Privacy policy

Last updated: 5 November 2025
Controller: Geardom Oy, Pulttitie 18, 00880 Helsinki, Finland
Email: team@geardom.com

This Privacy Policy explains how Geardom Oy (“we”, “us”) collects, uses, discloses, and protects personal data when you visit or purchase from geardom.com (the “Site”), contact our customer service, or interact with our marketing.

If anything here conflicts with mandatory law (e.g., GDPR), the law prevails.

1) Who we are & how to contact us

  • Controller: Geardom Oy (Business ID / VAT ID: FI35503126)

  • Postal address: Pulttitie 18, 00880 Helsinki, Finland

  • Email: team@geardom.com

  • For privacy matters (access requests, objections, etc.), email us with “Privacy Request” in the subject.

Supervisory authority in Finland: Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). You may lodge a complaint with your local authority in the EEA as well.

2) What data we collect

2.1 Data you provide

  • Identity & contact: name, email, phone, billing & shipping addresses, company details (if B2B).

  • Order & account: items ordered, returns/exchanges, notes and preferences, saved addresses.

  • Communications: emails, chat/messages, support history, satisfaction/feedback responses.

  • Marketing & consent: newsletter opt-ins/opt-outs, preferences, contest entries, product waitlists.

  • Documents (rare): if we must verify identity or eligibility (e.g., warranty), we may request limited documentation.

2.2 Data collected automatically

  • Device & usage data: IP address, device ID, operating system, browser type, language, referral URL, pages viewed, time on page, cart actions, clickstream.

  • Cookies/SDKs: identifiers for session continuity, security, analytics, and (if consented) advertising.

2.3 Data from third parties

  • Payment confirmations: from Paytrail, Stripe, PayPal (we do not receive your full card details).

  • Shipping & tracking updates: from Posti and FedEx.

  • Marketing/ads platforms: campaign performance, audience segments (if consented).

  • Anti-fraud / security tools: signals used to prevent abuse.

3) Why we process personal data & legal bases

Purpose Examples Legal basis
Order processing & delivery Checkout, payment, invoicing, shipping labels, tracking, returns & refunds Contract (GDPR Art. 6(1)(b)); Legal obligation (bookkeeping, tax)
Customer service Answering questions, warranty/defect handling, notifications Contract; Legitimate interests (high-quality support)
Account features Saving details, order history, preferences Contract; Legitimate interests (service convenience)
Fraud prevention & security Authentication, rate-limiting, abuse detection, chargeback handling Legitimate interests; sometimes Legal obligation
Marketing (own) Newsletters, product updates, similar-product emails to existing customers Consent for electronic marketing where required; Legitimate interests for similar products to existing customers with easy opt-out
Analytics & personalization Measuring site performance, improving UX, recommending products Consent (non-essential cookies/SDKs); Legitimate interests for limited first-party analytics if strictly necessary
Legal & compliance Accounting records, tax, regulatory requests, dispute resolution Legal obligation; Legitimate interests

You can object to processing based on legitimate interests if your situation justifies it, especially for direct marketing (which you may opt out of at any time).

4) Cookies & similar technologies

We use cookies and similar technologies:

  • Strictly necessary: store operation, checkout, security, consent logging.

  • Preferences: remember choices (e.g., language).

  • Analytics: measure traffic and performance.

  • Advertising: create/measure audiences and show relevant ads.

Non-essential categories (analytics/advertising) run only with your consent. Manage choices anytime via our banner which lists categories, purposes, and lifespans. We honor applicable browser/device privacy signals where technically feasible.

5) Recipients & processors (who gets your data)

We share personal data only as needed for the purposes above, under contracts that protect your data:

  • Ecommerce platform & hosting: Shopify (storefront, checkout, basic analytics, security).

  • Payments: Paytrail, Stripe, PayPal (independent controllers for their payment processing; we receive payment status/IDs to reconcile orders and handle refunds).

  • Shipping & logistics: Posti, FedEx (labels, delivery, tracking; your name, address, email/phone, parcel details).

  • Customer communications: email/helpdesk providers (order confirmations, service messages).

  • Analytics & performance: tools used to understand site usage (non-essential only with consent).

  • Advertising partners (if used): platforms that deliver ads or measure campaigns (non-essential, consent-based).

  • IT/security providers: hosting, monitoring, anti-fraud tools.

  • Professional advisers: accountants, auditors, legal counsel (where necessary).

  • Authorities: where required by law or to protect rights, safety, or property.

A current list of our core processors and sub-processors is available on request.

6) International transfers

Some vendors may process data outside the EEA/UK. Where transfers occur, we use lawful safeguards such as EU Standard Contractual Clauses and assess vendor practices. If an adequacy decision exists, we may rely on it.

7) Retention (how long we keep data)

We keep data only as long as necessary for the stated purpose, then delete or irreversibly anonymize it.

  • Orders & invoices: 6–10 years (accounting/tax laws).

  • Customer accounts: while the account is active; if inactive, delete or anonymize after 24 months of inactivity (unless legal hold).

  • Returns/warranty/claims: order life + up to 36 months (or longer if required by law or ongoing dispute).

  • Customer service emails/tickets: 24 months after resolution (unless legal obligation to keep longer).

  • Marketing subscriptions: until you unsubscribe/withdraw consent; keep minimal suppression data to honor opt-outs.

  • Device/analytics/ads data: per Cookie Policy lifespans and platform rules.

8) Your rights

Subject to conditions in GDPR and local law, you have the right to:

  • Access your data and obtain a copy

  • Rectify inaccurate or incomplete data

  • Erase data (“right to be forgotten”) where applicable

  • Restrict processing in certain cases

  • Object to processing based on legitimate interests, including direct marketing and related profiling

  • Portability of data you provided to us in a structured, machine-readable format

  • Withdraw consent at any time (does not affect prior processing)

How to exercise: email team@geardom.com. We may need to verify your identity. We respond within one month (extendable in complex cases).
Complaints: You may contact the Office of the Data Protection Ombudsman (Finland) or your local EEA authority.

9) Marketing, profiling & automated decisions

  • We may send you email marketing if you consented, or if you’re an existing customer we may email similar products (you can opt out anytime).

  • We may use order history and on-site behavior to recommend products (profiling). You can object to profiling for marketing purposes at any time.

  • We do not make decisions producing legal effects based solely on automated processing without human involvement.

10) Payments

Payments are processed by Paytrail, Stripe, or PayPal. They receive your payment details directly and send us confirmations. We use these confirmations to fulfill orders, issue refunds, and detect fraud. For refunds, we send funds back via the original payment method through the same provider; bank/issuer processing times may affect when funds appear.

11) Shipping & delivery

We share your name, address, email/phone, and parcel details with Posti or FedEx to produce labels, deliver your order, and send tracking updates/notifications. If a parcel is lost or damaged, we may share limited data with the carrier to handle the claim.

12) Security

We use administrative, technical, and physical safeguards appropriate to the risks, including (for example) access controls, encryption in transit, network monitoring, least-privilege principles, and staff training. No system is perfectly secure; we work continuously to improve defenses.

13) Data breaches

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, inform affected individuals without undue delay, including information on what happened and what steps you can take.

14) Children & minors

Our store and marketing are intended for adults. We do not knowingly collect personal data from children.

  • Age limits. If you are below the age required by your country’s law to give digital consent (typically 13–16), you should use our Site only with a parent/guardian’s consent.

  • No targeted marketing to minors. We do not knowingly profile or target advertising to minors.

  • Parental requests. If you believe your child has provided us with personal data without your consent, contact team@geardom.com. We will take reasonable steps to verify the request and delete the data where required.

  • Restricted products/services. Where age restrictions apply under local law, we may request age verification or decline the order.

This section does not limit your statutory rights. For more on your rights and how to contact us, see §8 Your rights and §1 Who we are & how to contact us.

15) Third-party links

Our Site may link to third-party sites. Their privacy practices are governed by their own policies. Please review them before providing personal data.

16) Changes to this Policy

We may update this Policy from time to time. We will post changes on this page and update the “Last updated” date. Significant changes may be announced on the Site.

Contact: team@geardom.com · Geardom Oy, Pulttitie 18, 00880 Helsinki, Finland