Privacy Policy

1. General provisions and definitions

1.1. This Privacy Policy applies to all information that the online store Mustoff.fi may obtain about the User during the use of the website, placing orders, registering an account, subscribing to newsletters, and performing other actions on the website.

1.2. The processing of personal data is carried out in accordance with:

  • the General Data Protection Regulation (GDPR);
  • applicable data protection legislation of Finland.

1.3. Use of the Mustoff.fi website constitutes the User’s acceptance of this Privacy Policy, unless otherwise provided by mechanisms of explicit consent (for example, a cookies banner).

1.4. In cases where separate consent is required (for example, for marketing communications or analytical cookies), personal data will be processed only after such consent has been obtained.

2. Key definitions

2.1. Website Administrator / Data Controller — a person or organization managing the Mustoff.fi website, who determines the purposes and means of processing Users’ personal data.

2.2. Personal Data — any information relating to an identified or identifiable natural person (User), including but not limited to:

  • first and last name
  • phone number
  • email address
  • delivery address
  • payment data (processed in anonymized form via payment systems)
  • IP address, cookies data

2.3. Processing of Personal Data — any operation or set of operations performed on personal data, including: collection, recording, organization, storage, updating, use, transfer, anonymization, blocking, deletion, and destruction of data. Processing may be carried out using automated means (e.g., WooCommerce) or without such means.

2.4. Confidentiality of Personal Data — the obligation of the Data Controller not to disclose personal data to third parties without legal grounds or the User’s consent, except as required by EU legislation.

2.5. User — any natural person who visits the Mustoff.fi website and/or uses its functionality.

2.6. Cookies — small files stored on the User’s device, used for:

  • proper functioning of the website (e.g., WooCommerce cart)
  • analysis of user behavior
  • content personalization

2.7. IP Address — a unique network address of the User’s device on the Internet.

3. General provisions

3.1. Use of the Mustoff.fi website means that the User has ознакомился with this Privacy Policy.

3.2. In cases where the processing of personal data requires explicit consent (for example, for marketing communications or the use of analytical cookies), such consent is obtained separately through appropriate forms and tools on the website.

3.3. If the User does not agree with the terms of this Privacy Policy, the User must stop using the website.

3.4. This Policy applies only to the Mustoff.fi website. The website may contain links to third-party resources. The Data Controller is not responsible for the processing of personal data on third-party websites.

3.5. The Data Controller does not verify the accuracy of personal data provided by the User but assumes that the User provides accurate and up-to-date information.

4. Subject of the privacy policy

4.1. This Policy establishes the obligations of the Data Controller regarding the protection of Users’ personal data and defines the procedures for its processing.

4.2. Personal data is provided by the User when:

  • registering an account
  • placing an order
  • subscribing to newsletters
  • filling out contact forms

4.3. The Data Controller processes the following categories of personal data:

4.3.1. Identification data:

  • first and last name

4.3.2. Contact data:

  • phone number
  • email address

4.3.3. Data required for order fulfillment:

  • delivery address
  • residential address (if necessary)

4.3.4. Payment data:

  • processed via third-party payment systems and not stored on the Mustoff.fi website

4.4. Automatically collected data

When visiting the website, the following data may be collected automatically:

  • IP address
  • cookies data
  • browser and device information
  • date and time of visit
  • URL of the referring page

This data is used for:

  • ensuring proper operation of the website (including WooCommerce functionality)
  • improving usability
  • analyzing traffic and user behavior
  • ensuring security and preventing fraud

4.5. Cookies and their use

4.5.1. The website uses cookies for:

  • shopping cart functionality and order processing
  • saving user preferences
  • analytics (e.g., Google Analytics or similar services)

4.5.2. The User may disable cookies in browser settings. However, this may result in incorrect operation of the website, including the inability to place orders.

4.6. Analytics and security

4.6.1. The website may use analytics tools and tracking pixels (for example, to evaluate advertising effectiveness and analyze user behavior).

4.6.2. The Data Controller collects anonymized statistics of visits for:

  • identifying technical issues
  • preventing fraudulent activities
  • improving service quality

4.7. Data storage and protection

4.7.1. All personal data is stored in a secure environment and processed in compliance with the General Data Protection Regulation (GDPR).

4.7.2. The Data Controller takes necessary organizational and technical measures to protect personal data against:

  • unauthorized access
  • alteration
  • disclosure
  • destruction

4.7.3. Personal data is not transferred to third parties, except in cases provided for by this Policy and EU legislation.

5. Purposes of collecting the user’s personal information

5.1. The Data Controller collects and processes the User’s personal data for the following purposes:

5.1.1. Identification of the User when registering on the Mustoff.fi website, placing an order, and concluding a distance sales contract.

5.1.2. Providing the User with access to personalized resources of the website.

5.1.3. Establishing communication with the User, including:

  • sending notifications and requests related to the use of the website
  • processing inquiries and requests
  • providing customer support

5.1.4. Ensuring website security, preventing fraud, and protecting payment transactions.

5.1.5. Verifying the accuracy and completeness of the data provided by the User to the extent necessary to fulfill obligations.

5.1.6. Creating a User account, if the User has expressed such intent.

5.1.7. Processing and managing orders, including:

  • notifying about order status
  • arranging delivery
  • handling returns and claims

5.1.8. Processing payments, including:

  • interaction with payment systems
  • transaction confirmation
  • fraud prevention

(Payment data is processed by third-party providers and is not stored on the Mustoff.fi website.)

5.1.9. Providing technical and customer support, including prompt resolution of issues arising during the use of the website.

5.1.10. Sending informational and marketing communications (news, promotions, offers) only with the User’s prior consent.

5.1.11. Conducting marketing activities, including personalized advertising, based on the User’s consent, unless otherwise provided by EU legislation.

5.1.12. Providing access to website services, including receiving information about products, updates, and services.

6. Processing of personal data when using an account and payments

6.1. When registering an account on the Mustoff.fi website, the User provides personal data necessary for creating and using the account, including name, email address, delivery address, and other information.

6.2. Personal data specified in the account is used for:

  • User authentication
  • processing and storing orders
  • managing delivery addresses
  • providing access to account functionality

6.3. Personal data is stored for the period necessary to fulfill contractual obligations or until the User deletes the account, unless otherwise required by law.

6.4. The User has the right to modify or delete their personal data at any time via the account or by contacting the Data Controller.

6.5. When using payment functions of the website:

6.5.1. Payment card data is entered through secure payment interfaces of third-party payment providers.

6.5.2. The Mustoff.fi website does not store or process full payment card details (card number, expiration date, CVC code).

6.5.3. When saving a payment method, tokenization technology is used, whereby only an anonymized identifier provided by the payment provider is stored.

6.5.4. Payment data is processed by third-party providers in accordance with security requirements and the General Data Protection Regulation (GDPR).

7. Processing of data when using contact forms and comments

7.1. The User may provide personal data when filling out contact forms on the Mustoff.fi website, including name, email address, and message content.

7.2. Personal data submitted through contact forms is used exclusively for:

  • processing the User’s request
  • providing a response
  • improving the quality of service

7.3. Such data is not used for marketing purposes without the User’s separate consent.

7.4. When leaving comments on the Mustoff.fi website, the User agrees that:

7.4.1. the data provided (such as name and comment content) may be published in the public domain;

7.4.2. such data becomes accessible to an unlimited number of persons;

7.4.3. the Data Controller is not responsible for further use of this information by third parties if it was voluntarily made public by the User.

7.5. The Data Controller has the right to:

7.5.1. moderate comments;

7.5.2. remove comments that violate the law or the rights of third parties;

7.5.3. restrict the ability to post comments.

7.6. The User agrees not to post:

  • personal data of third parties without their consent
  • unlawful, offensive, or rights-infringing content

8. Methods and duration of personal data processing

8.1. The processing of the User’s personal data is carried out for the period necessary to achieve the purposes of processing or for the period established by the legislation of the European Union and Finland.

8.2. Personal data is processed using the following methods:

8.2.1. with the use of automated means, including information systems (such as website management systems and WooCommerce);

8.2.2. without the use of automated means (including manual processing).

8.3. The User’s personal data may be transferred to third parties only to the extent necessary to fulfill obligations to the User, including:

8.3.1. delivery and logistics service providers;

8.3.2. postal service providers;

8.3.3. payment systems and electronic payment providers;

8.3.4. IT service providers (hosting, analytics, etc.).

Such transfer is carried out on the basis of a contract or other legal grounds in accordance with the General Data Protection Regulation (GDPR).

8.4. Personal data may be transferred to public authorities of Finland only in cases provided for by applicable law.

8.5. The Data Controller takes necessary organizational and technical measures to protect personal data against:

  • unlawful or accidental access
  • destruction, alteration, or blocking
  • copying or distribution
  • other unlawful actions

8.6. In the event of a data breach or unauthorized disclosure of personal data, the Data Controller:

8.6.1. takes measures to mitigate the consequences of the incident;

8.6.2. notifies the User and the competent authorities in cases required by EU legislation.

8.7. The Data Controller and the User take reasonable measures to prevent losses and other negative consequences caused by the loss or disclosure of personal data.

9. Obligations of the parties

9.1. The User is obliged to:

9.1.1. Provide accurate and up-to-date personal data necessary for using the Mustoff.fi website, placing orders, and receiving services.

9.1.2. Timely update and supplement the provided personal data in case of any changes.

9.2. The Data Controller is obliged to:

9.2.1. Use the User’s personal data exclusively for the purposes specified in Section 6 of this Privacy Policy.

9.2.2. Ensure the confidentiality of personal data and not disclose it to third parties without legal grounds or the User’s consent, except as provided by this Policy and EU legislation.

9.2.3. Not sell, exchange, or otherwise distribute the User’s personal data beyond the scope established by this Policy.

9.2.4. Take necessary organizational and technical measures to protect personal data in accordance with the General Data Protection Regulation (GDPR).

9.2.5. Restrict or suspend the processing of personal data upon the User’s request or upon request of authorized authorities in cases provided by law.

9.2.6. Delete or correct personal data upon the User’s request if such data is incomplete, outdated, inaccurate, or processed in violation of the law.

10. Liability of the parties

10.1. The Data Controller is liable for violations of obligations related to the processing and protection of the User’s personal data in accordance with the applicable legislation of the European Union and Finland.

10.2. In the event of unlawful processing of personal data or violation of data protection requirements resulting in damages to the User, the Data Controller shall be held liable in accordance with EU legislation.

10.3. The Data Controller shall not be liable for the loss or disclosure of the User’s personal data in the following cases:

10.3.1. if the data became publicly available prior to its loss or disclosure through no fault of the Data Controller;

10.3.2. if the data was obtained from third parties on lawful grounds;

10.3.3. if the data was disclosed with the User’s consent;

10.3.4. if the loss or disclosure occurred as a result of the User’s actions, including violation of security measures or website usage rules.

11. Dispute resolution

11.1. The User has the right to contact the Data Controller with a complaint or request related to the processing of personal data for the purpose of pre-trial dispute resolution.

11.2. The Data Controller shall review the User’s request and provide a response within a reasonable period, but no later than 30 calendar days from the date of receipt.

11.3. If the parties fail to reach an agreement, the User has the right to apply to competent data protection authorities or to a court in accordance with the legislation of the European Union and Finland.

11.4. The User also has the right to lodge a complaint with a supervisory authority for data protection in the country of their residence or at the place of the alleged violation.

11.5. Relations between the User and the Data Controller shall be governed by the applicable laws of the European Union and Finland.

12. Additional provisions

12.1. The Data Controller reserves the right to make changes to this Privacy Policy without prior notice to the User, unless otherwise required by law.

12.2. The updated version of the Privacy Policy shall come into force from the moment it is published on the Mustoff.fi website, unless otherwise provided by the new version of the Policy.

12.3. The User is advised to regularly review the current version of the Privacy Policy.

12.4. All suggestions, questions, and requests related to this Privacy Policy should be sent via email to: info@mustoff.fi.

12.5. The current version of the Privacy Policy is available on the Mustoff.fi website.

12.6. This Privacy Policy remains in effect indefinitely until replaced by a new version.

Updated: March 20, 2026