Balmuir front page
Stores and opening hours

Season sale 50% off + extra 20% off when purchasing 50€ or more | Applied automatically at checkout | Valid until 10th of August

Privacy Notice

The lawful and secure processing of personal data is important to Balmuir Oy ("Balmuir"). Balmuir is committed to complying with the applicable data protection legislation in force in Finland, guidelines issued by authorities, and to process personal data in accordance with good data processing practices.

This privacy policy outlines, among other things, what personal data we collect, for what purposes and on what legal bases, to whom we may disclose data, and how individuals can influence the processing of their data. The use of cookies on our websites www.balmuir.com and www.balmuir.fi ("Websites") is described in a separate cookie policy.

In certain situations, Balmuir Oy may act as a joint controller together with other group companies or cooperation partners. The joint controllers are jointly responsible for the processing and purposes of personal data. For more information about the joint controllers, please contact our data protection officer using the contact details provided below.

Data controller

Balmuir Oy

Business ID: 2131329-2

Torikatu 18, 90100 Oulu, Finland

Email of the data protection officer: dataprotection@balmuir.com

What data do we collect?

We collect and process data only to the extent necessary for the purposes described in this privacy policy.

The data we collect can be divided into three groups: data provided by the customer or user of our Websites, data collected from the use of our Websites, and data derived from the aforementioned sources.

1. Data provided by the individual

•o Identification information, such as first and last name

o Contact information, such as phone number, email address and postal address (we do not collect any potentially confidential address or other contact information; the data subject is responsible for the accuracy and appropriateness of the information provided)

o Delivery information, such as delivery address and country

o Payment information, such as billing information and selected payment method

o Marketing communication consents and prohibitions

o Customer service messages

o Other data provided with the customer's consent, such as responses to customer satisfaction surveys and competitions

o Direct marketing opt-out

• Direct marketing opt-out

2. Data collected from the use of Websites

o Purchase history, such as ordered products, delivery details, returns and payments

o Browsing and usage data from the online store

o Device identifiers

o Online store session events, such as shopping cart additions

o Purchases made by point of sale, total amount, product category and individual product

o Data collected for the purposes of developing customer relationship

o Any information on the controller's chains, services and products that may interest the customer

o Customer-generated data (e.g., click and visit history)

3. Data derived through analytics

o Product recommendations inferred from browsing and purchase data

o Customer segmentations and interests inferred from purchase data

o Size information inferred from purchase data for providing size recommendations

Providing identification, contact, and payment information is mandatory when purchasing from Balmuir.fi and Balmuir.com online stores.

Where do we collect data from?

We primarily collect the data from the customer or user of our Websites through registration, orders or other contacts. Data is also collected through the use of our Websites using cookies and other similar technologies. Additionally, we may receive data from third parties such as public registers maintained by authorities or from our partners (for example, a credit service provider) in accordance with applicable legislation.

Data may also be collected from notifications made by the customer or from responses given to customer surveys. We also collect data through cookies for targeted marketing, provided the customer has given their consent.

For more information about our use of cookies, please refer to our separate cookie policy.

For what purpose and on what legal basis do we process data?

We use personal data for the following purposes:

Provision and production of services:

We process personal data for processing orders, purchase transactions and returns from the Balmuir.com/Balmuir.fi online store, as well as for invoicing, debt recovery and crediting. We also process personal data for customer service, customer communication and for resolving various malfunctions or disruptions as well as for handling complaints.

  • Legal basis: the performance of a contract

We process personal data to comply with Balmuir's legal obligations, such as compliance with accounting and other mandatory legislation, as well as for detecting and investigating fraud and misuse.

  • Legal basis: legal obligation

The processing of data related to customer relationship is primarily based on the contractual relationship between Balmuir and the customer. We may also process data for example for direct marketing purposes and/or for organising various competitions and prize draws, as well as for customer satisfaction or similar surveys.

  • Legal basis: consent

Additionally, we process data for purposes such as analysing and developing our business, products and services, as well as for preventing and investigating misuse.

  • Legal basis: legitimate interest

If the customer does not provide all necessary personal data to the data controller, the customer may not be able to take advantage of the benefits offered by the Balmuir.com/Balmuir.fi online store, or the customer may not be able to make purchases in the Balmuir.com/Balmuir.fi online store.

Marketing:

Personal data is also processed for communication purposes, such as improving the customer experience, developing the functionality and services of the Websites, and for analysing and compiling statistics on website visitor traffic.

  • Legal basis: legitimate interest

Data collected from the Balmuir.com/Balmuir.fi online stores may also be used for marketing purposes and for targeting offers, benefits, events or other marketing activities, including through third parties.

  • Legal basis: consent

Business development:

Personal data is also processed for the purposes of analysing, planning and improving business operations.

  • Legal basis: customer’s consent, legitimate interest

How do we process personal data?

We process personal data only to the extent necessary for the predefined purposes and to fulfil any legal obligations that may apply to Balmuir.

We make reasonable efforts to keep the personal data in our possession accurate by removing unnecessary data and updating outdated information. Personal data is recorded in the register as received from the customer and is updated according to what the customer reports to us.

Balmuir's own employees have access to personal data, and our personnel is trained to handle personal data securely and appropriately. Our personnel are bound to confidentiality obligations and are prohibited from misusing confidential information. Processing personal data in our systems requires password-protected login credentials, and individuals with granted access may process personal data only to the extent necessary for performing individual tasks.

Protection of personal data & how long do we store data?

Only designated employees of the data controller and its partners are authorised to access the customer register, based on access rights granted by the data controller. The information system of the Balmuir.com/Balmuir.fi customer register is protected by firewalls and other technical security measures. Only designated users with personal usernames and passwords can access the information system. All individuals who process personal data are bound by confidentiality obligations, and personal data is processed with strict confidentiality.

We store personal data in accordance with applicable legislation and only for as long as necessary to fulfil the predefined purposes for which the data was collected. Data may need to be stored even after the customer relationship or other legal basis for processing has expired, for example, due to accounting, consumer protection, or other mandatory legal requirements.

We store our customers' data for eight (8) years from the purchase transaction in order to handle any related claims. After this period, we delete the personal data from the customer register. The customer will be informed of the deletion in advance, provided that the customer has provided up-to-date contact details.

We store accounting material for six (6) years after the end of the financial year in accordance with the Finnish Accounting Act.

Additionally, we store log data from system usage and backups of databases to secure data, correct error situations, and ensure data security and continuity, for the duration required by legislation.

Personal data is generally not stored in manual registers. Applications and other manually processed documents containing customer data are stored in locked and fire-safe storage facilities.

The data controller regularly assesses the risks related to data protection.

If the customer so requests, their data can be anonymised, in which case all personal data will be removed from their account and purchased history by pseudonymising. The customer cannot be identified from such an anonymised account, and such an account cannot be restored as such.

Is personal data disclosed and transferred?

We use subcontractors and partners to process personal data, for example, for storage, analytics or marketing purposes. We only use reliable partners for these purposes, and we ensure through appropriate contractual arrangements that personal data is processed in accordance with data protection legislation and this privacy policy. Balmuir's partners are not permitted to use the data for their own purposes or to share or sell the data onward.

We may disclose personal data required for the operation of our online store to trusted partners in the logistics and banking sectors, including Posti, Matkahuolto, and Paytrail Oy. For example, to enable deliveries, your address and contact information will be shared with the logistics providers. Information about online store transactions is shared with our content and marketing targeting system, to which only we have access. During payment transactions, your payment details are processed through a trusted payment intermediary.

We may disclose personal data if required by competent authorities or other parties in accordance with applicable legislation. Personal data may be disclosed for the investigation of crimes, debt recovery, and possible violations. Personal data may also be disclosed in connection with a possible business acquisition, merger, outsourcing or business transfer, as well as in relation to a group relationship or other economic affiliation with the parties involved.

Are personal data transferred outside the EU/EEA area?

We primarily process personal data within the European Union (EU) and the European Economic Area (EEA).

Due to the technical implementation of the processing, personal data may also be transferred outside the EU and EEA area within the limits permitted by the EU General Data Protection Regulation and other applicable legislation. In such cases, we ensure an adequate level of data protection by, among other things, agreeing on data confidentiality and processing matters as required by data protection legislation. Such data transfer is carried out based on a contract with the recipient using the standard contractual clauses approved by the EU Commission, or there exists another lawful basis for the transfer, such as the establishment, exercise or defence of legal claims. All data transfers and processing are conducted in accordance with this privacy policy.

How do we take care of data security?

We protect your personal data very carefully by applying appropriate organisational and technical data security measures. Manually processed documents containing customer data are stored in locked premises and cabinets to prevent unauthorised access.

Our personnel who process personal data are bound by confidentiality obligations, and the data is only processed by designated Balmuir employees and trusted partners' employees who need the data to perform their duties.

If, despite our precautions, a data breach or other similar threat occurs that may have harmful effects on our customers' privacy, we will inform our customers and supervisory authorities as soon as possible in accordance with applicable data protection legislation.

What rights do you have?

As a customer, you have the following rights under applicable data protection legislation:

Right of access

The customer has the right to check what information is stored about them in the customer register. The customer can primarily access this information through the online store. If the customer cannot access the information online, they may request access to their personal data. The request should be submitted to any of our stores or to our customer service email address (info@balmuir.fi). The customer's identity will be verified.

The customer also has the right to know whether Balmuir Oy processes their personal data. The customer can send an inquiry request about this to the customer service email address (info@balmuir.fi) or to any of our stores. The customer's identity will be verified.

The customer has the right to receive a copy of the personal data being processed. Additionally, the customer has the right to receive confirmation, if their data is not being processed. If the customer opts out of receiving marketing communications, the customer may still receive communications related to transactions and their customer relationship. Providing personal data may in certain situations be a prerequisite for service activation or use. Additionally, the customer has the right to receive the data from our register in a commonly used electronic format.

Rectification of personal data

The customer has the right to have inaccurate or incomplete personal data rectified.

The customer can submit a request for rectification of their personal data to our customer service email address (info@balmuir.fi) or to any of our stores. The customer's identity will be verified.

The data controller may also rectify or complete incorrect or incomplete personal data in the register on its own initiative.

Erasure of personal data

The customer has the right to request the data controller to erase their personal data, provided that one of the following grounds applies:

· The personal data is no longer necessary for the purposes for which they were collected or otherwise processed;

· The customer has withdrawn their consent on which the processing was based, and there is no other legal basis for the processing;

· The customer objects to the processing of their personal data on grounds relating to their particular situation, where the processing is necessary for the purposes of the legitimate interests pursued by the data controller or third party, such as profiling; (in this case, the data controller may no longer process the personal data, unless the data controller can demonstrate compelling legitimate grounds for processing which override the customer's interests, rights

and freedoms, or if the processing is necessary for the establishment, exercise of defence of legal claims.)

· The customer objects to the processing of their personal data for direct marketing purposes;

· The personal data has been unlawfully processed;

· The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject; or

· The personal data has been collected from a child in connection with offering information society services.

The customer can submit a request for erasure by email to our customer service email address (info@balmuir.fi) or at any of our stores. The customer's identity will be verified.

Restriction of processing personal data

The customer has the right to restrict processing of their personal data, provided that one of the following grounds is met:

· The customer contests the accuracy of the personal data. In such cases, the processing will be restricted for a period enabling the data controller to verify the accuracy of the personal data;

· The processing is unlawful and the customer opposes the erasure of the personal data and requests the restriction of their use instead;

· The data controller no longer needs the personal data for the purposes of the processing, but the customer requires them for establishing, exercising or defending legal claims;

· The customer has objected to the processing of their personal data on grounds relating to their particular situation, where the processing is necessary for the performance of a task carried out for reasons of public interest or in the exercise of official authority vested in the data controller, or on grounds of the legitimate interests of the data controller or a third party, and the data controller is assessing whether the legitimate grounds of the data controller override those of the customer.

When the processing of the customer's personal data has been restricted, such personal data may, with the exception of storage, only be processed with the customer's consent or for the establishment, exercise or defence of legal claims or for the protection of the the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

The customer can make a request to restrict processing of their personal data. The request should be sent to our customer service email address (info@balmuir.fi) or to any of our stores. The customer's identity will be verified.

Right to object

The customer has the right to object to processing of their personal data, provided that one of the following grounds is met:

· The customer has the right to object on grounds relating to their particular situation at any time to the processing of personal data concerning them, which is necessary either for the performance of a task carried out for reasons of public interest or in the exercise of official authority vested in the data controller, or on grounds of the legitimate interests of the data controller or a third party, including profiling based on these; or

(In this case, the data controller shall no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the customer, or if it is necessary for establishing, exercising or defending legal claims.)

· The customer has the right to object at any time to the processing of their personal data for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing.

The customer can submit a notification of objection regarding the processing of their personal data. The notification should be sent to any of our stores or to our customer service email address (info@balmuir.fi). The customer's identity will be verified.

Data portability

In certain situations, the customer has the right to receive the personal data held by the data controller to themselves or to transmit the personal data to another data controller. The right concerns such personal data that the customer has provided to the data controller and which the data controller processes based on the customer's consent or to perform a contract in which the customer is a party. The right concerns personal data that is processed by automated means.

Right to withdraw consent

The customer can withdraw their consent at any time when the processing of their personal data is based on this consent. Processing of personal data is based on consent, for example, when the customer has given permission for electronic direct marketing.

The customer can withdraw their given consent by contacting Balmuir.com online store’s customer service (info@balmuir.fi).

Information about automated decision-making and profiling

Decision-making is automated when:

· decisions are based solely on the automated processing of personal data; and

· the decisions made have legal effects or otherwise significantly affect the customer. Profiling means the automated processing of personal data used to evaluate personal characteristics of an individual.

Profiling refers in particular to the analysis or prediction of aspects relating to, among other things, personal preferences, interests or behaviour.

Profiling

· is automated or partially automated;

· is performed on personal data; and

· evaluates personal characteristics.

The data controller may profile its customers in order to target marketing based on the customer's purchasing behavior and preferences. Based on the data controller's assessment, such profiling does not have significant effects on the customer who is the subject of profiling. Additionally, the data controller's profiling is always based on the customer's consent and the customer has the right to object to profiling.

If the processing of your data is based on your consent, you naturally have the right to withdraw your consent.

Through your customer account page, you can also determine, correct, or delete data you have provided and decide whether you wish to receive marketing messages from Balmuir. You may also request the deletion of your customer account by sending a request to our customer service info@balmuir.fi.

You may send requests or questions regarding your rights and other customer data to our customer service info@balmuir.fi. Balmuir may ask you to clarify your request and verify your identity before processing your request. We may refuse to fulfil your request based on legal grounds provided under applicable law, for example, when Balmuir has the right to retain data for the performance of a contract or due to a legal obligation.

If you notice deficiencies in our data processing or operations, you have the right to lodge a complaint with supervisory authorities. However, we kindly ask that you also inform us so we can correct our mistake.

Who can you contact?

You may contact Balmuir at any time if you have questions regarding the processing of personal data or this privacy policy using the following contact details:

dataprotection@balmuir.com

or

Customer Service info@balmuir.fi Balmuir Oy / Balmuir Torikatu 18 90100 Oulu, Finland

Right to lodge a complaint with a supervisory authority

If the customer considers that Balmuir Oy does not process their personal data in accordance with the EU General Data Protection Regulation, the customer can lodge a complaint with the supervisory authority in the EU Member State where the customer has their habitual residence or place of work or place where the customer considers the violation to have occurred. In Finland, this authority is the Data Protection Ombudsman.

Office of the Data Protection Ombudsman

Visiting address: Lintulahdenkuja 4, 00530 Helsinki Postal address: PO Box 800, 00531 Helsinki Telephone (switchboard): +358 29 56 66700 Fax: +358 9 56 66735 Email: tietosuoja@om.fi

Changes to this privacy policy

We reserve the right to update this privacy policy from time to time. Changes may also result from amendments to applicable legislation. We therefore recommend reviewing the contents of this privacy policy regularly. Substantial changes to this privacy policy will be communicated to our registered customers in connection with the update of the terms and will also be announced on our Websites.

This privacy policy was updated on June 16, 2025.