following rights:

  • Right to be informed: You have the right to be informed of what data we process concerning you, where we collected it, what we use it for, how long we store it, and who receives it.
  • Right of access: Upon request, you can request a copy of the personal data that we process about you. The access might be limited with respect to the privacy of other persons, business secrets, or intellectual property rights.
  • Right to rectification: You have the right to have your personal data corrected. In that case, you must inform us of the correct information.
  • Right to erasure (right to be forgotten): In some cases, we have an obligation to delete your personal data. When you contact us with a request to have your personal data deleted, we examine whether processing your data is no longer necessary for the purpose for which we collected it or required by law.
  • Right to object: You have the right to object to the processing of your personal data. You can also object to using your personal data for marketing purposes. If your objection is justified, we will stop the processing or the transfer of your personal data.
  • Right to restriction: You have the right to request restriction of processing of your personal data in certain situations, such as when you contest the accuracy of the data.
  • Right to data portability: In some cases, you can make use of data portability if you want your data transferred to another data controller.

You can lodge a complaint with a supervisory Data Protection authority in your own country of residence if you believe that we have not complied with the GDPR in the processing of your personal data.

When you contact us with a request to change, delete, transfer, restrict or object to the processing of your personal data, we investigate if the preconditions are met. We will in any case inform you about your request as soon as possible and no later than 30 days from your request.

You can make use of your rights by contacting us at gdpr@nordicpetcare.com

Changes to This Privacy Notice

This Privacy Notice may be amended from time to time by posting an updated version to the website, after which the updated version shall apply. In the event there are substantial changes to the Privacy Notice, the Company may notify Data Subjects by other means, for example via email.