Privacy policy

Version in compliance with the EU General Data Protection Regulation (679/2016)

Controller / Contact details

Kahiwa Coffee Roasters Oy
Business ID: 2820442-7
address: Päijänteenkatu 9, 15140, Lahti tel. +358 41 5075083
e-mail: [email protected]

General information

Your privacy is important to us. For this reason, we have updated our privacy policy to describe how we collect information and what information we use, disclose, transfer and store. We collect information for legitimate business purposes and to communicate with our customers about our policies and services. We process personal information in accordance with applicable laws, including in particular the EU General Data Protection Regulation (GDPR).

Personal data is used for the delivery and return of orders in the online shop and for any contact in connection with orders. In addition, if the customer has consented to email and/or SMS marketing, marketing messages may be sent to him/her.

What information we collect

When you visit our website, we automatically receive information about the device you are using, including information about your browser, IP address, time zone and any cookies that may be installed on your device. In addition, when you browse our site, we receive information about what products or sub-pages you view or what search terms you use to search for our products. This is automatically collected information which we refer to as "device information".

We collect device data using the following technologies:

- "Cookies" are data files installed on your device, often containing an anonymous unique identifier. To learn more about cookies or to disable them, read more, for example, here:

- "Log files" track events on our website and collect information such as IP address, browser information, internet service provider, referring site and timestamps.

- "Web beacons", "tags", and "pixels" are electronic files used to store information about how you browse our pages.

In addition, when you make a purchase or attempt to make a purchase from our website, we collect certain information, including your name, billing address, shipping address, payment information, email address and phone number. We refer to this information as "order information".

When we refer to "personal data" in this Privacy Policy, we mean both device data and order data.

How we use the information collected

We use the order information to process/forward the order. This includes, for example, processing payment information, arranging delivery, and creating a dispatch list / order confirmation. We also use the information to communicate with you, for example, regarding your order, where necessary. We may also, with your permission, advertise our products or services to you via a newsletter.

We use device information to help us identify potential risks of fraud (for example, by IP address) and to develop and optimise our own site.


Sharing information

We share the information you provide with third parties so that we can use it in the ways described above. For example, we use Shopify's services to power our online store. You can check how Shopify processes your data here: We also use Google analytics to understand how our customers use our website. You can check how Google processes your data here: You can opt-out of Google's data collection here:

We may also disclose your information to public authorities if required by law.

The personal data is technically located in the e-commerce cloud service, whose management interface is protected by SSL encryption and user-specific IDs and passwords. Shopify Inc. is responsible for the technical security of the cloud service.

Data retention period

The information is stored in the e-commerce database for the time being. The data will not be periodically deleted unless you ask us to delete your data.


The following personal data may be used to target marketing: customer name, customer date of birth, customer gender, customer purchase history, customer address information, customer behaviour in the online store: for example, if a customer has left the shopping process unfinished, a reminder may be sent for the unfinished shopping cart or if the customer has browsed certain products, marketing may be targeted to these products.

Rights of the data subject

If you are a European citizen, you have,

Right of access to personal data

The data subject has the right to obtain confirmation as to whether personal data concerning him or her are being processed and, if so, to obtain a copy of his or her personal data.

Right to rectification

The data subject has the right to request that inaccurate or incorrect personal data concerning him or her be corrected. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.

Right to erasure

The data subject has the right to request the erasure of personal data concerning him or her if: a. the personal data are no longer necessary for the purposes for which they were collected; or b. the personal data have been unlawfully processed.

If you want to exercise these rights, please contact us. Please also note that the data collected in this notice will be transferred outside Europe, including to Canada and the United States.


We may update this Privacy Policy if necessary due to changes in data processing or for any other reason. An up-to-date version is available on our Website. We will not make material changes to this Privacy Policy or restrict Users' rights under this Privacy Policy without notifying you of such changes.



In all matters relating to the processing of personal data and in situations where the data subject wishes to exercise his or her rights, he or she should contact the contact person in charge of the register by e-mail to [email protected] or by post to Kahiwa Coffee Roasters Oy, Päijänteenkatu 9, 15140 Lahti, Finland.