Privacy Policy and Register Description | Meadow Cosmetics

This privacy policy applies to the customer and marketing operations of Meadow Cosmetics Oy. The policy describes how Meadow Cosmetics Oy processes its customers' personal data in customer relationship and marketing activities.

CONTROLLER

Meadow Cosmetics Oy, business ID 3591936-7, Pihlajatie 39 00270 Helsinki.

CONTACT PERSON FOR MATTERS CONCERNING THE PERSONAL DATA REGISTER

The contact person for data protection matters at the controller is Severi Salonen. He can be contacted concerning the register by email: moi@meadow.fi

NAME OF THE REGISTER

Meadow Cosmetics Oy's marketing and customer register.

DATA CONTENT OF THE REGISTER

The following information can be stored in and processed by the register. Not all of the information mentioned below may be available for every user.

• The data subject's name, address, phone number, email, customer information, payment information, company and its billing information, other information possibly provided by the customer themselves
• Changes to the aforementioned information
• In addition, the register may contain other notes related to the data subject and their potential customer relationship, and other information necessary for the proper management of the customer relationship. This may include, for example, information about the data subject's contact requests or newsletter subscriptions.

PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

The controller aims to provide the best possible service through its customer and marketing activities, and to offer data subjects content that is specifically of interest to them. Personal data is used by Meadow Cosmetics Oy for:

• Targeting customer communications and marketing measures
• Managing, maintaining, and developing customer relationships
• Producing services and handling service deliveries

Personal data is processed based on the data subject's consent, for the legitimate interests of the Controller, or for the preparation or execution of a contract to which the data subject is a party.

DATA SOURCES

The personal data in this register is always obtained directly from the data subject themselves.

RETENTION PERIOD OF PERSONAL DATA

Data collected in the register is retained only for as long as and to the extent necessary and legally permitted in relation to the original or compatible purposes for which the personal data was collected. We retain personal data based on the nature of the customer relationship as follows:

Data of regular customers is generally retained for three (3) years from the last active event between the data subject and the Controller.

Data of loyal customers and repeat subscribers may be retained for up to five (5) years from the last active event, as our cosmetic products may have a longer purchase cycle.

Data is deleted when its defined retention period has expired. Personal data may be used after the customer relationship ends if required by applicable law, such as for information required by accounting law (6 years). In addition, the Controller takes all reasonable steps to ensure that inaccurate, erroneous, or outdated personal data is corrected or deleted without delay with respect to the purposes of processing.

PRINCIPLES OF REGISTER PROTECTION

The confidentiality of customer personal data is important to the Controller. The Controller has implemented appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, disclosure, misuse, alteration, loss, or unauthorized access.

The use of the register within the controller's organization is instructed, and access to the personal data register is restricted by access rights such that only employees who have the right to access the data stored in the system due to their work duties and who need the information for their tasks are authorized to use it.

The information systems used for processing personal data are technically protected in adequate ways, and access to them is secured by appropriate methods, including personal user IDs and passwords. Special attention is paid to the data security of register data backup and the destruction of materials containing personal data.

DISCLOSURE OF DATA

The processing and storage of personal data is partly outsourced to external service providers. The Controller guarantees that such outsourcing takes place in accordance with current data protection and personal data legislation and that external service providers do not utilize the data in this personal data register for their own purposes.

Personal data will not be disclosed outside the Controller or its data storage service providers in a way that allows the data to be identified as pertaining to an individual user, except in the following exceptional circumstances: as required by law or official order, by court order, or if otherwise necessary to prevent or investigate alleged breaches of law, terms of use of online services, or good practice, or to protect the rights of the controller or third parties.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION / EUROPEAN ECONOMIC AREA

The Controller may transfer personal data outside the EU and EEA areas due to the technical implementation of data processing when using external service providers for data storage, based on a cooperation agreement between the parties. These transfers are carried out securely in accordance with data protection legislation and within its limits.

For international data transfers, we use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other transfer mechanisms in accordance with the GDPR. All transfers of personal data are carried out in compliance with high-level data security practices, such as data encryption during both transfer and storage. We also ensure that service providers processing data comply with internationally recognized data security standards.

RIGHTS OF THE DATA SUBJECT

The data subject has the right to inspect the data concerning them in the register and to request correction of any incorrect, incomplete, or outdated data. An inspection request can be made free of charge once a year. Inspection and correction requests must be addressed to the contact person for the personal data register, whose contact details are at the beginning of this policy, either by visiting them in person or by sending a signed letter or similarly verified document to ensure the requestor's right to the request. Inspection requests will be answered within one month of their submission.

The data subject has the right to withdraw their previously given consent for data processing at any time or to lodge a complaint regarding the processing of their personal data with the supervisory authority. The data subject also has the right to request the erasure of their personal data from the register, provided that it is no longer necessary for the purposes for which it was collected or otherwise processed, or that there are no statutory obligations for the Controller to process or retain it. The data subject also has the right to request the restriction of processing of their personal data or to object to the processing of their personal data.

COLLECTION AND USE OF PERSONAL DATA

Meadow Cosmetics Oy collects personal data, such as phone numbers, to provide and improve our services. We use the data, among other things, for:

• Communicating about orders or inquiries
• Sending marketing messages, such as SMS notifications, with your consent
• Sending reminders for abandoned shopping carts and suggesting completion of purchases

Your information is processed securely and used only for the purposes stated in this privacy policy.

TERMS OF THE SMS MARKETING PROGRAM

Program description and data processing

We collect your phone number when you create an account, checkout, or join our SMS marketing program. These numbers are used for:

• Sending updates, offers, and reminders via SMS messages
• Providing a more personalized shopping experience

We do not share SMS opt-in information with third parties other than through service providers necessary for sending messages.

Abandoned cart reminders

The Meadow.fi website uses cookies and plugins to track items you add to your shopping cart. This information allows us to identify when your shopping cart has been abandoned and to send you timely reminder messages to complete your purchase.

Location data and location-based services

If location-based services are in use, we may collect device location data to provide location-based services or personalized content. Location data is collected:

• When you use features that require location data (e.g., store locator)
• To enhance the shopping experience and deliver relevant offers

All location data is processed securely and used only as described herein.

COOKIES AND TRACKING TECHNOLOGIES

The Meadow.fi website uses various cookies and tracking technologies. Here is a more detailed breakdown of the types of cookies we use:

Essential cookies

These cookies are essential for the website's operation and enable, for example, the use of the shopping cart, logging in, and payments. These cookies cannot be disabled, as the online store would not function without them.

Functional cookies

Functional cookies enable the personalization of the website experience. They remember your choices (such as language and region selections) and provide more personalized features. These cookies collect information anonymously and do not track your movements on other websites.

Analytics cookies

We use analytics cookies (such as Google Analytics) to collect information on how visitors use our online store. These cookies gather information, for example, about which pages visitors frequent most and what error messages they may receive. The collected information is anonymous, and individual visitors cannot be identified.

Marketing cookies

Marketing cookies help us provide you with targeted advertising based on your interests. Their purpose is to display advertisements that are relevant and engaging for individual users, and thus more valuable for publishers and third-party advertisers.

You can manage cookie settings in your browser settings. Most browsers allow you to disable cookies or accept only certain cookies. Please note, however, that some online store functions may not work correctly if you disable cookies.

AUTOMATED DECISION-MAKING AND PROFILING

Meadow Cosmetics Oy may use customer data for automated decision-making and profiling to improve the service experience. This means we may:

• Analyze your purchase history to offer you personalized product recommendations
• Target marketing messages based on your interests and past purchasing behavior
• Send automated reminders for abandoned shopping carts

Automated decision-making never concerns legally significant decisions, nor is it intended to cause you harmful effects. You always have the right to request that a natural person be involved in decisions based on your data, to express your opinion, and, if necessary, to challenge an automatically made decision.

PRIVACY POLICY UPDATES

This privacy policy was last updated on 16.04.2026.

Meadow Cosmetics Oy monitors changes in data protection legislation and aims to continuously develop its business, therefore reserving the right to update this privacy policy.