Privacy policy

 

Groovy Lane Privacy Policy

Updated 05 February 2026

To provide you with the best possible service, we need to collect and process certain information about you. We value your privacy and are committed to protecting it in accordance with this Privacy Policy, applicable legislation, and good business practices.

This Privacy Policy, prepared in accordance with the EU General Data Protection Regulation (GDPR), explains what personal data we collect, on what basis we process it, and what rights and choices you have regarding your data.

Data Controller

Company: Oy Air United International Ltd / Groovy Lane

Business ID: 3407337-1

Registered office: 21600 Parainen, Finland

Contact person: Marko Airinen

Phone: +358 50 369 6690 (On business days Mon / Wed / Fri from 16:00 to 19:00 CET)

Email: info@groovylane.store (available 24/7 — we aim to respond no later than the next business day)

Register name: Groovy Lane Customer and Marketing Register

Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data under the EU GDPR is either a contract or the individual’s consent.

The purposes of processing personal data include fulfilling contractual obligations (processing online store orders), communicating with customers, marketing communications, and complying with legal obligations.

Data is not used for automated decision making or profiling.

Data Stored in the Register

The register may contain the following information:

• Customer contact details (name, address, phone number, email address)

• Order related information (order history, delivery details)

We retain newsletter subscription data for as long as the subscription is active. Personal data required for accounting obligations is stored for six (6) years after the end of the financial year in which the data was collected.

Cookies

We use optional cookies on our websites to provide the best possible user experience.

Cookies are used for analytics, marketing, and communication optimization. Cookies are small text files stored on the user’s device by the web server.

Optional cookies help us understand how our websites and services are used. We use this information to improve our services, analyze usage, and optimize marketing and advertising.

Customers may accept or decline optional cookies. Declining optional cookies does not affect the functionality of the online store, but we encourage their use to help improve the shopping experience.

Regular Sources of Data

Data stored in the register is obtained from customers, for example:

• when placing an order in the online store

• through website forms

• via email or phone

• through social media services

• at events or fairs

• or in any situation where the customer voluntarily provides their information

•  

Regular Disclosure of Data and Transfers Outside the EU/EEA

We disclose data to our partners in the IT, payment processing, logistics, and accounting sectors as necessary to provide our online store services. Our partners process data in accordance with the GDPR.

Newsletter subscriber data (name, email address) may be processed by newsletter service providers located outside the EU/EEA. These companies are registered under the U.S. Privacy Shield framework and are therefore committed to complying with the GDPR.

Principles of Register Protection

We handle the register with care, and data processed through information systems is appropriately protected.

When register data is stored on internet servers, both physical and digital security measures are applied. The data controller ensures that stored data, server access rights, and other critical information are handled confidentially and only by employees whose job duties require it.

Right of Access and Right to Rectification

Every individual in the register has the right to inspect their stored data and request correction of inaccurate or incomplete information.

Requests must be submitted by email to the data controller. The data controller may require proof of identity. Responses will be provided within the timeframe required by the GDPR (generally within one month).

Other Rights Related to Personal Data

Individuals have the right to request the deletion of their data (“right to be forgotten”), unless legal obligations (such as accounting laws) prevent deletion.

Registered individuals also have other GDPR rights, such as the right to restrict processing in certain situations.

Requests must be submitted by email to the data controller. Proof of identity may be required. Responses will be provided within the GDPR specified timeframe (generally within one month).

“Thank you for trusting us and enabling us to serve you as effectively and efficiently as possible.”