Privacy Policy


1. General Information

Astialiisa Oy (2854217-8) processes your personal data based on this document and by applying Finnish law so we ask you to read this document carefully.

By using our services or web sites, or by contacting us, you accept that we will process your personal data according to this document. Processing your data means that we keep it and use it for the purposes explained later in this document.

If you do not accept these terms, we probably cannot provide you with the best possible service.

Our contact information regarding this document is displayed at the document’s end.

2. For what purpose is my personal data being collected and processed?

We collect, keep and process your personal data only for specific uses:

  • Care of business relations and customer communication
  • Customer service and replying to contact requests
  • Running and developing our web shop
  • Analyzing and tracking the usage of our web shop
  • Segmenting customers to provide personalized content in our web shop
  • Affirming the security of our web sites, and investigating their possible abuse
  • Customer-, opinion- and market surveys
  • Developing our business
  • Targeting of marketing and advertising
  • Direct marketing

We do not profile anyone based on their personal data or use the personal data in automated decision making.

3. What kind of personal data is collected and from which sources?

We mainly collect personal data from you directly, by you contacting us or by using our web site. We also collect personal data manually, for example by phone or email in a customer service or sales situation.

In addition to the personal data you yourself provide, we also collect data on the usage of our web site with HTTP cookies to analyze and develop our web site and services, and to target marketing and advertising.

4. On what grounds is personal data being processed?

We process personal data on several ways required by law. The legal basis of the processing depends on our relation to you. In the table below, you can see the legal basis for different types of relations and examples in processing of the data.



Contractual relation or actions preceding the forming of a contract

We process the customer’s personal data for all the uses listed under heading 2 of this document based on contractual relation formed from the ordering of products from the web shop.

Legal requirement

We keep and process our customer’s personal data, for example for our bookkeeping based on the bookkeeping act.

Legitimate interests of the controller or a third party

If we do not have a contractual relation with you, we will process your personal data based on our legitimate interests. These are for example customer service and replying to contact requests, the development and usage tracking of our web site, and affirming the security of and investigating possible abuse in the web shop.


When you subscribe to our newsletter from our web shop, we will process your personal data based on your agreement. We will ask for permission for direct marketing separately when receiving your personal data in the web shop.

5. Who processes my personal data and will it be handed over to third parties?

Your personal data will be processed by our employees for performing their tasks. However, we also make use of the information systems of third parties for keeping and processing of the data. In these cases, we have contracts in place to make sure your data is processed with confidentiality and according to law.

We hand over data to our business partners to enable the operation of our business. These partners are such as information technology service provider, payment service provider, logistics partners, and bookkeeping services. The data will be handed over to third parties for example when you order products from our web shop. In this case, your personal data will be handed over to the payment service provider and the logistics partner of your choosing to enable the transaction and delivery of your order.

We might also hand over your data to third parties when the law or a competent authority requires it, or if we would be part of a merger or acquisition.

6. Will my personal data be transferred to outside of the EU?

We prefer service providers whose servers are located in the EU, however, part of the data will be transferred to outside the EU / EEA area if it is required for the delivery of your products.

When we deliver products to outside of the EU, part of the data given by you at the web shop when placing an order will be transferred to the local customs and delivery service provider in the destination country.

7. How long will you keep my personal data?

We keep your personal data only as long as is needed for its intended purpose or a contract or law requires.

We aim to update the data and remove unnecessary entries regularly. We delete unused data older than two years, given that there is no other grounds for keeping it, such as ensuring the security of our services or a requirement to keep it by law.

For example, bookkeeping law requires us to keep bookkeeping materials for at least six (6) years from the end of the last accounting period.

8. How is my data stored and protected?

Your personal data will be stored on the servers of our information technology service provider, which are secured with their required standards for the storing of personal data. We make sure that the processing of the data fills the requirements of the law and has the necessary safety precautions in place to prevent the accidental or unlawful destroying, losing, changing, handing over to third parties or accessing of the data.

The data we collect will be kept confidential and the access to it will be restricted to only those who need it in their work. We pledge to not hand over or reveal your data to persons other than our employees or other persons (including possible contractors) who have a need to access the data for a specific purpose, and who are by a contract or law required to keep the data confidential. The access to your personal data will be protected by per user credentials, passwords and access policies.

9. Is it required for me to agree to give personal data and what are the consequences of not agreeing?

If you do not give us the requested personal data or allow its processing by us in the form explained in this document, we probably cannot serve you as a customer or fulfill our role as an online shop in serving you. If you do not want us to process your personal data as explained in this document, we ask you not to provide us with any personal data.

10. Does this website use HTTP cookies and what are they?

We use HTTP cookies, on our website to make it possible for us to provide the best possible user experience to our visitors and customers.

HTTP cookies are short text files that the web server saves on the user’s device. With HTTP cookies we receive data on how people use our web site. We apply this data in the development of our website, analyzing its use and to better target and optimize marketing and advertising.

You can allow or deny the use of HTTP cookies by our web site in the settings of your web browser. Most web browsers allow the use of HTTP cookies by default. Disallowing of the HTTP cookies from our web site might impair its usability or stability.

11. What kind of rights do I have and what kind of actions can I take in regards to the processing of my personal data?



The right to cancel the agreement

If we process your personal data based on your agreement, you can at any time cancel that agreement by notifying us. You can also forbid the processing of your data for direct marketing by clicking the unsubscribe link found in each of our marketing emails.

The right to access your data

You have the right to receive confirmation if we process your personal data and information on what personal data we process. You also have the right to receive information on the grounds we process your personal data on.

The right to the rectification your data

You have the right to request the correcting of incorrect, outdated or otherwise faulty data.

The right to erasure of the data and to be forgotten

You have the right to request the erasure of your personal data if the data is no longer required for the purpose it was collected for, or if you cancel the agreement that the data collecting was based on.

The right to forbid direct marketing

You can forbid the processing of your personal data for direct marketing at any time by clicking the unsubscribe link found in each of our marketing emails, or by contacting us. If you as a customer forbid the processing of your data for direct marketing, we will only send you messages that are required for customer communication.

The right to object the processing of your data

If we process your data based on the legitimate interests of us as a controller, or a third party, you have the right to object the processing of your data in the case that:

  • There is no basis for the processing that would override your rights
  • The processing is not required for a legal action

If you object to the processing of your data, we will probably not be able to service you as a customer anymore.

The right to restrict the processing of your data

You have the right in certain cases to request the restricting of the processing of your data. For example, if you think the data we have is incorrect, we can restrict the processing of that data until we can make sure the data is correct, or if you think the processing is illegal but you don’t wish your data to be erased.

The right to data portability

If we have processed your data based on your approval, or a contractual relation with you, you have the right to receive the personal data you have sent us in an electrical format. The data will be delivered to you in a generally used machine-readable format to make it possible to transfer that data to an other service provider if it is technically possible.

The right to not be subject to profiling or decisions made solely based on automated processing

We do not profile our customers based on their personal data or use decision-making based on automated processing.

12. How can I take action in regards of processing my personal data?

You can take action regarding your aforementioned rights by contacting us for example by sending an email to the address privacy(at) Full contact information is provided at the end of this document. Please prepare to prove your identity if your reason for contacting us is about the processing of your personal data.

If you think the processing of your personal data is unlawful, you can also make a complaint to a competent authority. The contact information for the Finnish Office of data protection ombudsman can be found at

13. Will this document change?

We will update this document as our business develops or as the law requires, so we ask you to re-visit this document from time to time. You will find the date of the latest update at the beginning of this document. For significant changes to this document, we aim notify you provided we have your contact information.

14. How can I contact you about the processing of my personal data?

The easiest way to contact us regarding the processing of your data is by sending us an email to privacy(at) Emails sent to this address will be processed confidentially by our data processing team.

You can also contact our regular customer service with any questions regarding this document.

Astialiisa Oy
Runeberginkatu 59
00260 Helsinki

15. Third-party privacy policies


Paytrail stores IP-address, payment method and payment time & date during the payment process.

Your shopping cart is empty