In accordance with the General Data Protection Regulation (GDPR, 2016/679) of the European Union and the Finnish Personal Data Act (523/1999, Section 10), this privacy policy also serves as the data file description required by law.
Witches’ North (Härkin Creative) is committed to protecting the privacy of its users and adheres to good data protection practices in all operations. This privacy policy explains what types of personal data we may collect from you when you order our products or contact us through our website, and for what purposes this data may be used. Users must accept the terms of this privacy policy before making a purchase or subscribing to the newsletter.
1. Data Controller
Witches’ North / Härkin Creative FI3281011-2
Jenni “Ninni” Härkin
Pellavapolku 5B4
80710 Kontiolahti, Finland
2. Contact for Privacy Matters
For any questions related to data protection and personal data processing, please contact:
ninni (at) witchesnorth.com
3. Name of the Register
Witches’ North Customer Register
4. Purpose of the Register
The register is used for the following purposes:
- Customer relationship management (order processing, delivery, warranty issues, billing)
- Development, administration, and improvement of the webshop, business and services
- Customer communication, marketing, and targeted marketing
The processing of personal data complies with the GDPR, and data is processed based on the customer relationship, contractual obligations, website usage, explicit consent of the customer, or legal obligations.
5. Data Included in the Register
Th witchesnorth.com user register may contain the following information provided by users:
- First and last name
- Email address
- Phone number
- Postal address
- Payment and billing details
- Information on marketing permissions and restrictions
- Product reviews
Additionally, data derived from service usage or analytics may include:
- Purchase history (ordered products and their prices)
- Device identifiers (e.g., IP address)
- Website usage and browsing data
- Information collected via cookies (e.g., referral sources)
- Any messages or content the user has uploaded to the website’s community.
6. Regular Sources of Data
Data is primarily collected from the customer themselves via the website, forms on the site, at events, during campaigns, or via customer service phone calls.
Blog Comments
When users leave comments, we collect the data shown in the comment form, as well as the user’s IP address and browser information for spam detection purposes.
An anonymized string (hash) created from the email address may be sent to the Gravatar service to check if the commenter is a registered user. Gravatar’s privacy policy is available at: https://automattic.com/privacy
7. Data Transfers to Third Parties
Witchesnorth.com may transfer data to third parties (e.g., for payment processing, delivery, or marketing purposes). These parties include:
- Payment processors (Stripe, Paypal)
- Email marketing partners (e.g., Kit)
These third parties are only provided with information necessary to fulfill their services and are not allowed to use the data for their own purposes. We do not sell, rent, or disclose your information to third parties.
We may also disclose data to authorities when legally required.
8. Data Security Principles
All databases are protected against unauthorized access with firewalls, passwords, and other technical safeguards. Databases and backups are stored in locked facilities. Only designated employees or contractors with specific access rights can access the data.
9. Rights of the Data Subject
You have the right to:
- Access your personal data
- Correct your data
- Restrict processing (e.g., opt out of marketing)
- Object to processing
- Withdraw consent (e.g., withdraw from marketing)
- File a complaint with a supervisory authority
Requests must be sent in writing and signed to the contact email provided above. A reasonable fee may be charged if data access is requested more than once per year.
Some rights may be limited by legal obligations, such as accounting requirements.
10. Data Retention
We retain personal data only as long as necessary to fulfill the purposes described in this privacy policy. Finnish accounting law requires longer retention of certain information.
We store registered user profile data. User profiles are deleted upon request. Website administrators may view and edit user data.
Comment Storage
Comments and their metadata are stored indefinitely so that subsequent comments can be recognized and approved automatically instead of being held in a moderation queue.
11. Use of Cookies
A cookie is a small text file stored on your device. It contains a unique identifier that helps us recognize users. Cookies are used to improve usability and functionality. Cookies alone do not allow identification of a user.
We use two types of cookies:
- Persistent cookies, which are stored for up to 12 months
- Session cookies, which expire when the browser session ends
You can manage or delete cookies through your browser settings. Please note that disabling cookies may affect site functionality.
If you leave a comment, you may opt-in to saving your name, email, and website in cookies. These are for your convenience and expire in one year.
If you log in, temporary cookies are used to check cookie support. Login and display preference cookies are also used and expire after 2 days or 1 year respectively.
Embedded Content
Articles on this site may include embedded content (e.g., videos, images, articles). This behaves as if the user visited the third-party site directly. These third-party sites may collect data, use cookies, and track your interaction with the embedded content.
12. Changes to This Privacy Policy
We reserve the right to update this policy due to service development or changes in legislation. Significant changes will be communicated to registered users.