Privacy policy for e-commerce customers.

This is a register and data protection statement in accordance with Cansa Oy’s Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). This report was prepared on 28 January 2021.

Based on this data protection statement, the picture clearly and comprehensibly shows how Cansa oy (hereinafter “Cansa”) collects, processes and stores customer and personal data in accordance with the Personal Data Act and the EU Data Protection Regulation (GDPR). Changes to this Privacy Statement whenever you use our image-supported services.

Keeper of the personal data register

Cansa Oy, Viitalantie 19, 37120 Nokia

Registry Officer

Cansa Oy

VAT: FI31545492

Address: Viitalantie 19, 37120 Nokia

Cansa’s Privacy Officer:

Cansa Oy

Jaakko Myllyniemi, CEO

Contact information

You can contact us by sending an email to info (at)

Collection of personal information

What is personal information?

Personal data is any information that relates directly or indirectly to a living natural person. Personal information includes, for example, name, personal identity number, address, e-mail address and telephone number. Electronic identities, such as IP addresses, can also be considered personal data if they can be linked to a natural person.

What personal information does Cansa collect and how?

When you do business in our online store, browse our website, subscribe to our newsletter, join our regular customer online store, contact us through our customer service, participate in a marketing campaign, competition or customer survey we organize, we may collect personal information about you.

Cansa’s legal basis for the processing of personal data and legitimate purposes of the processing of personal data:

  • Your consent, such as granting a marketing authorization to subscribe to a newsletter
  • When processing is necessary for our contract with you (for example, delivery of products you have ordered from an online store)
  • Responding to your customer service request
  • Other legitimate grounds for processing personal data, such as the development of our online store
  • If we collect your personal information for other purposes, we will ask for your prior consent.

Information collected when purchasing in an online store

When you place an order from the online store, we collect personal information from you for the delivery of the products you have ordered. Such information includes name, address, telephone number, email address, order amount, and products ordered. Depending on the payment method used, the last 4 digits of your personal identity number or credit card will also be processed for certain payment methods.

Information collected through the “My Customer Account” section of the online store

When you register as a user in the online store (My Customer Account section), we collect the following information: name, address, login information (e-mail address and password) and, if desired, your interests in our product groups.

Information collected when subscribing to our newsletter

When you subscribe to our newsletter for consumer customers, we collect your name and email address to send the newsletter.

Information collected in connection with marketing raffles or customer surveys

When you participate in a marketing raffle or customer survey we conduct, we may collect your contact information (email address, address, telephone number) for the purpose of submitting a potential prize, depending on how the raffle or survey is conducted.

Information collected in connection with the use of electronic services

When you use the website, we collect information about the use of the service. Some of this information may be personal information, such as your IP address. If you are logged in to our online store to identify you, we collect information about your use of the site (purchase history, browsing history) and may also combine it with your other user information.

Processing and storage of personal data

Customer service

We use your personal information for customer service purposes when you contact us, for example to inquire about the status of your e-commerce order. We use your name and order number to identify the customer and the order. If necessary, we will use your contact information, such as your email address and telephone number, to contact you to ask questions or handle the matter.

Sending information

Once you have placed an order from the online store, we will use the information you provide to send an order confirmation and e-mail notifications related to the status of your order. This information will be sent to the email address you provided with your order.

Marketing and personalization

If you have subscribed to the Cansa newsletter, we will use the personal information you provide to send the newsletter and personalize its content. This personal information includes your email address as well as information about your possible purchase history, newsletters delivered and opened to you, and your e-commerce browsing history. We use this information in our marketing to target our advertising so that, for example, the offers are as interesting as possible to you.

On the Cansa website and store, we use the personal information you provide to personalize the site. We collect information about the services you use and use it to modify the content of our website when you visit the site. In practice, this means, for example, that we will primarily show you products and offers on the site that we believe will interest you, for example, based on your previous online store purchase history or browsing history.

Development of services

We also use the information we collect from our customers to develop our products and services and to improve customer service. With the help of digital services, we analyze the activities of users and use this to develop our online store. For such analyzes, we primarily use only aggregate, Anonymous, or anonymized data.

Data storage times

We will keep your personal information for as long as is necessary for the processing reason.

In our customer management and marketing system, your customer information is retained by default for five (5) years since you were last active. The activity is defined in the system by one of the following measures: purchase from the online store, browsing the online store, opening a newsletter or clicking.

The My Account section of our online store will retain the personal information you provide as long as the user account is active.

When you visit our website, your visitor data is retained by default for 26 months for analysis and reporting purposes.

If you subscribe to our newsletter, your contact information will be kept for as long as you wish to receive the newsletter.

Your personal information may be stored in several different places for different purposes and on different grounds. As a result, personal information that has been deleted from one of our systems may still be stored in another system where it is retained for another purpose or on some other basis.

Protection of personal data

Cansa maintains a high level of security in the processing of personal data. We continually evaluate our policies regarding the processing of personal information and potential risks, and implement measures that comply with the principles of default data protection.

The personal information we process is stored on a system that is protected by operating system security software. Access to the system requires the entry of a username and password. The system is also protected by firewalls and other technical means. Only certain pre-defined Cansa employees have access to and are entitled to use the information contained in the register stored in the system. The information contained in the register is located in locked and guarded premises.

We continuously train our staff on data protection issues. All questions concerning our operations, the Personal Data Act or the EU Data Protection Regulation (GDPR) can be sent to info (at)

Disclosure of personal data

Cansa may authorize external partners or service providers to provide IT services, payment solutions or other digital services to Cansa. As part of the provision of these services, Cansa’s partners, both inside and outside the EU and the EEA, may have access to your personal information.

IT partners and suppliers

Cansa uses a variety of IT services and systems in its business. Some of them also store and process personal information. In this case, Cansa ensures the security of personal data and the protection of privacy during all such processing. The systems are cloud services, in which case we transfer personal information to the service provider. In this case, the service provider or IT provider is the processor of the personal data, which processes the data on behalf of Cansa and in accordance with our instructions.

Internal IT systems

Internally, we process customer data in our loyalty system, e-commerce system and customer management and marketing system. In addition, in connection with e-commerce purchases, the information is stored in the systems of the selected payment service provider and the logistics company performing the delivery in accordance with the selected delivery method (eg Posti, DB Schenker).

These systems enable you to deliver your order from our online store, answer your questions related to our services, and provide customer service. These systems may process all personal information we collect.

We use Google office software and system services in our internal work. This means that Google is a personal data processor we have authorized. Please refer to the Google Privacy Statement.

Providers of web analytics services

We use external vendors to personalize our websites and analyze usage patterns, as well as user feedback. These companies process personal information on our behalf. Data are processed in analysis services mainly anonymously at the aggregate level.

Google: Privacy Statement

Payment service providers

Payment can be made with Visa Electron and Debit cards, Visa MasterCard and Maestro (debit card). In payments made by invoice, Cansa Oy is shown as the recipient of the payment on the card invoice. QuickPay, which is a secure and electronic payment intermediary, processes your purchases and card information in the Cansa online store ( All data will be processed in accordance with the regulations in force.

Contact information services

We also use an external chat service provider to implement the chat function on the website. Through the chat service, your conversations with our customer service are stored in the cloud chat service. The conversation contains the following information: conversation content, country and city, browser, operating system, current page, and browsing history. The customer can choose to leave their own name and e-mail address. The information is stored in the Zendesk Chat cloud service for as long as necessary to process customer feedback.

Transfer to a third country

Some of the service providers we use on our website are located outside the EU / EEA. This means that your personal data may also be transferred to partners in these countries for the purposes mentioned above. In this case, Cansa is responsible for ensuring that the security of personal data is at an adequate level.

Your rights as a customer

Necessary processing of personal data and processing on the basis of consent

Personal data may be processed without consent if it is necessary for the performance of an agreement with you or the fulfillment of obligations imposed by law. However, the collection and use of personal information for other purposes requires that you have given your consent. As a customer, you give your consent to the processing of personal data when, for example, you use our services on the website, subscribe to our newsletter, join our regular customer in the online store, or contact us through our customer service.

Withdrawal of consent

Under applicable personal data law, you have the right, at any time, to request to see the personal data collected and processed about you, to request the correction of inaccurate data, to restrict their processing or to delete personal data.

When you withdraw your consent, we will delete your personal information and stop processing it with their consent.

Please note, however, that the same personal data may be used both with consent and as necessary or required by other legal acts. As a result, even if you withdraw your consent and the processing to which the consent relates is suspended, the information may remain with us for other purposes.

The right to receive information about personal information we hold about you

If you wish to know what information we have registered about you, you have the right to request this information in writing from the above address. An extract from the register is provided on request and is available free of charge once a year.

The right to request stored information about you

You have the right to request a register extract from Cansa Oy’s stored personal data about you free of charge once a year.

You can send the request either via the electronic form on our website, in which case we will contact you to verify your identity upon receipt of the request, or in writing, in which case the personal signature of the applicant must be included. The written letter shall contain the text “Request for personal records – to the Data Protection Officer of Casnsa”.

Right to manage and delete your personal data

You have the right to control your personal data, including the correction, supplementation or deletion of it if you wish. In addition, you have the right to request that the processing of personal data be restricted to certain purposes only, so that your data may not be used for marketing purposes, for example.


If you believe that a company is violating the Personal Data Act or other data protection laws, you can contact the Data Protection Officer. For more information, see the EDPS website.

Amendment of the Privacy Statement

We may make changes to this privacy statement from time to time. You can always find the latest version of the privacy statement on our website.