Privacy policy

Privacy Policy

Last updated: 26 April 2026

This Privacy Policy explains how Carino Nutrition Oy processes personal data in connection
with its online store and related services.

1. Controller

Carino Nutrition Oy
Business ID: 3236667-2
Apilakuja 5 B 3
01150 Söderkulla
Finland
Email: info@carino-nutrition.fi

2. What this Privacy Policy applies to

This Privacy Policy applies to the processing of personal data when a customer uses the
Carino Nutrition Oy online store, places an order, contacts customer service, uses the
cancellation form, or otherwise interacts with us through the online store.
The online store operates on the Shopify platform. In addition, third-party service providers
may be used for order processing, deliveries and payments.

3. What personal data we collect

We may process the following personal data:
• name
• billing and delivery address
• email address
• phone number
• order details, such as ordered products, order date, payment method, delivery method
and returns
• customer service messages and other communications
• technical data related to the use of the online store, such as IP address, device and
browser information, and website usage data
• any marketing consents and opt-outs
We do not store payment card details ourselves; payments are processed through the payment service provider.

4. Where the personal data comes from

Personal data is obtained mainly:
• directly from the customer when placing an order, contacting us or filling in a form
• automatically through the use of the online store via cookies and similar technologies
• from Shopify and other service providers to the extent necessary for the operation of the
online store

5. Purposes for which personal data is used

We use personal data for the following purposes:
• receiving, processing and delivering orders
• processing payments and confirming orders
• handling customer service matters, complaints, returns and cancellations• ensuring the operation, security and fraud prevention of the online store
• fulfilling legal obligations, such as accounting and consumer protection obligations
• developing the online store, analytics and improving usability
• sending newsletters, email marketing and other direct marketing, if the customer has
given consent or if there is another lawful basis for doing so
• targeting, measuring and developing marketing communications to the extent permitted
by law

6. Legal bases for processing personal data

We process personal data on the following legal bases:
• performance of a contract, when we process data related to orders, deliveries, payments, returns or customer service
• legal obligation, when we retain and process data based on accounting legislation or other mandatory legal requirements
• legitimate interest, when we process data for the security of the online store, prevention of misuse, development of customer service or business analytics
• consent, if we send newsletters, electronic direct marketing or use cookies to the extent required by law

7. To whom personal data is disclosed

We may disclose personal data to the following parties to the extent necessary for the operation of the online store:
• Shopify, the platform on which the online store operates
• payment service providers that process payment transactions
• logistics and delivery partners, such as Logitrail and transport service providers, so that orders can be delivered to the customer
• technical service providers, such as providers of hosting, analytics, data security and customer service solutions
• authorities, if required by law
We process personal data only to the extent necessary for each purpose of use.

8. Shopify and other third parties

The online store operates on the Shopify platform, which means that Shopify processes
personal data to enable the technical operation of the online store. In addition, Shopify may
process data for the provision of its own services, data security, fraud prevention and the
development of the e-commerce platform.
Customer data may also be transferred to other service providers if necessary for payment
processing, deliveries, operation of the online store or customer service.

9. Transfer of data outside the European Economic Area

Some of the service providers we use, such as Shopify, may also process personal data
outside the European Economic Area. In such cases, we ensure that there is a lawful basis
for the transfer and that appropriate safeguards are used, such as the standard contractual
clauses approved by the European Commission or another applicable transfer mechanism.

10. Data retention period

We retain personal data only for aslong as necessary for the purposes described in this
Privacy Policy or for the period required by law.
• order data is retained for as long as necessary to process the order and fulfil legal
obligations
• accounting-related data is retained for the period required by accounting legislation
• customer service and complaint data is retained for as long as required to handle the
matter and any possible legal clarification
• data relating to newsletters and email marketing is retained until the customer withdraws
consent, objects to marketing, or there is no other lawful basis for processing the data

11. Cookies and similar technologies

The online store may use cookies and similar technologies to ensure the operation of the
online store, user experience, analytics and possible marketing.
Cookies may be used, for example, to:
• keep the shopping cart functioning
• remember customer choices
• analyse the use of the website
• improve the functionality and security of the online store
If we use non-essential cookies, we will request the customer’s consent where necessary.

12. Rights of the data subject

In accordance with applicable data protection legislation, the customer has the right to:
• access their personal data
• request the rectification of inaccurate or incomplete data
• request the deletion of their personal data in situations permitted by law
• request the restriction of processing in situations permitted by law
• object to the processing of their personal data in certain situations
• request the transfer of their data from one system to another, where permitted by law
• withdraw consent at any time where processing is based on consent, such as receiving
newsletters or other electronic direct marketing
• object to direct marketing at any time
• lodge a complaint with a supervisory authority
Requests relating to these rights can be sent by email to info@carino-nutrition.fi.

13. Data security

We protect personal data through appropriate technical and organisational measures.
Such measures include, for example, access control, system protection, restricted access
rights and the use of reliable service providers.
However, complete data security cannot be guaranteed, and data transmitted over the
internet is never entirely risk-free.

14. Children’s data

The online store is not intended for independent use by children, and we do not knowingly
collect personal data from minors without an appropriate legal basis.

15. Right to lodge a complaint

If a customer considers that their personal data has been processed unlawfully, they have
the right to lodge a complaint with the competent supervisory authority.
In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.

16. Changes to this Privacy Policy

Carino Nutrition Oy reserves the right to update this Privacy Policy, for example due to
changes in legislation, development of the online store or changes in service providers. The
updated version will be published on the website.

17. Contact details

If you have any questions about this Privacy Policy or wish to exercise your data protection
rights, you may contact us at:
Carino Nutrition Oy
Apilakuja 5 B 3
01150 Söderkulla
Finland
info@carino-nutrition.fi