Terms – Xwander.com
30 days return policy from the day you receive goods.
Privacy policy – Xwander.com
The General Data Protection Regulation compliant privacy policy on protection of individuals with regard to the processing of personal data and to the free movement of such data
Controller:
Accolade Partners Oy, business identity code 2625267-9
Ivalontie 12, 99800 Ivalo
Name of the register:
Xwander.com customer, order, invoice and marketing data register.
Personal data processing policy
We comply with the following principles relating to processing of personal data:
Personal data shall be
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Customers shall have right to obtain information about their personal data stored in the system, right to have them corrected, and right and possibility to have them erased. Data will not be processed outside the EEA, except for anonymous web analysis (Google Analytics, Facebook, etc.). Data are stored until the customer asks us to erase them. We store data for web analysis, for example (statistical reasons), and to facilitate new orders (client’s interest).
Purpose of storing data
Customer data are stored for the following purposes: to communicate with customers, to maintain and improve commercial and customer relations, and to create statistical reports. Xwander.com uses this and other data obtained during the customership in order to plan and target their products and services.
Personal data are used within the framework of the Personal Data Protection Act. Information will not be disclosed to any outside parties.
The e-mail addresses of those who subscribe to the newsletter are used to deliver the newsletter to them. The information which customers give in the contact form is used to reply to their contact requests.
Data collected in the register
The customer register consists of several separate registers collected and created based on their main purposes. The data in all of these registers constitute customer-specific data sets in the following manner:
– Customer’s contact information and information needed for orders: first and last name, street address, postal code, city, country, language, telephone number, e-mail address, and national identity number. In case of business and association customers, we also store their names and business identity codes.
– Customer group information, discount group, and other additional customer-specific information.
– Invoicing address and other invoice information.
– Possible approval to direct marketing.
– Information on customer’s orders, deliveries, and returns.
– Codes needed for logging in.
– IP address or other identifier.
– Textual data related to customership, such as purpose of contact request or wish of delivery date.
Personal data will be erased if the customer asks us to do it.
Data disclosure and transmission
Data will not be shared with outside parties, except for public authorities if required. For data processing reasons, some of the information may be shared with our subcontractors.
Regular data sources
Contact and customer data are collected at the beginning and during the customership from the announcements given by the customer. Customership begins at the moment when the customer registers in the system, creates an order, orders direct marketing, or makes a purchase. Customership can be started also on customer’s request, e.g. after a telephone conversation.
Approval to electronic direct marketing (e-mail and SMS marketing) will be asked separately according to the Personal Data Act. Information on customer’s creditworthiness at the moment of order is obtained from the system of Checkout Finland Oy (business identity code 2196606-6), that of DFC Nordic Oy (1998514-5) and/or that of Suomen Asiakastieto Oy (0111027-9).
Anonymous web analysis
In order to collect anonymous data relating to web visits, we can use the following tools and services:
Google Analytics: https://analytics.google.com/analytics/web/
Google Remarketing: https://support.google.com/adwords/answer/2453998?hl=en
Facebook Pixel: https://www.facebook.com/business/a/facebook-pixel
Microsoft Bing Ads: https://advertise.bingads.microsoft.com/en-us/resources/policies
Legal basis for processing personal data
One must have a legal basis for processing personal data. We process personal data on the basis of approval (e.g. subscribing to newsletter), contract (e.g. making an order), controller’s legal obligation (e.g. acquisition and possession of products subject to authorisation), protection of vital interests (e.g. participation in lesson or course requiring information on personal health), legitimate interest of controller or third party (e.g. web analysis).
Securing personal data
Our personnel need to have special access rights and personal login codes in order to have access to the personal data register. There is different access rights so that a person only has access to data which are necessary according to their job description. The customer register and the hardware processing it are located in closed computer halls. The hardware and the software are updated regularly and appropriately, and we react to possible threats immediately. In case of incidents, data are backed up regularly. The system is secured against outside threats with a firewall.
The personnel are obliged to keep the information of the personal data which they obtain in their work confidential. Information can be disclosed in case of legal notification obligation only, e.g. on customer’s or public authority’s request.
Cookies
We use cookies; they help us to develop our website for you. The purpose of cookies is to improve and speed up the shopping experience. Cookies can also be used for providing better offers and more personal product recommendations for customers. A cookie is a small text file saved on your hard drive by your network server. You may have to enable cookies in order to have access to some of the website functions. Your web browser probably enables cookies by default, but you can also block them in the browser settings or clear them from the browser after use. Additional information on browser-specific user’s manuals can be found in the instructions of the browser manufacturer.
Cookies we use:
Necessary:
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Google:
test_cookie Purpose: Used to check if the user’s browser supports cookies. Expiry: 1 day
Hubspot:
embed/v3/counters.gif Purpose: Used to implement forms on the website. Expiry: Session
__cf_bm Purpose: This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Expiry: 1 day
New Relic:
JSESSIONID Purpose: Preserves users states across page requests. Expiry: Session
Solarwind:
pa_enabled Purpose: Determines the device used to access the website. This allows the website to be formatted accordingly. Expiry: Persistent
Yotpo Voice:
i Purpose: Registers the website’s speed and performance. This function can be used in context with statistics and load-balancing. Expiry: Session
Vimeo:
__cf_bm Purpose: This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Expiry: 1 day
Xwander.com:
PHPSESSID Purpose: Preserves user session state across page requests. Expiry: Session
wc_cart_hash_# Purpose: Expiry: Persistent
wc_fragments_# Purpose: Expiry: Session
Preferences:
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
HubSpot:
messagesUtk Purpose: Stores a unique ID string for each chat-box session. This allows the website-support to see previous issues and reconnect with the previous supporter. Expiry: 179 days
Xwander.com:
ti_wishlist_data_# Purpose: Users wishlist items Expiry: Persistent
Statistics:
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Google:
_ga Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website. Expiry: 399 days
_ga_# Purpose: Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. Expiry: 399 days
HubSpot:
__hssc Purpose: Identifies if the cookie data needs to be updated in the visitor’s browser. Expiry: 1 day
__hssrc Purpose: Used to recognise the visitor’s browser upon reentry on the website. Expiry: Session
__hstc Purpose: Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. Expiry: 179 days
__hstc Purpose: Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. Expiry: 179 days
New Relic:
events/1/# Purpose: Used to monitor website performance for statistical purposes. Expiry: Session
jserrors/1/# Purpose: Expiry: Session
Solarwinds:
pa Purpose: Registers the website’s speed and performance. This function can be used in context with statistics and load-balancing. Expiry: persistent
Yotpo:
_sp_id.# Purpose: Collects data on the user’s visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded with the purpose of generating reports for optimising the website content. Expiry: 399 days
_sp_ses.# Purpose: Used by Snowplow Analytics to track how users are browsing and engaging with a website. Expiry: 1 day
Marketing:
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Google:
IDE Purpose: Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. Expiry: 1 Year
pagead/landing (x2) Purpose: Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement – This also allows the website to limit the number of times that they are shown the same advertisement. Expiry: Session
pagead/viewthroughconversion/10832420465 Purpose: Expiry: Session
ads/ga-audiences Purpose: Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites. Expiry: Session
pagead/1p-conversion/# Purpose: Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement – This also allows the website to limit the number of times that they are shown the same advertisement. Expiry: Session
pagead/1p-user-list/# Purpose: Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites. Expiry: Session
_gcl_au Purpose: Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. Expiry: 3 months
HubSpot:
__ptq.gif Purpose: Sends data to the marketing platform Hubspot about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels. Expiry: Session
Vimeo:
NRBA_SESSION_ID Purpose: Collects user data through quiz/survey-like content. This allows the website to promote relevant products or services. Expiry: Session
Yotpo:
pixel Purpose: Determines which products the user has viewed, allowing the website to promote related products. Expiry: 1 year
Other:
Klevu:
klv_filterCollapse_klevu-164752592221914923_keys Purpose: Expiry: Session
klv_filterShowMore_klevu-164752592221914923_keys Purpose: Expiry: Session
klv_kmcData_klevu-164752592221914923 Purpose: Expiry: Persistent
Xwander.com
klevu_pageCategory Purpose: Expiry:Session