Privacy Policy


This is Inked Mystiqs' General Data Protection Regulation (GDPR) registration and privacy statement. Last updated on 11.1.2026

Inked Mystiqs uses Shopify to run its online store. Shopify's own privacy policy can be viewed here .

 

1. Data Controller

Inked Mystiqs

Business ID 3096708-7

Keskuspuistikko 9

61300 Kurikka

Contact person: Julia Mäkelä

Email: info@inkedmystiqs.com

tel. +35841 3281435

inkedmystiqs.com

 

2. Purpose of processing personal data

We process your personal data for the following purposes:

  • Order processing and delivery Information is used to receive orders, process payments, deliver products, and handle returns and exchanges.

  • Customer service and communication We use information to respond to your inquiries, provide customer support, and send you order or account-related notifications.

  • Maintaining customer relationships and providing services. The information is used to create and manage your account, remember your purchase history and preferences, and to provide you with a smooth experience using the services. This also allows us to recommend products that may interest you.

  • Online store development and customization We use information to improve our services, personalize the user experience, and analyze online store operations.

  • Marketing and advertising With your permission, we may use your information to send you marketing messages (e.g. email, text message, letter mail) and to show you advertisements in our online store and on other websites. The advertising may be based on your previous purchases or activities on our services.

  • Security and fraud prevention Information is used to protect your account, ensure the security of payment transactions, and detect and prevent potential abuse or illegal activity.

  • Fulfilling legal obligations We process data to comply with applicable law and to respond to requests from authorities or legal obligations.

  • Automated decision-making We do not use personal data for automated decision-making or profiling.


3. What personal data do we collect?

The information stored in the register includes: person's name and contact information/company/organization and contact information (telephone number, email address, address), payment information, order content and delivery address, customer feedback and communication with us, technical information related to the use of the online store, such as IP address and cookies.

The information will be retained for as long as necessary to manage your customer relationship.

In addition, some information may be retained for longer periods to the extent necessary to fulfill statutory obligations, such as accounting and consumer trade responsibilities. According to the Finland Accounting Act, the retention period is 6 years.

The IP addresses of website visitors and cookies necessary for the operation of the service are processed on the basis of legitimate interest, including for data security purposes and for the purpose of collecting statistical data on website visitors in cases where they can be considered personal data. If necessary, consent is requested separately for third-party cookies.

 

4. Regular information sources

The information stored in the register is only obtained from the customer when creating a customer account or placing an order, in which the customer himself provides the information he wants and avoids.

Contact information for companies and other organizations can also be collected from public sources such as websites, directory services, and other companies.

 

5. Data transfers and data transfers outside the EU or EEA

We may disclose your personal data to the following parties:

  • Service providers involved in order processing For example, payment service providers, logistics companies, warehousing services and other operators who are necessary for order processing and delivery.

  • Shopify and other technical service providers We use the Shopify platform to host our online store. Shopify and other service providers may process data outside the EU or EEA. We ensure that all data transfers are made in accordance with applicable data protection legislation (e.g. EU Model Contractual Clauses).

    We also use third‑party applications available through the Shopify App Store (such as marketing, analytics, payment processing, and customer service tools) that may process customer data in order to provide their services. These service providers process data in accordance with their own privacy policies, and we ensure that all data processing is carried out in compliance with applicable data protection laws.

  • Business and Marketing Partners We may share information with partners who provide us with marketing and advertising services. Shopify may be used to display personalized advertising based on your interactions across online stores and websites. Partners will process information in accordance with their own privacy policies. Depending on where you live, you may have the right to opt out of having your information used for targeted advertising.

  • Third parties with your consent We may disclose information if you request it or otherwise consent to the disclosure. This may be necessary, for example, to deliver products or when you use social media plugins or login integrations.

  • Companies within our group of companies We may share information within our company or with companies within the same group.

  • Business Situations and Legal Obligations Information may be disclosed in connection with corporate transactions (such as a merger, acquisition, or bankruptcy). We may also disclose information to comply with legal obligations (such as responding to subpoenas or search warrants), to enforce our Terms of Service, or to protect our services, rights, and users.


6. Principles of register protection

The register is handled with care and the data processed by information systems is protected appropriately. When the register data is stored on Internet servers, the physical and digital security of their equipment is appropriately taken care of. The registrar ensures that the stored data, as well as the access rights to the servers and other information critical to the security of personal data, are handled confidentially and only by employees whose job description includes it. The data contained in the register are in locked and guarded premises.

 

7. Right to inspect and right to request correction of information

Every person in the register has the right to check their data stored in the register and to demand correction of any incorrect data or completion of incomplete data. If a person wishes to check the data stored about them or to demand correction of them, the request must be send in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time period specified in the EU Data Protection Regulation (generally within one month).

 

8. Other rights related to the processing of personal data

A person in the register has the right to request that personal data concerning him or her be removed from the register. Data subjects also have other rights. Rights under the EU General Data Protection Regulation , such as the restriction of processing of personal data in certain situations. Requests must send in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time period specified in the EU Data Protection Regulation (generally within one month).

 

9. Cookies

The online store uses cookies and similar technologies to improve the operation of the site and customer experience, and to target marketing. Cookies are session-specific and are deleted when you end your session on the service.

The customer can manage cookies in their browser settings. You can prevent the use of cookies, but as a result, you will not be able to place an order on the website.