Privacy policy

Last Updated: 07/06/2026

TheRefinement ("we", "us", or "our") operates this online store and website. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase from our store, or otherwise communicate with us.

For the purposes of the EU General Data Protection Regulation (GDPR), TheRefinement is the Data Controller of your personal information, and Shopify acts as our primary Data Processor.

1. Personal Information We Collect

We collect information that identifies or can reasonably be linked to you. We collect the following categories of personal information depending on how you interact with our store:

  • Contact Details: Name, billing address, shipping address, phone number, and email address.
  • Financial Information: Payment transaction details, form of payment, and payment confirmations. (Note: Credit card payments are securely handled directly by our payment gateways; we do not store raw credit card numbers).
  • Account Information: Username, account preferences, saved settings, and order history.
  • Transaction Information: Items you view, place in your cart, add to your wishlist, purchase, or return.
  • Communications: Information you explicitly include when contacting our customer support via email or contact forms.
  • Device & Usage Information: IP address, device type, browser version, network connection, unique identifiers, and data regarding how and when you navigate our store, collected via cookies and similar tracking technologies.

2. Legal Bases for Processing Your Data

Under the GDPR, we rely on the following legal grounds to process your personal data:

  • Performance of a Contract: To process payments, fulfill and ship your orders, and manage returns.
  • Legitimate Interests: To secure our website, prevent fraud, optimize our user experience, and handle general customer service inquiries.
  • Consent: To send you marketing communications (such as newsletters) via email or text message, and to use certain non-essential cookies. You can withdraw your consent at any time.
  • Legal Obligation: To comply with statutory requirements, such as maintaining accurate corporate bookkeeping and tax records under Finnish law.

3. How We Disclose Personal Information

We share your personal data with trusted third parties who help us operate our store and deliver our services:

  • Shopify: Our e-commerce platform vendor that securely processes your data to host our store and manage your checkout experience.
  • Logistics Partners: Logistics and delivery providers (such as Posti) to ship and deliver your physical packages within Finland.
  • Payment Processors: Secure financial institutions that handle transactions.
  • Marketing & Analytics Partners: Service providers that help us deliver tailored advertisements and analyze website performance, subject to your cookie preferences.
  • Legal Compliance: Authorities or legal entities if required to comply with applicable laws, respond to a valid legal process, or protect our business rights and customer safety.

4. International Data Transfers

Because our store is powered by Shopify, your personal information may be transferred, stored, and processed outside the European Economic Area (EEA), including to Canada and the United States.

Whenever your data is transferred outside the EEA, we ensure that appropriate safeguards are in place, relying on the European Commission's approved Standard Contractual Clauses (SCCs) or adequacy decisions (such as the EU-U.S. Data Privacy Framework) to ensure your data remains securely protected.

5. Children's Data

Our services are not intended for children. We do not knowingly collect personal information from individuals under the age of 13 (the statutory age of digital consent in Finland). If you believe a child has provided us with their data, please contact us to request its deletion.

6. Data Retention & Security

  • Security: We employ industry-standard technical measures through Shopify to safeguard your data. However, please remember that no digital transmission over the internet can be guaranteed 100% secure.
  • Retention: We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, manage your account, resolve disputes, or comply with statutory Finnish accounting laws (which require certain transaction data to be kept for up to 6 years).

7. Your GDPR Rights

As a resident of Finland/the EEA, you possess comprehensive legal rights regarding your personal information under the GDPR. You have the right to:

  • Access & Portability: Request a copy of the personal data we hold about you or request its transfer to a third party.
  • Rectification: Request that we correct inaccurate or incomplete personal information.
  • Erasure ("Right to be Forgotten"): Request that we delete your personal data, subject to certain legal exceptions (like active accounting requirements).
  • Restriction & Objection: Ask us to restrict or completely object to the processing of your data under specific conditions.
  • Withdraw Consent: Opt out of marketing emails at any time by clicking the "Unsubscribe" link at the bottom of our emails.

To exercise any of these rights, please contact us using the email address listed below. We do not discriminate or penalize you for exercising your privacy rights. To verify your identity and protect your data, we may require proof of identification before fulfilling specific data requests.

8. Contact Us

If you have any questions about our privacy practices, wish to exercise your data rights, or want to submit an inquiry, please contact us at:

  • Company Name: TheRefinement
  • Email: info@therefinement.com