Data controller:

Mako Design Oy, Business ID: 3214188-7 Registered address: Annankatu 13, 00120 Helsinki, Tel. +358413141609, e-mail: 

Grounds for and purposes of processing personal data

The legal basis for the processing of personal data is the legitimate interest of the controller, based on a customer relationship. The data collected from customers is used to provide goods and services to customers and to archive this data, to provide a good customer experience, to maintain customer relations, to enable contact for service purposes and to provide an easy and secure service. It is also used for analytical and statistical purposes, to provide more personalised and targeted content and marketing, and to improve online commerce. The data may also be used for email marketing and other distance marketing if the customer has consented to this. The customer also has the right to opt-out of direct marketing by informing us that they wish to do so.

Personal data to be processed

The controller only collects data subjects’ personal data that are relevant and necessary for the purposes described in this Privacy Policy.

The following data is processed on data subjects

Information provided by the user:

  • name
  • address
  • email address
  • telephone number
  • payment method for the order
  • order delivery method
  • payment details, passport details and other information required by customs if the customer is entitled to order goods tax-free to Finland.

Data derived through analytics and observed from the use of the service:

  • IP address
  • use of the online store and browsing data
  • identification of the terminal
  • order history
  • delivery information, such as delivery address and shipping method
  • product reviews
  • identification, contact and payment details are required when shopping online at 

Disclosure of personal data

Personal data will not be disclosed to third parties unless required by law. Exceptionally, data may therefore be disclosed, for example, to public authorities as required by law.

Transfers of personal data to third countries

Personal data will not be transferred outside the European Union and the European Economic Area. 

Protection of personal data

The controller processes personal data in a manner designed to ensure appropriate security of personal data, including protection against unauthorised processing and accidental loss, destruction or damage.

The controller uses appropriate technical and organisational safeguards to ensure this objective, including firewalls, encryption techniques and secure facilities, appropriate access control, careful management of user IDs for information systems and training of staff involved in the processing of personal data.

All employees who process personal data have a duty of confidentiality in relation to the processing of personal data of data subjects.

Data subject's rights

Right of access to personal data. The data subject has the right to obtain confirmation as to whether personal data concerning them are being processed and, if so, to obtain a copy of their personal data.

Right to rectification

The data subject has the right to request that inaccurate or incorrect personal data concerning them be corrected. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.

Right to erasure

The data subject has the right to request the erasure of personal data concerning them if: a. the personal data is no longer necessary for the purposes for which it was collected; or b. the personal data has been unlawfully processed.

Right to restriction of processing

The data subject has the right to restrict the processing of personal data concerning them if: a. the data subject contests the accuracy of their personal data; b. the processing is unlawful and the data subject opposes the erasure of their personal data and requests instead the restriction of the data’s use; or c. the controller no longer needs the personal data for the purposes for which they were originally processed but the data subject needs them for the establishment, exercise or defence of legal claims.

Right of objection

The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them. The controller shall no longer process the data subject's personal data unless the controller can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, including profiling where it relates to such direct marketing.

Right to transfer data from one system to another

The data subject has the right to receive personal data concerning them and provided by them in a structured, commonly used and machine-readable format and the right to transmit such data to another controller.

Right to lodge a complaint with a supervisory authority

The national supervisory authority for personal data matters is the Office of the Data Protection Ombudsman, attached to the Ministry of Justice.