Privacy policy

1. Introduction

This Privacy Policy explains how Gordius collects, uses, discloses, and protects your personal data when you use our online store. The store is operated via the Shopify platform, which also processes personal data on our behalf. Gordius is the data controller and is committed to handling your data lawfully, transparently, and securely under EU and Finnish data protection laws.

2. What Data We Collect

“Personal data” means any information that can identify you directly or indirectly. We may process the following categories of personal data:

Contact details: name, email address, phone number, billing and shipping address
Payment details: payment method, card type (processed via Shopify and secure payment providers)
Account information: username, password (if applicable)
Order and purchase data: items viewed, added to cart, ordered, returned
Communication: emails, messages with customer service
Device and usage data: IP address, browser type, interaction with the website (via cookies)

3. How We Collect Your Data

We collect personal data from the following sources:

Directly from you, when you place an order or contact us
Automatically, through cookies and browsing behavior
Via Shopify, and other service providers involved in payment, shipping, and analytics
From marketing partners, if you have given consent

4. Why We Process Your Data

We use your personal data for the following purposes:

Order processing: fulfilling, delivering, returning or refunding orders
Customer service: responding to inquiries and managing your account
User account management: registration, login, and preferences
Marketing (with consent): sending newsletters, promotions
Legal compliance: invoicing, tax records
Security and analytics: fraud prevention, store optimization

5. Sharing Your Data

We share your data only when necessary, for example with:

Shopify (store platform, payment infrastructure)
Payment providers (for card processing)
Shipping services (for order delivery)
Email and analytics services (e.g., Klaviyo, if used)
Public authorities when required by law

If personal data is transferred outside the EU, we ensure legal safeguards are in place (e.g. Standard Contractual Clauses).

6. Cookies

We use cookies to operate and enhance our website, including:

Essential cookies (for store functionality)
Analytics cookies (visitor behavior)
Marketing cookies (if consented)

You can manage your cookie preferences via the cookie banner on our site.

7. Children’s Data

Our store sells baby-related products but is not intended for children. We do not knowingly collect data from persons under the age of 16. If you believe we have collected such data, please contact us and we will delete it.

8. Your Rights (under GDPR)

You may have the following rights regarding your personal data:

Right of access – to know what data we hold about you
Right to rectification – to correct inaccurate data
Right to erasure – to request deletion of your data
Right to restrict processing – in certain situations
Right to data portability – to receive and transfer your data
Right to object to marketing – withdraw your consent anytime

To exercise your rights, contact us using the details below. We respond within 30 days.

9. Data Retention

We retain your data only as long as necessary:

For active customers: until you delete your account
For invoicing: 6 years (legal requirement)
For marketing: until you unsubscribe or withdraw consent

10. Security

We take reasonable technical and organizational measures to protect your data. However, no system is completely secure. Do not send sensitive data via unsecured channels (e.g., plain email).

11. Complaints

If you have concerns about how we process your data, contact us first.
You also have the right to file a complaint with the Finnish Data Protection Authority:
https://tietosuoja.fi/en