Privacy Policy

This Privacy Policy describes how Best Friend Group Oy, Business-ID 1073893-0 (“Best Friend Group” or “we”), use and process the personal data we collect about you when you visit our website www.hurtta.com (“Service”) and when you use the services we provide on our website, such as our online store. We collect several different types of information for various purposes to provide and improve our Service to you.

Legal basis for the processing of personal data

Our legal basis for collecting and using the personal data described below will depend on the personal data concerned and the specific context in which we collect it.

We will collect personal data from you only:  

  • where we need the personal data to perform a contract with you
  • where we have your consent to do so
  • where the processing is in our legitimate interests and not overridden by your rights which include, but is not limited to:
    • delivering and invoicing orders 
    • providing customer support
    • providing and improving our products and services
    • providing reporting and analytics
    • preventing risk and fraud
    • providing newsletters, marketing and promotional materials

TYPES OF DATA COLLECTED

Personal data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:

Website:

  • Usage Data
  • Tracking & Cookies

Online Store:

  • Email address
  • First name and last name
  • Phone number
  • Address, ZIP/Postal code, city, country
  • Personal identity number when law requires (e.g. when choosing Klarna invoice as payment method)
  • Bank account and payment card details

Usage data

We may also collect information on how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & cookies data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

Online Store

We collect your Personal Data from you in connection with the registration procedure by using an online registration form.  We use this Personal Data for example to operate our online store.

You cannot register yourself as a user of our online store without filling in the registration form completely, because all information is needed to provide the Service, for example to send the purchased goods. You are not obliged to register yourself as a user of our online store, but please note that you cannot order goods from the online store without registration.

USE OF DATA

Best Friend Group Oy uses the collected data for various purposes:

  • To provide, improve and maintain our Service
  • To deliver and invoice our products
  • To carry out customer relationship management
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer support and handle complaints
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To conduct market research
  • To detect, prevent and address technical issues
  • To improve the functionality and content and the user experience on our websites
  • To create a Facebook audience using hashed Personal Data
  • To comply with our legal obligations
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

RETENTION OF DATA

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

TRANSFER OF DATA

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. We typically store our data in the EU or the EEA. If any data is transferred outside the EU or EEA, we will ensure that the country to which the data is transferred is approved as having a sufficient level of privacy protection by the European Commission, or by using standard contractual model clauses approved by the European Commission.

DISCLOSURE OF DATA

Your Personal Data may be disclosed to or processed by the companies belonging to the same group of companies with us, to be used for the purposes described above (see “USE OF DATA”). We will not sell or lease out your Personal Data to third parties for their independent purposes. Personal Data is disclosed to third-parties only in the following situations:

Disclosure for Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

Best Friend Group may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of Best Friend Group
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

Business Operations

In the case of mergers, acquisitions, or other kinds of re-arrangements of our business operations, Personal Data may be transferred to buyers and their advisors.

SECURITY OF DATA

The security of your data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. We use technical and organizational measures to protect Personal Data against unauthorized access, transfer, deletion or other handling that may compromise information security. Such methods include the use of firewalls, encryption technologies and safe server rooms, proper access control systems, the controlled provision of user rights and supervision of their use, providing instructions for data processors, and the thorough selection of competent subcontractors, who comply with industry standards for information security management.

YOUR RIGHTS

Best Friend Group aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

You can update your Personal Data directly within your account settings section. If you wish to be informed what Personal Data we hold about you or if you want it to be removed from our systems, please contact us [LINK].

You have the right to:

  • Right of access – you have the right to obtain information on the processing of your personal data, have access to your personal data and verify the personal data we are processing about you.
  • Right of rectification – you have the right to require correction and supplementation of inaccurate and incorrect personal data.
  • Right to be forgotten – you have the right to require the removal of your personal data.
  • Right to restriction of processing – you have the right to require the processing of your personal data to be restricted.
  • Right of portability – you have the right to obtain your personal data in a formatted form and transfer this data to another registrar, provided that you have personally provided such personal data to us.
  • Right to object – you have the right to object to the processing of your personal data on the basis of your personal circumstances, if your personal data is processed based on our legitimate advantage. You also have the right to object to the processing of your personal data for direct marketing purposes.
  • Right to withdraw your consent - you have the right to withdraw your consent and object to the processing of your personal data if the processing of your personal data is based on your consent.
  • Right to file a complaint – you have the right to file a complaint to the appropriate supervisory authority if you consider that we have not processed your personal data in accordance with applicable data protection legislation. See the contact details below.

You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it. Please note that we may ask you to verify your identity before responding to such requests.

SERVICE PROVIDERS

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Service Providers with automatic access to your Personal Data

The following Service Providers will automatically have access to your Personal Data, when you use our Service:

Shopify

Shopify is our ecommerce platform used to provide the service for Hurtta.com. Their privacy policy can be viewed at: https://www.shopify.com/legal/privacy.

iSenseLabs’ GDPR/CCPA + Cookie Management application

We use iSenseLabs’ GDPR/CCPA + Cookie Management application to process customer data and cookie preferences on Shopify. Customer data collected through the app will be automatically deleted after 12 months. The service uses Google Analytics to improve the functionality and the experience for you. You may opt-out of Google Analytics by using the Opt-out Browser add-on. The full privacy policy can be viewed at https://gdpr.apps.isenselabs.com/pages/privacy_policy

The application used for assuring the GDPR/CCPA compliance of this site, collects your IP address and the email address in order to process the data.  

Searchanise

We use Searchanise’s smart tools to optimize the website search experience. Their privacy policy can be viewed at: https://start.searchanise.com/privacy-policy/

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

Google Ads

Google Ads remarketing service is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

HotJar

Hotjar allows to make the behaviour of web and mobile site visitors visible. To opt out of Hotjar please go to the following link: https://www.hotjar.com/opt-out. Hotjar also honours the Do Not Track header. This means that if you have the Do Not Track header installed, Hotjar will not track you.

Service Providers who do not have automatic access to your Personal Data

The following Service Providers will have access to your Personal Data, if you so choose to:

Judge.me

We use Judge.me for reviews on our website. Your Personal Data is not disclosed to Judge.me by us, but you may choose to give your information to Judge.me directly by filling in the Judge.me registration form. Judge.me Ltd operates the https://judge.me/ website and their privacy policy can be viewed at https://judge.me/privacy. Please note that if you fill in the registration form in order to submit a review, that review may automatically be published on Judge.me Service including any Personal data contained in that review. If you are located outside United States and choose to provide information to Judge.me, please note that they transfer the data, including Personal Data, to United States and process it there.

Customer Fields

We use Helium Development LLC’s Customer Fields application for customers to be able to edit their customer account information on our website. Your Personal Data is not disclosed to Customer Fields by us, but you may choose to give your information to Customer Fields directly by filling in the registration form. The full privacy policy can be viewed at https://heliumdev.com/privacy/. Please note that if you fill in the registration form in order to create a customer account, the Personal Data may automatically be published on Customer Fields Service. If you are located outside United States and choose to provide information to Customer Fields, please note that they transfer the data, including Personal Data, to United States and process it there.

Globo -Form Builder

We use Form Builder by Globo for contact forms on our website. Your Personal Data is not disclosed to Form Builder by us, but you may choose to give your information to Form Builder directly by filling in the contact form. The full privacy policy can be viewed at https://globosoftware.net/privacy-policy/.

Facebook

Facebook remarketing service is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950

To opt-out from Facebook's interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/ or opt-out using your mobile device settings.

For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation

We also provide hashed personal data (primarily email and telephone numbers) as part of our use of Facebook Audiences Network, the terms of which are at: https://www.facebook.com/ads/manage/audience_network/publisher_tos

Facebook Pixel

The Facebook Pixel is an analytics tool offered by Facebook Products that measures the effectiveness of advertising by understanding the actions people take on a website.

You can manage the activity tracked by Facebook pixel in your settings: https://www.facebook.com/off_facebook_activity. This includes viewing and clearing existing activity, as well as opting out of tracking future activity from businesses and organisations which you visit outside of Facebook, including activity on Judge.me and partner websites.

For more information on the privacy practices of Facebook, please visit their policy web page: https://www.facebook.com/policy.

Instagram

Instagram is a picture sharing software offered by Facebook Products. Information collected through Instagram includes information about how you use the product (the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency and duration of your activities). Please refer to Instagram’s privacy policy for more information: https://www.facebook.com/help/instagram/519522125107875

Covet Pics

We use Covet Pics for our social media gallery on our Service. Their privacy policy can be viewed at: https://spacesquirrel.co/privacy-policy

Shopsync

We use Shopsync to connect Mailchimp and Shopify. Their privacy policy can be viewed at: https://shopsync.io/privacy-policy

Mailchimp

Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States. Their privacy policy can be viewed at: https://mailchimp.com/legal/privacy/

Other Service Providers

Payments

We use third-party services for payment processing (e.g. payment processors) on our ecommerce platform. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policies. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Logistics

We use the following logistics partners

MISCELLANEOUS

Changes to this Privacy Policy

We are continuously developing our websites and therefore reserve the right to change this Privacy Policy. Changes may also be based on changes in legislation. We recommend that you read our Privacy Policy on regular basis to keep track of changes.

Contact

If you have any queries or questions in relation to this Privacy Policy, please do not hesitate to contact us at:

Best Friend Group Oy

PL 1769 (Kellonkierto 3)

70461 Kuopio, Finland

Tel. +358 40 757 6237

E-mail. janne.iivanainen@nordicpetcare.com

 

Supervisory authority:

Office of the Data Protection Ombudsman

Street address: Lintulahdenkuja 4, 00530 Helsinki

Postal address: PL 800, 00531 Helsinki, Finland

Switchboard: +358 29 566 6700

Registry: +358 29 566 6768

E-mail (registry): tietosuoja@om.fi