Updated 10 March 2026
Privacy Policy
In this Privacy Policy, we explain how we process personal data in our online store MosaikShop.se and in connection with customer service, orders, marketing, and the use of our digital services.
We aim to process personal data carefully, transparently, and only for the purposes for which it has been collected.
1. Data Controller
MosaiikkiMyymälä FIN
Business ID: 1229211-9
Majankatu 3
50190 Mikkeli, Finland
Email: info@mosaikshop.se
Phone: +358 44 246 9244
2. Contact Person for Data Protection Matters
Jukka Hämäläinen
Email: info@mosaikshop.se
Phone: +358 44 246 9244
3. What personal data do we process?
We may process, for example, the following personal data:
- name
- address, postal code, city, and country
- email address and phone number
- the customer’s language and any selected currency
- order and delivery details, such as order contents, delivery method, payment method, and order history
- customer service messages, contacts, and related information
- for business customers, also the company name, Business ID, and VAT number
- technical usage and device data, such as IP address, cookie data, browser information, and website usage data to the extent such data is collected
4. Where do we obtain the data from?
We primarily obtain personal data:
- directly from you when you place an order, contact us, or subscribe to our newsletter
- through the use of the online store via cookies and similar technologies, if you have given the necessary consent
- from payment, delivery, and technical service partners to the extent necessary to complete the order, process payments, arrange deliveries, or protect the service
5. For what purposes is personal data used and on what basis?
We process personal data only for predefined purposes and on a lawful basis.
Order processing, delivery, and customer service
We process personal data to receive orders, process payments, arrange deliveries, handle returns, and provide customer service.
Legal basis: contract and performance of a contract.
Compliance with legal obligations
We process data for accounting, taxation, consumer protection obligations, complaints handling, and other legal obligations.
Legal basis: legal obligation.
Customer relationship management and service development
We may process data to ensure the functionality and security of the online store, prevent misuse, improve customer service, and analyse and develop the service.
Legal basis: legitimate interest. Our legitimate interest is to maintain a secure, functional, and customer-friendly online store.
Newsletters and electronic direct marketing
If you subscribe to our newsletter or provide separate consent, we use your contact details to send newsletters, offers, and current information.
Legal basis: consent.
Cookies, analytics, and targeted marketing
We use cookies and similar technologies for website functionality, analytics, and possible marketing targeting. The use of cookies other than strictly necessary cookies is based on your consent.
Legal basis: consent to the extent that it concerns non-essential cookies or analytics and marketing based on them.
6. Is providing personal data mandatory?
Providing the personal data required for placing an order and performing the contract is, in practice, necessary for us to accept the order, process payment, deliver the products, and handle any returns or complaints.
Subscribing to the newsletter, giving marketing consent, and accepting cookies other than strictly necessary cookies are voluntary.
7. To whom is data disclosed?
We disclose personal data only to the extent necessary to provide the service, comply with the law, or protect our rights.
Data may be disclosed, for example, to the following categories of recipients:
- payment service partners, such as Paytrail and payment methods offered through Paytrail
- logistics and transport partners, such as PostNord, Posti, and Matkahuolto
- providers of e-commerce, hosting, technology, and information security services
- email marketing service providers, such as Mailchimp, if you have subscribed to the newsletter
- analytics and advertising partners, such as Google services, if you have given consent for this
- authorities, where required by law
8. Is data transferred outside the EEA?
Some of the service providers we use may have servers or sub-processors located outside the European Economic Area or may process data from outside the EEA.
If personal data is transferred outside the EEA, we ensure that the transfer is based on a lawful transfer mechanism required by data protection legislation, such as an adequacy decision of the European Commission or standard contractual clauses, and, where necessary, other appropriate safeguards.
9. How long is data retained?
We retain personal data only for as long as necessary for the purposes described in this Policy or for as long as required by law.
- order data is retained for customer relationship management and to comply with accounting and consumer protection obligations
- customer service-related data is retained for as long as necessary to handle the matter and for a reasonable follow-up period
- data processed for newsletter marketing is retained until you withdraw your consent or request removal of your data for that purpose
- retention periods related to cookies and analytics depend on the type of cookie, the tool used, and the consent choices you make
We review retention periods regularly and delete or anonymise data when there is no longer a valid basis for retaining it.
10. Cookies and similar technologies
We use strictly necessary cookies on the website to ensure the technical operation, security, and, for example, the functioning of the shopping cart or language selection.
In addition, we may use analytics, functionality, and marketing cookies or other similar technologies only to the extent that you have given your consent. You can accept, reject, or later change your choices regarding non-essential cookies in the cookie settings.
More information about the cookies used, their purposes, and their retention periods is provided in the cookie banner or cookie settings.
11. How do we protect personal data?
We use appropriate technical and organisational safeguards to protect personal data. These include, for example, access control, password protection, limited user rights, system security measures, and guidance for personnel involved in processing personal data.
Personal data is processed only by persons whose duties require such processing.
12. Rights of the data subject
In accordance with data protection legislation, you have the right to:
- receive information about the processing of your personal data
- access your data
- request the rectification of inaccurate or incomplete data
- request the deletion of data in certain situations
- request restriction of processing in certain situations
- object to the processing of personal data in certain situations
- receive the data you have provided in a structured format and have it transferred from one system to another where applicable
- withdraw your consent at any time where processing is based on consent
- lodge a complaint with a supervisory authority if you believe your personal data has been processed unlawfully
Please note that not all rights apply in every processing situation. The scope of a right depends, for example, on the legal basis for processing.
13. Exercising your rights and contacting us
You may exercise your rights or ask questions about the processing of your personal data by contacting us by email at info@mosaikshop.se.
We respond to requests without undue delay and, as a rule, within one month of receiving the request.
14. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates data protection legislation, you have the right to lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.
15. Changes to this Privacy Policy
We continuously develop our service and may update this Privacy Policy when necessary. The current version is always available on our website.
