See our current offers »
See our current offers »
Go to homepage
€0.00
Go to homepage
Languages

Privacy Policy for Ifolor Oy, Vantaa (Finland)

Updated: 20.5.2026

Summary

We have created this privacy policy to show you that we process your photos and personal data in an appropriate manner. Each of our customers is considered a data subject as specified by the EU General Data Protection Regulation.

In order to use Ifolor services, you must agree to the terms and conditions contained in this privacy policy.

This document describes the types of personal data (data associated with a specific person or data that allows a specific person to be identified) that we collect about you both when visiting the Ifolor website and when placing an order with us as well as the ways with which we use and process this data. Additionally, this document describes how we use cookies.

We use personal data to:

  • Provide easy-to-use and secure services,
  • Improve our customer services and marketing and
  • Further develop our online storefront.

Data file controller and the controller’s contact details

The customer register that stores personal data is controlled by

Ifolor Oy (Business ID: 0871712-9)
Karhumäenkuja 2
FI-01530 Vantaa
Finland

Contact details for further information about data protection and personal data processing:

E-mail: dataprotectionofficer@ifolor.fi
Mail: Ifolor Oy Data protection officer
Karhumäenkuja 2
FI-01530 Vantaa
Finland

What personal data does Ifolor collect about me?

We collect and process only data that is absolutely necessary for maintaining our relationship with you and processing your orders in a professional manner.

Information you have provided personally or that can be used to identify you:

  • Your name and other similar identification data
  • Your contact details, such as your address, e-mail address and a telephone number used to manage the customer relationship, which will also be provided to Finnish Post (Posti) for delivery notification.
  • Your payment details, such as your billing information.
    • We do not store your full credit card information.
  • By your consent, we may store your location data, which we use to estimate delivery times.
  • By your consent, we may store your birth date, which we use for targeted marketing e.g. birthday congratulations.
  • Account number (only when refund to account)

Data collected when you use our services and data derived from analytics:

  • Your purchase history, including the products you have ordered and the associated price data,
  • Delivery details, such as the delivery method you have selected and the delivery address you have provided
  • Access and browsing data associated with our online storefront and your terminal’s (device’s/browser’s) details, such as the IP address.

How will Ifolor use my personal data?

We use your personal data to:

  • process your orders and deliver the products you have ordered
  • customer care and maintenance
  • improve your customer experience
  • develop our operations and services
  • generate statistics
  • produce personalised content and marketing
  • prevent misconduct
  • provide better customer service.

We will process your personal data in a confidential manner. We will not disclose your data to third party processors. However, Ifolor reserves the right to disclose personal data to processors operating in Switzerland or in EU member states in cases where this is required in order to process your order. In such cases, we will ensure an adequate level of protection by following the instructions specified in the EU General Data Protection Regulation and by concluding GDPR-compliant agreements with our suppliers.

How does Ifolor store and protect my personal data?

The Ifolor data file where your personal data is stored is continuously protected with appropriate technical and organisational measures that prevent both data loss and the misuse of personal data. Your personal data is stored in a safe environment that is inaccessible to the public. We maintain a very high level of technical and organisational security across our data centres, processes and online storefront data systems. Our servers are protected against unauthorised access and denial of service attacks.

If we need to transmit your personal data, for example, when you log in or make a payment, we encrypt your personal data using Secure Socket Layer (SSL) technology. What this means in practice is that as long as your web browser supports SSL (https) technology, the communications between your computer and Ifolor’s server is protected by the most widely-adopted encryption method in the world.

Whenever possible, we observe good data protection practices (such as data consolidation and anonymisation) in personal data processing and incorporate them in our data processing planning. We have updated our data processing operations to meet the requirements of the EU General Data Protection Regulation, which came into effect on 25 May 2018.

Who is allowed to process my personal data?

Only Ifolor Oy’s internal staff will have access to our customer data. Furthermore, our staff is trained in the safe and ethical use of personal data.

We use a number of trusted contract partners to whom we may transmit personal data. These partners are contractually bound to the requirements specified in the EU General Data Protection Regulation and other applicable data protection laws.

Our electronic payment process (excluding paying by invoice) is handled by a certified payment service provider, Datatrans AG Zürich. Your payment details are transmitted directly to this company, which will store your personal data for a short period of time for processing your payment and any reimbursement you might require.

Online payment is provided by Paytrail Oyj (Business ID: 2552865-3), Innova 2, Lutakonaukio 7, FI-40100 Jyväskylä. Following information is collected to Paytrail registry during payment:

  • Payment method 
  • Date/time of payment 
  • IP address 
  • Bank account number

Paytrail’s privacy policy: https://www.paytrail.com/en/data-privacy-notice-paytrail-payment-service.

If you have subscribed to our newsletter, it will be sent via the technical service provider Selligent SA in Belgium (Selligent) or Braze Inc. in the USA (Braze), to whom we pass on the data you provided when registering for the newsletter. This transfer serves our legitimate interest in using an effective, secure and user-friendly newsletter system. Selligent/Braze uses this information to send and statistically evaluate the newsletters on our behalf using pseudonymised data. You can unsubscribe from the newsletter at any time in writing or directly in the newsletter.

We also use Selligent/Braze to send you other electronic messages/emails, e.g. for order confirmation. Accordingly, Selligent/Braze may receive your personal data within the scope of the order processing agreement we have with them. The data is stored there for the duration for which storage is otherwise lawful for the purposes set out in this privacy policy, i.e. in particular for contractual communication within the scope of existing contracts with you or for advertising communication.

The applicable Selligent Privacy Policy can be found at https://www.selligent.com/privacy-policy-europe/. More information about Braze can be found here: https://www.braze.com/company/legal/privacy

The company responsible for managing personal data:

Ifolor Oy (Business ID: 0871712-9)
Karhumäenkuja 2
FI-01530 Vantaa
Finland

How long will Ifolor store my personal data?

We will store your personal data and image files only as long as necessary to fulfil the purposes indicated in this privacy policy. However, we may store some of your data for a longer period of time to fulfil certain statutory obligations (such as those concerning accounting and consumer transactions) and to demonstrate that we have appropriately fulfilled our obligations.

You may request us to anonymise your personal data or remove the data from our system or prohibit us from using the data for the purposes specified in this privacy policy.

We are required by law to retain certain types of data for a longer period of time. Some examples are provided below: 

  • The Accounting Act (Finlex 1336/1997) specifies an extensive retention period for accounting materials regardless of whether they include personal data.
  • In order to provide a legitimate and secure online storefront for our clients, we collect and store system log data in accordance with statutory requirements.
  • We make sufficient backups of our online storefront’s databases and systems to prevent data loss, to support failure recovery and to ensure data security and service continuity.

Images and related data of customer orders are automatically deleted no later than 30 days after the delivery of the order, unless a different procedure has been specifically agreed between the parties.

What are my rights?

As a customer, you have the right to:

  • Receive the details of the personal data we store about you (by written request)
  • Request us to rectify any inaccurate personal data concerning you
  • Notify us, in writing, that you wish to prohibit us from continuing to process your personal data, with the reservation that we will retain the right to process personal data to the extent necessary (for invoicing purposes, for instance).

If your personal data is processed solely based on your consent, you will have the right to withdraw your consent at any time. Please note, that this will not have any bearing in the legality of any processing that has taken place before withdrawing your consent.

If you wish to make a request concerning the exercise of your rights, please contact our customer services. Ifolor reserves the right to ask you to identify yourself appropriately before processing any requests concerning the rights specified above.

If you notice any deficiencies in the processing of your personal data or find it to be unlawful, you will have the right to file a complaint with the Data Protection Ombudsman.

How do I find out what personal data Ifolor holds about me?

To request us to provide you with the personal data stored in our systems, please contact us via e-mail, address: dataprotectionofficer@ifolor.fi. We will process your request within 30 days of receiving the request.

How do I change how my information is used?

Ifolor Oy is committed to providing its customers with opportunities to determine to what extent their data is collected and used.

You can personally determine what kind of personalised marketing we will send you or to completely opt out of marketing communications from us. If you do not wish to receive any marketing communications from us, please contact our customer services. To unsubscribe from our newsletter, simply click on the link provided in any of our newsletter e-mails.

Will my personal data be disclosed to third parties?

We use customer data with third parties for analytical purposes and research as well as for providing personalised content. We may disclose purchase behaviour and browsing data to our partners in order to keep you up to date with products and promotions relevant to you. Whenever possible, the information used for research, analysis and creating personalised content will be anonymised or pseudonymised. Only we can associate your pseudonymised data with your name.

You can limit the scope of personal data disclosed for marketing purposes by contacting our customer services.

If necessary, we will also fulfil requests for personal data by public authorities. Law permitting, we will notify you of any such request.

Further functions of the website

Google APIs (in particular Google Photos)

On our websites and in our applications, you can use Google APIs, in particular Google Photos, to select images and import them into your ifolor project. If you use this function, you will be redirected to Google or connected to Google. The connection is only established after you have actively started the function and granted the relevant authorization to Google.

As part of this integration, we process the personal data and content that you make available to us via Google or release for import. This may include, in particular, selected photos and videos, technical information relating to the selected files (e.g. file format, resolution or creation date), basic information related to your Google account (e.g. e-mail address or profile name, where required for allocation), and technical log and authentication data. We process this data to provide the import and use function requested by you, to assign the selected content to your project, to technically perform the import, and to prevent abuse or disruptions.

The legal basis for the processing is Art. 6(1)(b) GDPR to the extent that the processing is necessary to provide the function requested by you. To the extent that individual processing steps are based on your consent, the legal basis is Art. 6(1)(a) GDPR. To the extent that we process technical log and security data to prevent abuse or ensure system security, the legal basis is Art. 6(1)(f) GDPR.

Use of this function is voluntary. We do not receive your Google password. Depending on the Google API used and the permissions you grant, data may also be processed by Google or within the Google group of companies. Processing in third countries, in particular in the United States, cannot be ruled out. Please note that Google’s privacy policy and terms of use also apply to Google’s processing of your data.

To the extent that imported content is stored in your ifolor project, we process it in accordance with the general provisions of this privacy policy regarding projects, orders and image files. You can manage or revoke any authorization granted to Google at any time in your Google account. Please note that revoking the Google connection stops future transfers, but does not automatically delete data already transferred to ifolor. The deletion of such data is governed by the general deletion rules in this privacy policy.

Google Ads – Enhanced Conversions / Google Enhanced Conversions

We use the “Enhanced Conversions” / “Google Enhanced Conversions” feature on our website in connection with Google Ads. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Depending on the technical and contractual setup, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and other companies of the Google group may also be involved in the processing.

Enhanced Conversions help us measure the effectiveness of our Google Ads more accurately and optimise our advertising campaigns. The feature supplements the existing Google Ads conversion tracking. It enables us to better understand whether our Google ads lead to specific actions on our website, such as orders, registrations, contact requests or other conversions defined by us.

If a user clicks on one of our Google ads and then completes a conversion on our website, for example by placing an order or submitting a form, data provided by the user may be used for conversion measurement. This may include, in particular, email address, name, postal address and/or telephone number. In addition, technical data may be processed, such as IP address, cookie or client identifiers, device and browser information, referrer URL and information relating to the respective conversion, such as conversion event, time of the event, transaction ID, order value or currency.

Directly identifying contact data is hashed before being transmitted to Google using a secure one-way hashing method, in particular SHA-256. The data is transmitted to Google in hashed form. Google may compare this hashed data with data from signed-in Google Accounts in order to attribute conversions to Google advertising interactions and improve conversion measurement.

Because attribution by Google may be possible in certain cases, we also treat hashed data as personal data. We do not receive information from Google that enables us to personally identify individual Google users, but only reports and aggregated information for measuring and optimising our advertising.

The legal basis for the processing of personal data is consent pursuant to Art. 6(1)(a) GDPR. To the extent that the processing involves storing cookies, pixels, tags or similar technologies on the user’s device or accessing information on the device, we obtain consent in accordance with the applicable rules on electronic communications.

The user may withdraw consent at any time with effect for the future via the cookie or privacy settings. The withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.

Recipients of personal data may include Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and other companies of the Google group. Service providers engaged by Google may also process personal data on behalf of or under the responsibility of Google.

Personal data may be processed within the European Union, the European Economic Area and other countries, in particular the United States. For transfers of personal data to the United States, the EU-U.S. Data Privacy Framework may apply, provided that the recipient is certified under this framework. Google LLC states that it complies with the principles of the EU-U.S. Data Privacy Framework.

Where personal data is transferred to a country for which no adequate level of data protection has been established, Google states that it relies on appropriate safeguards, in particular the European Commission’s standard contractual clauses, or other transfer mechanisms permitted under applicable data protection law.

We do not store any additional personal data in plain text solely because of Google Enhanced Conversions beyond the data that we already process as part of customer, order, payment or contact processes. The transmission to Google takes place in hashed form.

Personal data is processed only for as long as necessary for the stated purposes or as required by statutory retention obligations. Thereafter, the data is deleted, anonymised or restricted, unless deletion is not possible or not permitted. Google’s retention is governed by the applicable Google terms and settings.

There is no statutory or contractual obligation to consent to the use of Google Enhanced Conversions. Without consent, the transmission of hashed first-party data to Google described here will not take place. The website and online shop can generally still be used; however, the measurement and optimisation of our Google Ads campaigns may be less precise.

Further information on how Google processes personal data can be found in Google’s privacy policy and terms of use, as well as in Google’s information on Enhanced Conversions.

Google Customer Match

We use Google Customer Match, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04 E5W5, Ireland (“Google”). Customer Match enables us to reach existing customers and relevant audiences on Google services and within Google’s advertising network, in particular on Google Search, Google Shopping, YouTube, Gmail and the Google Display Network, with interest-based and audience-based advertising, or to exclude certain customer groups from individual advertising campaigns.

If you have consented to the use of Google Customer Match or to personalised advertising, we may use customer data that you have provided to us or that has arisen in connection with your use of our services for matching with Google accounts. This includes, in particular, email address, telephone number, first and last name, address, country, postal code, customer number or other identifiers assigned by us, as well as information about orders and broad interests. Direct identifiers are normalised in accordance with Google’s specifications and converted into a string using the SHA-256 hashing method before being transferred to Google. Where we use country and postal code for matching, these may be transferred unhashed in accordance with Google’s specifications. Hashing does not mean that the data is anonymous, because Google can compare the hash values with data from Google accounts.

Google compares the hash values transmitted by us with the corresponding hash values of Google accounts. If there is a match, the relevant Google account may be added to a Customer Match audience. We may then use these audiences to personalise advertising, re-engage existing customers, reach similar or relevant audiences, exclude certain customer groups from campaigns, measure and optimise conversions, and perform audience analysis and market research.

In connection with the delivery, measurement and optimisation of advertising, Google and we may also process cookies, online identifiers and information about ad impressions, clicks, browsing and search behaviour, search terms, interests and usage information, provided that consent has been given for this or the processing is otherwise permitted.

For the personalisation of our advertising, we may assign customers to segments. We generally use only simple, non-sensitive criteria for this purpose, in particular language and region, e.g. country, region, postal code area or language; purchase phase based on order date, e.g. new customers, active customers or inactive customers; order value or customer value in ranges, e.g. low, medium or high basket value; order frequency, e.g. one-time purchasers, repeat purchasers or regular customers; and broad product or category interests, e.g. interest in certain product groups or accessories, provided that these categories do not reveal special categories of personal data or other sensitive personal data.

We do not use special categories of personal data or other sensitive personal data for this purpose, in particular no data concerning health, political opinions, religious or philosophical beliefs, sex life or sexual orientation, ethnic origin, genetic or biometric data, trade union membership, criminal convictions or offences, social welfare or similarly sensitive information. We do not carry out any credit checks, do not apply individual price increases, and do not make automated individual decisions that have legal effects concerning you or similarly significantly affect you.

Recipients of the data are Google Ireland Limited and, where applicable, other companies of the Google group, in particular Google LLC and Alphabet Inc., as well as subprocessors engaged by Google. Processing primarily takes place in the European Union. Transfers to countries outside the European Union or the European Economic Area, in particular to the USA, Singapore, Chile or Taiwan, cannot be excluded. According to Google, such transfers are based on appropriate safeguards, in particular adequacy decisions, certifications under the Data Privacy Framework, standard contractual clauses or comparable protection mechanisms.

According to Google, uploaded Customer Match files are processed to match customers to Google accounts and to check compliance with Google policies. Once the matching and compliance checks have been completed, Google states that the uploaded files are deleted. Customer Match list memberships may remain valid at Google for up to 540 days. We store and use Customer Match audiences only for as long as necessary for the purposes described above or until you withdraw your consent.

The use of Google Customer Match is based on your consent pursuant to Art. 6(1)(a) GDPR. Where information is stored on or accessed from your terminal device in connection with Google Customer Match, this is additionally based on your consent pursuant to Section 205 of the Finnish Act on Electronic Communications Services (917/2014).

You may withdraw your consent at any time with effect for the future via the cookie or privacy settings on our website. After withdrawal, we will take this into account in our consent management system and will no longer include your data in new Customer Match uploads. During the current technical transition phase, we generally update Customer Match lists manually every 30 days. Data records that have already been uploaded will therefore be removed from the relevant Customer Match lists, or will no longer be used for Google Customer Match, with the next regular list update or deletion upload, but no later than within 30 days after your withdrawal. Until this technical deletion has been implemented, it cannot be completely ruled out that you may still see advertising based on an existing Customer Match list membership.

Independently of this, you can also manage personalised advertising in Google’s ad settings. Further information on data processing by Google is available in Google’s Business Data Responsibility information, Google’s Cookie Policy and via Google’s privacy contact form:

https://business.safety.google/privacy/?hl=en-US
https://policies.google.com/technologies/cookies?hl=en-US
https://support.google.com/policies/troubleshooter/7575787?hl=en

Does your online storefront use cookies and what are they?

The Ifolor website is designed to be as user-friendly and streamlined as possible. To achieve this, we use cookies and Flash Local Shared Objects (LSOs) on our website. You can personally determine whether you will allow our software to place cookies on your computer. By changing the settings on your web browser, you can disable cookies completely, allow only certain websites to place cookies or set the browser to prompt you to accept or reject cookies. Please note, that blocking cookies from the Ifolor website may limit or prevent access to some of the website’s functions or services. For your own convenience, we would advise you to enable cookies in your web browser. The cookies placed by our server on your browser will persist for up to 30 days.

Google Tag Manager

This website uses Google Tag Manager.The Tool Tag Manager itself (which implements the tags) is a domain without cookies which does not collect any personal details.The tool ensures the activation of other tags which themselves potentially collect data.

Google Tag Manager does not access these data.If a deactivation is carried out at domain or cookie level, this shall remain in effect for all tracking tags that are implemented with Google Tag Manager.

In the following the required legal basis for the processing of data is listed:
- Art. 6 para. 1 s. 1 lit. a GDPR

Adjust (including data sharing with Google Ads)

We use Adjust in connection with our mobile applications. Adjust is a mobile measurement and fraud prevention service. The service helps us analyze how our apps are used and how effective our marketing activities are, optimize campaigns, detect fraud, and segment user groups. If the relevant integration and data sharing are enabled, Adjust may also transfer data to Google Ads so that app installs, sessions, and post-install events can be attributed to campaigns, measured, analyzed, and used for reporting and campaign optimization.

The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with future effect by using the privacy or consent settings made available to you.

Adjust is used for analytics, marketing, optimization, fraud prevention, and segmentation.

The service uses web beacons, cookies, mobile SDK, and API.

In particular, the following data may be processed in connection with the use of the service: viewed advertisements, app downloads, application data, IP address, identifiers, user agent, interaction data, device information, and referrer URL.

The service provider is Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany. For data protection-related inquiries, the service provider can be contacted by email at privacy@adjust.com. Data recipients are Adjust GmbH, Adjust Inc., and Acquired IO LLC. If the relevant data sharing with Google Ads is enabled, data may also be transferred to Google Ads for attribution, conversion measurement, reporting, and campaign optimization.

Data is processed primarily in the European Union. However, in connection with the use of this service, data may also be transferred to other countries. In particular, data may be transferred to the United States of America, Japan, China, Brazil, and Singapore. Please note that data may also be transferred to countries that may not provide a level of data protection equivalent to the GDPR. Further information on the safeguards in place can be found in the provider’s privacy policy or obtained directly from the provider.

Data is stored for a maximum of 25 months. The data is deleted as soon as it is no longer required for the purposes stated above.

Further information can be found in Adjust’s privacy policy: https://www.adjust.com/terms/privacy-policy/

Meta Pixel / Facebook Pixel

This website uses Facebook Pixel to analyse your use of our website. The service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland (‘Facebook’). It is used to track interactions of visitors with websites ("Events") after they have clicked on an ad placed on Facebook or other services provided by Meta ("Conversion").

Our legal basis for setting the cookie and the connected data processing is your consent (Article 6 (1) a) GDPR)

Here you can find the way to contact Data Protection Officer of the processing company: https://www.facebook.com/help/contact/1650115808681298

LinkedIn Insight Tag

The LinkedIn Insight Tag is a lightweight JavaScript tag that is added to our website to enable in-depth campaign reporting and to help us to optimize our LinkedIn campaigns.

The LinkedIn Insight Tag creates a unique LinkedIn browser cookie on a visitor's browser and enables the collection of the following metadata with the cookie:

  • IP address 
  • timestamp 
  • page events e.g. page views.

LinkedIn does not share personal data with Ifolor. It only provides reports about our website visitors and ad performance. These reports do not identify individual users at any point. LinkedIn users can control the use of their data for advertising purposes through their account settings. The data controller is LinkedIn Ireland Unlimited Company Company, Wilton Place, Dublin 2, Ireland.

Legal basis for this process is your consent, Article 6 (1) (a), Article 7 GDPR. You can object the measuring of your usage during your visit by clicking on the following link https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

Pinterest-Tag

Our online offering uses the “Pinterest Tag” of Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA. If a Pinterest user sees or clicks on an advert, other actions and target groups that have shown interest are compiled and tracked. Using them allows us to ensure that Pinterest adverts are only shown to Pinterest users who have already shown an interest in our offering and that they also match the potential interest of the user. This data helps us to measure the conversion of the respective campaign. It is used for statistical and market research purposes and helps to optimise campaigns.

If you log into your Pinterest account after visiting our website or if you visit our website while you are still logged in, your data may be stored and processed by Pinterest. Pinterest is able to connect this data to your Pinterest account and use it for advertising purposes.

To do this, information is collected, evaluated and transmitted by your browser each time you visit. It is collected via a Java script and cookies. The following information is collected anonymously and processed for statistical purposes:

  • Browser used 
  • Operating system used 
  • Time of visit 
  • Type and content of campaign 
  • Reaction to the respective campaign (e.g. transaction, newsletter registration) 
  • etc.

If you are directed by a Pin on Pinterest to our online offering, we store a cookie on your computer that interacts via JavaScript code with a “Tag” that has also been implemented by Pinterest. These cookies become invalid after 180 days and are not used for personal identification.

You can object to this particular data processing at any time at https://help.pinterest.com/en/article/personalization-and-data, either by turning off the settings for this under “Personalization” in your Pinterest account, or by selecting “Do Not Track” in your browser.

You can access Pinterest’s current Privacy Policy at https://policy.pinterest.com/en/privacy-policy.

In the following the required legal basis for the processing of data is listed:
- Art. 6 para. 1 s. 1 lit. a GDPR

Playable

We use a platform provided by Playable ApS (Denmark) for our digital campaigns, such as quizzes and raffles. Playable acts as a data processor and processes the data on our behalf in accordance with the GDPR.

We collect contact information (name, email) and game-specific responses from participants to target our marketing and improve customer understanding.

The collected data is stored securely in the EU/EEA. We do not share your data with third parties unless you have given your consent or we have integrated Playable directly into our marketing automation system (e.g. Braze). You can request the deletion of your data by contacting our data protection officer.

Playable’s privacy policy can be found here: https://playable.com/privacy-policy-for-playable-aps/.

TikTok

Our online offer uses “TikTok Pixel” from TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”). TikTok Pixel enables TikTok to determine website visitors as target groups to display ads. Accordingly, we use TikTok Pixel to display our TikTok ads only to TikTok users who have also shown an interest in our online offerings or who exhibit certain characteristics that we communicate to TikTok. TikTok Pixel also allows us to statistically analyse our TikTok ads. Data processing by TikTok is carried out within the framework of TikTok’s data use policy.

Each time you access our website, information transmitted by your browser is collected and evaluated for this purpose. The collection takes place via a JavaScript as well as cookies. The following information is collected anonymously and processed statistically:

  • browser used
  • operating system used
  • access time
  • type as well as content of the campaign
  • the reaction to the respective campaign (e.g. purchase, newsletter subscription)

Cookies are set to recognize returning visitors in pseudonymised form. These cookies lose their validity after 13 months and are not used for personal identification. If you do not agree to the storage and evaluation of usage measurement from your visit, you can object to this by clicking on the circular fingerprint icon in the bottom left corner of the page.

This will allow you to place a so-called opt-out cookie in your browser. This means that the service will not set cookies for usage measurement and no session data will be collected. Please note: If you delete your cookies, the opt-out cookie will also be deleted and you may have to activate it again.

TikTok also processes your personal data outside of Switzerland/EEA and has entered into standard contractual clauses to ensure an adequate level of data protection. TikTok’s current privacy policy can be found at https://www.tiktok.com/legal/privacy-policy.

Required legal basis for the processing of data is listed Art. 6 para. 1 s. 1 lit. a GDPR.

Trustpilot reviews

Description and purpose

We use Trustpilot to collect and publish customer reviews. If you leave a review, Trustpilot will process the personal data you provide in accordance with its privacy policy. Reviews and related user profiles are public on Trustpilot. If we send you a review invitation, we will share your email address with Trustpilot to send the invitation based on our legitimate interest.

Data collected

This list represents all (personal) data that is collected by or through the use of this service.

  • IP address 
  • Browser settings 
  • Name and email address (if the customer writes a review or creates an account) 
  • Review content, star rating, images and videos
Legal basis

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR, collecting and publishing customer reviews or Art. 6 para. 1 lit. a) GDPR if if marketing-related invitations are sent.

Receiver

Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K.

Transfer to third countries

Trustpilot A/S is located in Denmark, so the processing of personal data primarily takes place within the EU/EEA. Trustpilot may also use sub-processors outside the EU, in which case it will use appropriate data protection mechanisms (such as contractual safeguards).

Duration of data storage

Reviews remain on Trustpilot as long as the user keeps their profile active or deletes their review. The company only keeps the contact details in the customer register that are necessary to send review invitations. Other data is deleted as soon as it is no longer needed for the purpose for which it was collected. In addition, the data is deleted if the user exercises their right to erasure pursuant to Art. 17 para. 1 GDPR.

Revocation

Trustpilot offers users extensive control over their personal data. Users can view the data stored in their profile in Trustpilot’s settings (“My Settings”). The data can be edited, corrected or deleted (Art. 17 para. 1 lit. b) GDPR). Reviews can also be deleted or anonymized.

Further data protection information

Further information on the processing of your personal data can be found here: https://corporate.trustpilot.com/legal/for-reviewers/privacy-policy

Further information about cookies and browser settings can be found by clicking on the circular fingerprint icon in the bottom left corner of the page.

Does your online store or ordering software make use of analytics services?

Our goal is to provide as user-friendly and streamlined online experience as possible. To achieve this, we use online analytics services that allow us to keep track of the number of visitors to our website, their visit frequency and the devices and software they use to access the website. Ifolor does not use this software to collect personal data or unique IP addresses. Instead, this information is used anonymously and in summary form for statistical purposes and to further develop our website.

Google Analytics 4

Description and purpose

This website uses the service “Google Analytics 4”, which is offered by Google LLC, to analyze website usage by users. The service uses “cookies” - text files that are stored on your end device. First-party cookies are used for this purpose. With a first-party cookie, the user can only be recognized by the page from which the cookie originates, not across multiple domains. The information collected by the cookies is usually sent to a Google server in the USA and stored there. If necessary, Google Analytics on this website is extended by the code “gat._anonymizeIp();” in order to ensure anonymized collection of IP addresses (so-called IP masking). Please also note the following information on the use of Google Analytics: The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. For EU citizens, the IP address is also only used to derive location data and then deleted again. You also have the option of activating or deactivating the collection of detailed location and device data for individual regions (tracking settings). As part of the order processing agreement that the website operators have concluded with Google LLC, the latter uses the information collected to compile an analysis of website usage and website activity and provides services associated with internet usage.

Recipients

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Disclosure abroad

The personal data is processed on a server in European Servers. It cannot currently be ruled out that personal data will be disclosed to the United States of America. An adequacy decision (EU-US Data Privacy Framework) has been in place for the USA since July 10, 2023. Google LLC is certified in accordance with the EU-US Data Privacy Framework. Ifolor AG has concluded standard contractual clauses with Google LLC for the disclosure of personal data to the USA.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data can be found here:

https://support.google.com/analytics/answer/6004245?hl=en
https://policies.google.com/privacy?hl=en&gl=uk

Opt-out disclosure:

If you do not agree with the storage and analysis of the analysis data from your visit, you can object to this by editing your settings from cookie manager on this site. They can be found by clicking on the circular fingerprint icon in the bottom left corner of the page.

However, we would appreciate if you would agree to the use of analytics tools, as they will help us to regularly improve our website and services and to optimise them to your needs.

The legal basis is our legitimate interest, Art. 6(1) point f GDPR, to provide you with a smooth order process and to make our website more user-friendly and effective overall.

In addition to the above, Ifolor utilises the Adjust analysis service to track visits to our ordering software. This service helps us to improve our services and optimise them to customer needs. This tracking data is collected anonymously. If you do not wish to collect this kind of tracking data, many browsers include the option to block tracking.

Microsoft Clarity

We use "Microsoft Clarity", a service for analysing the use of our website. This service records interactions (e.g. clicks, scrolls, mouse movements), technical events (e.g. error and performance information) and information about the display of the page in order to create heat maps and session replays and to improve user-friendliness and our offerings (analysis and optimisation). Content in recordings can be masked/suppressed by Clarity or by our configuration. The data is collected using cookies and similar technologies. The legal basis (where applicable) is your consent in accordance with Art. 6(1)(a) GDPR, which you can revoke at any time via our consent tool.

Data collected

This list contains all (personal) data collected by or through the use of this service. 

  • IP address 
  • Date and time of visit 
  • Unique user ID 
  • Session ID 
  • User behaviour 
  • Interaction data 
  • Mouse movements 
  • Clicks 
  • Scrolling activity
Recipient

The recipient of the data is Microsoft (Microsoft Ireland Operations Limited One, Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland and, depending on the constellation, affiliated companies such as Microsoft Corporation). Clarity is operated by Microsoft as a (joint) controller; further details can be found in the Microsoft notices. 

Below you will find the E-Mail address of the data protection officer of the processing company. https://www.microsoft.com/en-GB/concern/privacy

Disclosure abroad / transfer to third countries

Clarity data is processed in the Microsoft Azure cloud. For customers in the EU, the contractual relationship is with Microsoft Ireland Operations Limited (MIOL); standard contractual clauses (SCCs) exist between MIOL and Microsoft Corporation (USA) for intra-group transfers. A transfer to the USA cannot therefore be ruled out.

Duration of data storage

Clarity typically stores recording data for 30 days; heat map data and click/aggregation data are typically retained for up to 13 months (marked/favoured sessions also for up to 13 months).

Link to Google Analytics 4

If you have consented to the use of Google Analytics 4 and Microsoft Clarity, we can link the two services so that Clarity can retrieve data from Google Analytics 4 and display it in the Clarity interface. Clarity and Google Analytics data can be combined; processing is pseudonymised and carried out exclusively for analysis and optimisation purposes.

Further data protection information / opt-out

Further information on data processing by Microsoft can be found in the Microsoft Privacy Statement. You are also required to inform users that Clarity uses cookies; you can control consent via our consent tool (revocation possible at any time).

Can this privacy policy be revised?

We reserve the right to revise this privacy policy to account for service improvements or changes in applicable laws and regulations. We will notify you of any material changes to our privacy policy whenever we update their terms and conditions.

This privacy policy supersedes our previous Privacy Policy.

Who should I contact?

If you have any questions about this privacy policy, please contact us via e-mail, address: dataprotectionofficer@ifolor.fi

or mail, address:

Ifolor Oy
Data protection officer
Karhumäenkuja 2
FI-01530 Vantaa
Finland

*Volume discount on Digital photos (same size and finish):
1-49 pcs. from 0,28 €, 50-99 pcs. from 0,20 €, 100 pcs. or more -50 % from 0,14 €.

Cannot be combined with other offers. Shipping costs will be added. Ifolor reserves the right to change prices. Offers are valid until 21.5.2026.