Privacy policy

Privacy Policy and Data Protection Statement

Jenuveena Privacy Policy

This privacy policy was created on February 25, 2024, and last updated on March 11, 2025.

Jenuveena (www.jennipennanenart.com) is committed to protecting the privacy of its customers and providing them with control over how their personal data is processed. This privacy policy is in accordance with the General Data Protection Regulation (GDPR 2016/679) of the EU and Finnish data protection laws.

Data Controller

Jenuveena
Ilmarisenkatu 15 B 26, 50130 Mikkeli, Finland
Phone: +358 40 960 6980
Email: hello@jennipennanenart.com

Contact Person for Data Protection Matters

Jenni Pennanen
Email: hello@jennipennanenart.com
Address: Ilmarisenkatu 15 B 26, 50130 Mikkeli, Finland
Phone: +358 40 960 6980

Name of the Register

Jenuveena’s Customer and Marketing Register

Legal Basis and Purpose of Data Processing

The processing of personal data is based on the following legal grounds:

  • Contractual necessity: Processing personal data is necessary to fulfill orders (e.g., delivery and payment processing).
  • Legitimate interest: Managing customer relationships, improving website and services, preventing misuse, and enhancing customer service.
  • Legal obligations: Compliance with accounting and tax obligations.
  • Consent: Marketing communications and analytics, which require separate customer consent.

Personal data is used for the following purposes:

  • Maintaining customer relationships
  • Processing, delivering, and archiving orders
  • Improving the website and services
  • Enhancing customer experience
  • Analytics and statistics
  • Providing personalized marketing and content
  • Preventing misuse
  • Fulfilling legal obligations

Collected Personal Data and Sources

We collect and process the following data:

  • Customer information: Name, email, address, phone number
  • Order details: Purchased products, payment method, delivery details
  • Payment details: Processed through payment intermediaries (not stored directly)
  • Technical data: IP address, browser type, operating system
  • Marketing communications: Email subscriptions and customer surveys (based on consent)

The primary source of data is the customer themselves. Payment details are received from payment intermediaries.

Data Sharing and Transfers

Personal data may be shared with trusted partners when necessary for service fulfillment. These partners include:

  • Payment processors (e.g., Stripe, PayPal)
  • Delivery services (Posti, Matkahuolto)
  • E-commerce platform provider (Shopify)
  • Marketing platforms (Meta/Facebook, Google Ads)
  • Analytics services (Google Analytics, Meta Pixel)

Data may also be transferred outside the EU/EEA (e.g., through the Shopify platform or marketing services). In such cases, we ensure that data transfers comply with the EU Commission’s approved safeguards, such as Standard Contractual Clauses (SCCs).

Use of Cookies

We use cookies to improve website functionality, analyze statistics, and target marketing. Cookies are categorized as follows:

  • Essential cookies – Required for website functionality
  • Analytics cookies – Google Analytics, Search Console
  • Marketing cookies – Meta Pixel, Google Ads

You can manage cookie settings on our website and withdraw consent at any time.

Data Retention Periods

Personal data is stored only as long as necessary for the intended purpose:

  • Order details: Retained for 6 years as required by accounting laws.
  • Customer service inquiries: Retained for 2 years from the last contact.
  • Marketing data: Retained based on consent until the customer withdraws it.
  • Website analytics data: Retained for 36 months in anonymized form.

Customers have the right to request data deletion, provided there is no legal obligation to retain the data.

Customer Rights

Registered individuals have the following rights:

  • Right to access – Request a copy of stored personal data.
  • Right to rectification – Correct inaccurate or incomplete data.
  • Right to erasure (“Right to be forgotten”) – Request data deletion unless a legal obligation prevents it.
  • Right to restriction of processing – Limit data processing in certain cases.
  • Right to object to direct marketing – Opt out of marketing messages at any time.
  • Right to data portability – Transfer data to another system.
  • Right to object – Object to data processing based on legitimate interest.

Requests regarding data privacy can be sent to jennipennanenart@gmail.com.

Data Security Measures

We ensure data security through the following measures:

  • Encryption (SSL) on the website
  • Restricted access to customer data (only authorized personnel)
  • Regular backups and security updates

Changes to the Privacy Policy

We reserve the right to update this privacy policy in response to changes in operations or legislation. Significant changes will be communicated on our website.

Last updated: March 11, 2025