Tietosuojakäytäntö

PRIVACY POLICY

Updated April 17th 2025

Welcome to Carholics!

Carholics is owned and operated by MaComp Oy.

Carholics values your privacy and the protection of your personal data. This privacy policy describes what information we collect from you, how we collect it, how we use it, how we obtain your consent, how long we keep it in our databases and, if necessary, with whom we share it.

By visiting the website and purchasing the products, you are accepting the practices described in this privacy policy. Your use of the website and purchase of the products are also subject to our terms and conditions. In this privacy policy, the words "website" refers to the Carholics website, "we", "us", "our", and "Carholics" refers to MaComp Oy and "user", “customer”, "you", and “your" refers to you, the user and customer of Carholics.

This privacy policy may change from time to time. Your continued use of the website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

This privacy policy has been developed and is maintained in accordance with all applicable national and international privacy and data protection laws and regulations and specifically, the General Data Protection Regulation (GDPR - European regulations).


1. GENERAL INFORMATION

The personal data of the users that are collected and processed through the website:

  • https://carholics.eu

Will be under responsibility and in charge of:

  • MaComp Oy - Carholics.
  • Email: helpmebro@carholics.eu


2. HOW WE OBTAIN YOUR CONSENT

By using the Carholics website, users give their explicit consent to the collection, use, and processing of their personal data in accordance with this Privacy Policy and in accordance with Article 6(1)(a) of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”), which establishes that processing shall be lawful when the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

This consent is considered to be freely given, specific, informed, and unambiguous when you perform any of the following activities on the Carholics website:

  • When you visit and browse the website, accepting the use of cookies and similar technologies that collect technical, usage, and browsing data.
  • When you register as a user, voluntarily providing your personal data such as your name, email address, and other relevant information.
  • When you place an order, entering the information necessary for billing, delivery, and management of the purchase.
  • When you request a refund or return, providing data related to the transaction and reasons for the request.
  • When you subscribe to our newsletter, consenting to receive commercial and promotional communications.
  • When you communicate with us through the contact form or through our contact details available on the website, authorizing the processing of the information included in such communication.

The consent given may be withdrawn at any time without affecting the lawfulness of the processing based on the consent prior to its withdrawal. To exercise this right, the user may contact Carholics through the means indicated in this policy..


3. TYPES OF INFORMATION GATHERED

Carholics collects various types of personal data provided directly or indirectly by users when they interact with the website or use its features, in accordance with the principles of data minimization and legitimacy of processing established by the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”). The legal basis for the collection of this data is found in Article 6(1)(a) of the GDPR, when the processing is based on the consent of the data subject; in Article 6(1)(b), when the processing is necessary for the performance of an agreement; and in Article 6(1)(f), when there is a legitimate interest of Carholics that does not override the fundamental rights and freedoms of the user.

The types of data that may be collected include:

3.1. Personal data: name, surname, email address, postal address, telephone number, and other information that the user voluntarily provides when registering, placing an order, subscribing to the newsletter, or communicating through our forms.

3.2. Registration and user account data: login information, such as username and encrypted password, as well as account preferences set by the user.

3.3. Payment data: payment details, such as credit or debit card information, billing address, and transaction receipts, collected solely for the purpose of processing orders and managing refunds or returns. This information may be managed directly by payment service providers acting as data processors.

3.4. Usage data: information related to how the user uses the website, including purchase histories, pages visited, products viewed, duration of visit, features used, and frequency of access.

3.5. Data collected automatically by the website: IP address, browser type and version, operating system, browser language, device identifiers, approximate location based on IP address, and other technical metrics necessary to ensure the functionality, security, and performance of the site.

3.6. Analytical data: aggregated statistics on browsing behavior, clicks, interaction with site elements, and conversion rates, collected through cookies and similar technologies, with the user's consent, in order to improve the user experience and optimize the website.

3.7. Contact data: any information included by the user in communications sent via the contact form or email, including the content of the message, email address, name, and telephone number, if applicable.


4. RETENTION PERIOD

Carholics will retain the personal data collected only for as long as necessary to fulfill the purposes for which it was obtained, or for the periods required by applicable regulations. This retention policy is applied in compliance with the principle of storage limitation set out in Article 5(1)(e) of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”), which establishes that personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

In particular, personal data provided during the registration of an account will be retained for as long as the user keeps their account active and until the voluntary deletion of the account or the revocation of consent, unless there are legal or contractual obligations that require its retention for an additional period. Data associated with orders, transactions, payments, and refund requests will be retained for the time necessary to manage the contractual relationship and for an additional period of up to five (5) years, in accordance with legal obligations regarding accounting and tax matters, and based on Article 6(1)(c) of the GDPR, which establishes that processing is lawful when necessary for compliance with a legal obligation.

Automatically collected data and analytical data will be kept for a period not exceeding twenty-four (24) months from the date of collection, unless the user has expressly authorized a longer retention period, in which case the authorized period will apply, in accordance with Article 6(1)(a) of the GDPR, based on the consent of the data subject. Contact details received through the contact form or other means of communication will be kept only for the time necessary to respond to the user's query, request or communication and, where applicable, for a subsequent period in the event of a contractual relationship or claim arising, based on Carholics' legitimate interest in accordance with Article 6(1)(f) of the GDPR.

At the end of the applicable retention period, the data will be securely deleted or anonymized, unless its retention is necessary due to ongoing legal, administrative, or regulatory compliance procedures. Carholics will periodically review its systems to ensure that data that is no longer necessary is deleted in accordance with this policy.


5. PURPOSES OF DATA COLLECTION (LEGITIMATE PURPOSES)

Carholics collects and processes different types of personal data from users for specific, explicit, and legitimate purposes, in accordance with the provisions of Article 5(1)(b) of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”). The legitimate purposes of the processing are detailed below according to the type of information collected, together with the corresponding legal basis in accordance with Article 6 of the GDPR:

5.1. Personal data: This includes first name, last name, email address, postal address, and telephone number. This data is processed for the following purposes:

  • To identify and authenticate the user in their interactions with the platform.
  • To process and manage orders and deliveries.
  • Respond to requests for returns, refunds, or customer service.
  • Send notifications related to purchases, transactions, and service updates.

The legal basis is the consent of the data subject (Art. 6(1)(a) GDPR), the performance of an agreement (Art. 6(1)(b) GDPR), and compliance with legal obligations (Art. 6(1)(c) GDPR).

5.2. Registration and user account data: This includes information such as username, encrypted password, and account settings or preferences. This data is collected to:

  • Create and manage the user's account.
  • Allow secure access to the user's profile.
  • Store personalized preferences.

The legal basis is the performance of an agreement (Art. 6(1)(b) GDPR) and Carholics' legitimate interest in ensuring system security and account functionality (Art. 6(1)(f) GDPR).

5.3. Payment data: This includes credit or debit card information, billing address, transaction ID, and other financial data related to the purchase. This data is processed to:

  • Process payments and manage collections.
  • Issue invoices and receipts.
  • Respond to refund requests or payment disputes.

The legal basis is the execution of an agreement (Art. 6(1)(b) GDPR) and compliance with legal obligations in tax and accounting matters (Art. 6(1)(c) GDPR).

5.4. Usage data: This includes browsing history, products viewed, actions taken on the site, frequency of access, and other interactions with the content. It is collected to:

  • Analyze user behavior within the website.
  • Improve the browsing experience and recommend products.
  • Identify technical errors and ensure the proper functioning of the site.

The legal basis is Carholics' legitimate interest in optimizing the site and personalizing the user experience (Art. 6(1)(f) GDPR).

5.5. Data collected automatically by the website: This includes IP address, browser type and version, operating system, device identifiers, and time zone. This data is processed to:

  • Ensure the security of the site.
  • Perform technical diagnostics and resolve faults.
  • Protect against fraud, attacks, or unauthorized access.

The legal basis is the legitimate interest of the data controller in protecting its digital infrastructure (Art. 6(1)(f) GDPR).

5.6. Analytical data: This includes metrics derived from the use of the site obtained through analytical tools (such as click-through rate, session duration, conversions, etc.). This data is used to:

  • Conduct statistical studies on the use of the site.
  • Evaluate the performance of marketing campaigns.
  • Optimize the content and structure of the site.

The legal basis is the user's explicit consent through the acceptance of the use of cookies (Art. 6(1)(a) GDPR).

5.7. Contact Data: This includes information provided by the user when completing contact forms or communicating directly with Carholics, such as name, email address, telephone number, and message content. It is collected to:

  • Respond to queries or requests for information.
  • Provide technical or commercial support.
  • Keep a record of previous interactions.

The legal basis is the user's consent (Art. 6(1)(a) GDPR) and, in some cases, Carholics' legitimate interest in maintaining commercial or pre-contractual relationships (Art. 6(1)(f) GDPR).


6. HOW WE SHARE INFORMATION

The personal information of our customers and users is an important and fundamental part of our business. Under no circumstances will we sell or share information with third parties that has not been previously authorized by the user, customer or owner of the personal data. We share user and customer information only and exclusively as described below.

6.1. Third-Party Service Providers. We use third-party services to perform certain functions on our website. Some of these functions and services include: website hosting (Shopify), payment processing (Shopify Payments, Klarna, PayPal, Paytrail, Coinbase Commerce), email delivery (Shopify Mail), ad creation, and data analysis (Shopify Analytics, Google Analytics).

These third-party services and tools may have access to personal information needed to perform their functions, but may not use that information for other purposes. Information shared with these third-party services will be treated and stored in accordance with their respective privacy policies and our privacy policy.

6.2. Email Automations: Carholics uses Shopify's email automations to optimize the customer experience and ensure effective communication. These automations may be used for a variety of purposes, such as notifying you of the status of an order, sending you reminders about abandoned carts, and sharing promotional content or marketing emails. To provide these services, your email address may be shared with third-party platforms that specialize in email automation such as Shopify. These platforms are subject to strict data protection measures and will only use your information for the aforementioned purposes. By interacting with our website and conducting transactions, you agree to the use of your email address for these purposes. You can opt out of receiving promotional emails at any time by using the opt-out options available in the emails we send.

6.3. Newsletter and email communications: By placing an order and subscribing to our newsletter, you authorize Carholics to send you marketing communications and other relevant information via email. To facilitate this process, your name and email address may be shared with third party bulk email services. You are free to unsubscribe at any time by using the unsubscribe option available in the footer of every email we send you.

6.4. Analytics, tracking and tracing technologies and other similar technologies: Carholics uses analytics, tracking and monitoring technologies such as Google Analytics, Shopify Analytics and similar tools to understand how users interact with our website, improve our services and personalize the user experience. These technologies collect data about activity on our site, such as pages visited and interactions, helping us to optimize the performance and effectiveness of our advertising campaigns. The information collected is used to improve the functionality of our site and provide a more relevant experience. Users can manage their cookie and tracking preferences through their browser settings. By continuing to use our site, you agree to the use of these technologies as described in our privacy policy.

6.5. Business Transfers. In the event that Carholics creates, merges with, or is acquired by another entity, your information will most likely be transferred. Carholics will email you or place a prominent notice on our website before your information becomes subject to another privacy policy.

6.6. Protection of Carholics and others. We release personal information when we believe release is appropriate to comply with the law, enforce or apply our Terms and conditions and other agreements, or protect the rights, property, or safety of Carholics, our users or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

6.7. With Your Consent. Other than as set out above, you will receive notice when personally identifiable information about you might go to third parties, and you will have an opportunity to choose not to share the information.

6.8. Anonymous Information. Carholics uses the anonymous browsing information collected automatically by our servers primarily to help us administer and improve the website. We may also use aggregated anonymous information to provide information about the website to potential business partners and other unaffiliated entities. This information is not personally identifiable.


7. PROTECTING YOUR INFORMATION

We grant access to your personal information only to those outside persons or services that have a legitimate need to know it and in accordance with our privacy policy. We adhere to industry-recognized security standards to protect your personal information, both during transmission and in storage. However, it is important to note that no method of transmission over the Internet or electronic storage is foolproof and 100% secure. Therefore, while we at Carholics strive to implement commercially viable data protection methods, we cannot ensure absolute security of your personal information. We undertake not to sell, distribute or transfer your personal data to unauthorized third parties, unless we have your explicit consent or are required by law to do so.


8. DATA BREACH NOTIFICATIONS

In the case of personal data of the users being exposed to a security threat and therefore being accessed by unauthorized persons, Carholics agrees to inform the users affected promptly. This notification will be done using the means of contact that the user has provided while using our platform. To forestall the mishap, we will do everything possible to ensure that your information is secured and act on any incident that might have caused the information to be exposed to unauthorized personnel.


9. INTERNATIONAL DATA TRANSFER

Carholics may transfer users' personal data outside the European Economic Area or their country of origin due to the use of hosting, storage and processing services provided by third parties that operate servers located in different countries. These transfers are necessary to guarantee the continuous functioning of the platform and provide an efficient user experience. Although Carholics is based in Finland, the technological infrastructure used may involve data being stored or processed in jurisdictions with data protection laws that differ from those in Europe or your country of origin.

Carholics is committed to ensuring that all international transfers of personal data comply with applicable data protection regulations, including appropriate security measures to safeguard user information. This includes, but is not limited to, the implementation of standard contractual clauses, the assessment of the adequacy of data protection in the receiving country, and compliance with applicable privacy regulations in third-party services.

By using Carholics, users consent to the transfer, storage and processing of their data on servers located outside their country of residence, recognizing that such transfers are necessary for the operation of the platform. Carholics undertakes to take all reasonable measures to protect the integrity and security of personal data during such international transfers.


10. RIGHTS RELATED TO YOUR DATA

Users who provide information through our website, as data subjects and data owners, have the right to access, rectify, download or delete their information, as well as to restrict and object to certain processing of their information. While some of these rights apply generally, others apply only in certain limited circumstances. We describe these rights below:

  • Access and portability: to access and know what information is stored in our servers, you can send us your request through our contact page.
  • Rectify, Restrict, Limit and/or Delete: You can also rectify, restrict, limit or delete much of your information.
  • Right to be informed: Users of our website will be informed, upon request, about what data we collect, how it is used, how long it is retained and whether it is shared with third parties.
  • Object: When we process your information based on our legitimate interests as explained above, or in the public interest, you may object to this processing in certain circumstances. In such cases, we will stop processing your information unless we have compelling legitimate reasons to continue processing it or where it is necessary for legal reasons.
  • Revoke consent: Where you have previously given your consent, such as to allow us to process and store your personal information, you have the right to revoke your consent to the processing and storage of your information at any time. For example, you may withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn your consent if we have a legal basis for doing so or if your withdrawal of consent was limited to certain processing activities.
  • Complaint: If you wish to file a complaint about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. Users can exercise all these rights by contacting us through the contact page.
  • Rights related to automated decision-making, including profiling: website users may request that we provide a copy of the automated processing activities we conduct if they believe that data is being unlawfully processed.

Users or holders of personal data provided through the platform may exercise these rights over their personal data at any time and without limitation by sending their request through our contact page. Your request to exercise your rights will be addressed and responded to within 5 business days of receipt of the request.


11. COMPLAINTS

In accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), users have the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data by Carholics infringes the provisions of the aforementioned regulation. Users residing in Finland or who consider it appropriate to address their complaint to the competent national authority may lodge their complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto, in Finnish; Office of the Data Protection Ombudsman, in English), whose contact details are as follows:

  • Tietosuojavaltuutetun toimisto
  • Postiosoite: PL 800, 00531 Helsinki, Finland
  • Käyntiosoite: Lintulahdenkuja 4, 00530 Helsinki, Finland
  • Puh: +358 29 566 6700
  • Sähköposti: tietosuoja@om.fi
  • Website: https://tietosuoja.fi/en/home
  • Complaint form: https://tietosuoja.fi/en/report-a-personal-data-violation

In addition, users may exercise this right before any data protection authority in the European Economic Area (EEA), including the European Data Protection Board or the authority of the country in which they reside, work or where the alleged infringement has occurred. Up-to-date information on national supervisory authorities can be found at the following official link of the European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_en

Carholics recommends that users, in case of doubt or complaint, first contact our data protection team through the channels indicated in this policy, in order to resolve any concerns in a quick and transparent manner. Notwithstanding the foregoing, users retain at all times their right to contact the competent authority directly.


12. CHILDREN’S ONLINE PRIVACY PROTECTION

We comply with GDPR regulations regarding the protection of children's personal data. We do not collect any information from children under the age of 13 (minimum age allowed to collect and process information without parental or legal guardian consent). If we become aware that a child under the age of 13 has placed an order and provided us with personal information, we will take immediate steps to cancel the order and delete that information.


13. THIRD PARTIES

Except as otherwise expressly included in this privacy policy, this document addresses only the use and disclosure of information Carholics collects from you. If you disclose your information to others, whether other users or suppliers on Carholics, different rules may apply to their use or disclosure of the information you disclose to them. Carholics does not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable. Carholics is not responsible for the privacy or security practices of other websites on the Internet, even those linked to or from our website. Please review the privacy policies of third-party websites or services that you access through the Carholics website.


14. CHANGES TO PRIVACY POLICY

We reserve the right to change our privacy policy at any time. Changes will be promptly notified to our users or customers and posted on the website. Your continued use of our website following such changes will signify your acceptance of the changes.


15. CONTACT US

If you have questions or concerns about this privacy policy and the handling and security of your data, please contact us through our contact page or via the contact information below:

MaComp Oy - Carholics.

Email: helpmebro@carholics.eu