Privacy policy

PRIVACY POLICY

Last Updated: February 26, 2026

1. INTRODUCTION AND DATA CONTROLLER Tashcolour Tmi ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, and process your personal data when you visit or make a purchase from https://tashcolour.store/ (the "Site"). The Data Controller is: Tashcolour Tmi (Tatiana Shakhovskaia) Business ID (Y-tunnus): 3451369-9 Address: Tikkakalliontie 231, 15820 LAHTI, Finland Email: tashcolour1@gmail.com Phone: +358415815228

2. PERSONAL INFORMATION WE COLLECT We collect personal information directly from you (e.g., during checkout), automatically through the Services (e.g., via cookies), and from third-party partners. We collect the following categories:

  • Contact Details: Name, shipping address, billing address, phone number, and email address.
  • Financial Information: Payment card details (such as credit card numbers and security codes) are collected and processed directly by our secure third-party payment processors (Shopify Payments, Stripe, and/or PayPal). We do not store your full payment card information on our servers. We only retain transaction information (e.g., payment status, order value, and the last four digits of the card) for order fulfillment, accounting, and legal purposes.
  • Account Information: Username, password, and preferences if you create a gallery account.
  • Device & Usage Information: IP address, browser type, time zone, and interaction data collected via cookies (including Google Analytics and Meta Pixel).
  • Communications: Information included in any customer support inquiries you send us.

3. LEGAL BASIS FOR PROCESSING

In accordance with the GDPR, we process your data based on:

  • Performance of a Contract (Art. 6(1)(b) GDPR): To process orders, shipping, and customer support.
  • Legal Obligation (Art. 6(1)(c) GDPR): To comply with Finnish tax and accounting laws.
  • Legitimate Interest: To ensure Site security, prevent fraud, and improve our art collection offerings.
  • Consent (Art. 6(1)(a) GDPR): For marketing communications and non-essential cookies (Analytics/Pixel).

4. AUTOMATED PROCESSING AND PROFILING We use Shopify’s automated systems to enhance your shopping experience. This profiling analyzes your browsing behavior to suggest artworks you may like.

  • These processes do not produce legal effects or significantly affect you as defined by Art. 22 GDPR.
  • You have the right to object to such processing or request human intervention by contacting us.

5. DATA RECIPIENTS AND INTERNATIONAL TRANSFERS

We share your data with essential service providers:

  • Shopify: Our e-commerce platform. Shopify may process your data for its own purposes as described in the Shopify Privacy Policy.
  • Logistics: Courier services (e.g., Posti, DHL) for shipping physical art.
  • Analytics: Google and Meta (for marketing tracking).
  • Legal Disclosures: We may disclose information to comply with applicable law or respond to valid legal processes. International Transfers: As Shopify is a global company, your data may be transferred outside the EEA (e.g., Canada or the USA). We rely on Standard Contractual Clauses (SCCs) or equivalent adequacy decisions to protect these transfers.

6. DATA RETENTION

  • Order Information: Retained for 6 years following the end of the financial year to comply with the Finnish Accounting Act (Kirjanpitolaki).
  • Account & Marketing Data: Retained until you delete your account or withdraw your consent.

7. YOUR RIGHTS Under the GDPR and the Finnish Data Protection Act (Tietosuojalaki), you have the right to access, correct, or delete your data, object to or restrict processing, and exercise data portability . You may withdraw consent at any time. To exercise these rights, contact tashcolour1@gmail.com.

8. CHILDREN’S DATA The Services are not intended for use by children. We do not knowingly collect personal information from individuals under the age of 16 (or the age of majority in your jurisdiction). If you are a parent and believe we have such data, please contact us for its deletion.

9. SECURITY LIMITATIONS We implement technical and organizational measures to protect your data. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security" for information in transit or at rest.

10. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy from time to time to reflect changes in our practices. We will post the revised version on the Site and update the "Last Updated" date.

11. COMPLAINTS If you believe your rights are violated, you may lodge a complaint with the Finnish Data Protection Ombudsman: Tietosuojavaltuutetun toimisto (www.tietosuoja.fi).

12. COOKIE POLICY This section explains how we use cookies and similar tracking technologies to track the activity on our Site and hold certain information.

  • 12.1. What are Cookies? Cookies are small files placed on your device. They help us provide essential site functionality and analyze site performance.
  • 12.2. Categories of Cookies We Use:
    • Essential Cookies: Strictly necessary for the Site to function (e.g., Shopify session cookies, security, and cart functionality). These cannot be disabled.
    • Analytical/Performance Cookies: We use Google Analytics to collect information about how you use our Site. We only activate these with your explicit consent.
    • Marketing/Targeting Cookies: We use Meta Pixel to deliver relevant advertisements and track the effectiveness of our marketing campaigns. We only activate these with your explicit consent.
  • 12.3. Managing Your Preferences: You can manage or withdraw your consent at any time through the cookie banner on our Site. Additionally, you can adjust your browser settings to refuse cookies. To opt-out of targeted advertising, you can visit the Network Advertising Initiative’s (“NAI”) opt-out page at https://optout.networkadvertising.org/ or the European interactive service https://www.youronlinechoices.com/.