• Suomi
  • English

Processing of personal data

PROCESSING OF PERSONAL DATA

ROSES24.FI Privacy Policy

1. General

This privacy policy (hereinafter referred to as the Policy) describes how we process the personal data of customers and visitors to the ROSES24.FI website and the ROSES24.FI store. The Policy has been developed in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and the data protection legislation of the Republic of Finland. We are committed to protecting the privacy and personal data of our customers by complying with all applicable requirements.

2. Personal data controller

  1. Personal data controller The responsible controller (operator) of personal data processed on the website and in the ROSES24.FI store is ROSES24SUOMI OY, registered in Finland (reg. no.: 3400085-4, address: Atlantinkatu 14, 00180 Helsinki, Finland). Contact details for ROSES24SUOMI OY: tel. +358 942 727 622, email: [email protected].

ROSES24SUOMI OY transfers personal data necessary for the execution of payments to its authorised partner Montonio Finance UAB (payment service provider).

3. Categories of personal data processed

We process various categories of personal data provided by you or collected by us during your use of the ROSES24.FI services. This data includes:

  • Identification and contact details: customer’s first and last name, telephone number, email address, and delivery address.
  • Account details: information provided when registering an account (e.g. login, password – stored in encrypted form).
  • Payment details: bank account or payment card number (for online payments) required for processing payments and refunds.
  • Purchase information: order and purchase history on ROSES24.FI (order dates, goods or services purchased, amounts and payment method).
  • Customer support data: information provided when contacting customer support (questions about products and services, complaints, feedback), including recordings of telephone conversations with customers (if consent to recording has been given).
  • Website activity data: technical information about your visit to the website (IP address, cookies and other network identifiers, browser and device information, and your navigation actions on the website).
  • Audio/video surveillance data: video images and sound recordings obtained by a video surveillance system with audio functionality when visiting our physical store at Atlantinkatu 14, 00180 Helsinki, Finland (recordings from surveillance cameras in the sales area).

All of the above data is considered confidential and is processed in strict accordance with this Policy.

4. Purposes and legal grounds for processing

Personal data is collected and used in strictly defined and lawful ways. Below are the purposes for which ROSES24.FI processes your data, as well as the relevant legal grounds under the GDPR:

  • Order processing and fulfilment: we process your personal data to receive and fulfil your orders, arrange delivery, issue invoices, receive payment and inform you about the status of your order. Legal basis: performance of a contract with the customer (Article 6(1)(b) of the GDPR).
  • Provision of customer support services: we use your contact details and order information to respond to enquiries and requests, resolve issues with products or services, and process returns and complaints. Legal basis: performance of a contract with the customer and, in certain cases, our legitimate interest (Article 6(1)(f) of the GDPR) in providing proper customer service.
  • Personalisation and improvement of service: we may process data about your purchase history and interactions with us (e.g. which products you have ordered in the past) in order to offer you relevant products, personalised service and improve the quality of our service. In particular, when you contact us by phone, we may identify you in advance by your phone number (see the section on automatic identification below) and take into account your purchase history. Legal basis: ROSES24.FI’s legitimate interest in improving the quality of service and offering relevant products to customers (Article 6(1)(f) of the GDPR).
  • Recording of telephone conversations for quality control: if you give your consent, our telephone conversations may be recorded (see details below) for the purpose of monitoring the quality of our employees’ work, training our staff and retaining evidence of agreements with customers. Legal basis: your explicit consent (Article 6(1)(a) of the GDPR).
  • Delivery and logistics: Your delivery address and contact details are processed for the purpose of forwarding them to courier services and ensuring the delivery of the goods you have ordered. Legal basis: Performance of a contract (delivery is part of the service provided under the purchase contract).
  • Payment processing and refunds: the necessary payment details (e.g. payment card information, purchase amount) are transferred to the payment system for payment; the bank account is used to refund money in the event of order cancellation or product return. Legal basis: performance of the contract; for accounting purposes – legal obligation (Art. 6(1)(c) GDPR).
  •  
  • Marketing mailings: with your consent, we use your email address and/or telephone number to send you advertising and information about our products and offers. Legal basis: customer consent to direct marketing (Art. 6(1)(a) GDPR). You have the right to object to such mailings at any time (see the section on direct marketing below).
  • Maintaining the website and security when using the website: technical data (IP address, cookies, etc.) are used to provide you with the functionality of our online shop as an information society service, to store your preferences (e.g. shopping basket contents) and to protect the website and prevent fraud. Legal basis: the company’s legitimate interest in ensuring the functionality, security and user-friendliness of the website (Art. 6(1)(f) GDPR). For non-essential cookies, we request your consent in accordance with the legal requirements.
  • Video surveillance in the store (security): Video and audio recordings are made in our store to prevent offences, ensure the safety of customers and employees, and resolve any disputes (e.g. service incidents). Legal basis: ROSES24.FI’s legitimate interest in protecting property, life and health (Article 6(1)(f) of the GDPR) and fulfilling its security obligations.
  • Compliance with legal obligations: In certain cases, we process and transfer your data when required by law. For example, storing transaction data for tax and accounting purposes, providing information upon reasonable request from public authorities (tax, law enforcement). Legal basis: compliance with a legal obligation (Article 6(1)(c) of the GDPR).
  • Protection of the company’s legitimate interests: where necessary, we may process personal data to establish, exercise or defend legal claims (e.g. in the event of a lawsuit or dispute). Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in protecting our rights.

We do not carry out automated decision-making that significantly affects you without human involvement (including profiling), except for direct marketing as described below and personalisation of the service (which does not have a significant legal impact on customers).

5. Recording of telephone conversations

We care about the quality of our service, so customer calls to ROSES24.FI (e.g. to our telephone support service) may be recorded. At the beginning of the conversation, you will always be informed that the conversation will be recorded and asked for your consent. Conversations are only recorded with the customer’s consent.

The purposes of recording telephone conversations are to monitor the quality of operators‘ and employees’ work, to train staff, and to preserve the content of agreements with customers (e.g. order confirmation or delivery address) in order to resolve any disputes that may arise. Recordings are not used for any other purpose and are not passed on to third parties, except in cases expressly provided for by law (e.g. at the request of law enforcement authorities).

Legal basis: consent of the data subject (Art. 6(1)(a) GDPR). If you do not consent to the recording, you have the right to terminate the call or use alternative means of communication (e.g. write to us by email).

Retention period for call recordings: Audio recordings of telephone conversations are stored for no longer than 1 year from the date of the call, after which they are automatically deleted unless there are legitimate grounds for longer storage (e.g. if the recording is required for the investigation of a complaint or for legal proceedings).

Access to recordings: Only authorised ROSES24.FI employees (e.g. service quality managers) are authorised to listen to and process call recordings. Such employees are bound by confidentiality. If necessary (e.g. to resolve a dispute with a customer), the recording of a conversation may be used by the company’s internal services. Audio recordings may only be passed on to third parties in cases provided for by law (e.g. disclosure to the police upon official request).

6. Automatic identification by telephone number

For convenience and personalised service when you contact us, we use automatic caller identification technology. This means that when you call us from a phone number listed in your profile or previously used for orders, our system can recognise your number and match it to your account or order history.

Purpose of automatic identification: to speed up and simplify service. Thanks to identification, operators can immediately address you by name and see information about your previous orders or enquiries. This helps us resolve your issues faster and offer more personalised assistance.

Legal basis: this method of processing is based on the legitimate interest of ROSES24.FI (Article 6(1)(f) of the GDPR) – we strive to improve the efficiency of our service and customer satisfaction. The use of automatic identification does not affect your rights: your phone number has already been provided by you and is used exclusively for your benefit when contacting support.

If you do not want automatic identification to take place when you call, you can use another method of contacting us or request that your enquiry be processed without reference to your previous history (in this case, the operator may ask you some questions to identify you ‘manually’).

7. Cookies and website data

Our website uses cookies and similar technologies to ensure its functionality, user-friendliness and to collect statistics. Cookies are small files stored in your browser that allow us to recognise you when you return to our website and to save certain settings.

  • Functional and mandatory cookies: necessary for the website to function (e.g. saving the contents of your shopping cart, logging into your account, selecting your language). The processing of the data associated with these cookies is based on our legitimate interest in providing the online service you have requested. These cookies are set automatically and the website may not function properly without them.
  • Analytical and preference cookies: used to collect anonymous statistics about website usage (pages visited, user actions) and to remember your preferences. These cookies help us improve our website and product range. Where required by law, we ask for your consent to use analytical cookies (e.g. via a banner on the website). You can withdraw your consent at any time by clearing your cookies in your browser or changing your cookie settings on our website.
  • Marketing cookies: our website does not currently use third-party advertising trackers without your knowledge. If we implement such technologies, we will ensure that we obtain your prior consent.

When you visit the ROSES24.FI website, we may collect the following data about your web visit: your device’s IP address and network identifiers, the date and time of access, information about your browser and operating system, the address of the page you requested and the previous page (referrer). This data is stored in server logs for a limited period of time (usually no longer than 1 year) and is used to ensure security and investigate possible incidents (e.g. hacking attempts). The legal basis for this processing is our legitimate interest in protecting the integrity of the website and preventing abuse.

You can find out more about the use of cookies in our [cookie policy](if the company has a separate document, a link will be provided here; otherwise, this Policy covers the main aspects).

8. Video surveillance in the store

To ensure safety on the premises of our physical store ROSES24.FI at Atlantinkatu 14, 00180 Helsinki, Finland, we use video surveillance with audio recording. The cameras are installed in plain view, and visitors are informed of this by appropriate signs/stickers when entering the area covered by the cameras.

Purposes of video surveillance: to protect company property, prevent theft and other illegal activities, ensure the safety of our employees and visitors, and record the circumstances of any incidents or conflicts that may arise during customer service. Audio recording helps to accurately reconstruct the course of events and conversations related, for example, to service at the cash register in the event of a dispute.

Video surveillance data includes video images and sound (conversations and noises) within the camera coverage area. This data is personal as it may contain images of visitors’ faces and voices, which may indirectly identify them.

Video surveillance data is processed as follows:

  • Data controller: ONE MANAGEMENT OÜ (ROSES24.FI) is the operator that determines the purposes and means of processing camera recordings. Access to the video surveillance system is restricted to authorised ROSES24.FI employees.
  • Legal basis: legitimate interest of the company (Art. 6(1)(f) GDPR) – ensuring security, preventing losses and protecting rights in the event of incidents. Where necessary, video recordings may also be used to fulfil a legal obligation (e.g. transfer to the police for investigation of an offence).
  • Retention period: video recordings (including audio) are stored for no longer than 7 days, after which they are automatically deleted or overwritten with new data unless longer storage is necessary. If an incident is recorded (e.g. theft, accident, conflict), the relevant section of the recording may be selected and stored until the situation is resolved or transferred to the competent authorities. Such selected recordings are only stored for as long as necessary for the specified purposes (e.g. for the duration of an investigation or legal proceedings), after which they are deleted.
  • Access to recordings: Only a limited group of authorised employees (e.g. security personnel or company management) may view and use the video recordings. These persons are responsible for maintaining the confidentiality of the information obtained. In the event of an incident, video material may be handed over to the competent authorities (police, labour inspectorate, etc.) upon official request or used as evidence in the resolution of disputes with customers.
  • Use of data: Camera recordings are used exclusively for security purposes and to investigate incidents. They are not used for marketing or other commercial purposes. We do not carry out biometric identification or facial recognition based on video recordings. Video surveillance is also not intended to monitor the working hours of our employees – it is used only for the purposes listed above.

All data obtained through the video surveillance system is processed in accordance with the requirements of the Personal Data Protection Act. Unauthorised access to this data is prevented by technical and organisational security measures.

9. Transfer of personal data to third parties

ROSES24.FI respects the confidentiality of your data and does not transfer personal data to third parties unless this is necessary for the provision of our services or required by law. Within the scope of our activities, your data may be transferred to the following categories of recipients (third parties):

  • Courier and postal services (logistics): in order to deliver your order, we provide the delivery service you have selected with the necessary data – your name, telephone number, email address and delivery address. The courier will only receive the information necessary to deliver your parcel to you. Examples of such partners are postal and courier companies (Omniva, DPD, DHL, etc., depending on the delivery option selected).
  • Payment providers: To process payments for orders, some of your data is transferred to our payment partners. In particular, when paying via the Montonio Finance system, the necessary information (purchase amount, currency, order number, your name and contact details) will be forwarded to Montonio Finance UAB, which acts as an authorised payment processor. Your payment data is processed in Montonio’s secure environment; ROSES24.FI does not have access to your confidential bank details (e.g. card numbers, passwords). When paying by bank transfer via Montonio, you will be redirected to your bank’s secure page and only the payment confirmation will be returned to us.
  • Banks and credit institutions: If you choose to pay in instalments or by credit (e.g. via our instalment partner ESTO or another bank), the necessary personal and financial data will be transferred to the relevant financial institution providing the service. These partners are independently responsible for your data as part of the credit assessment and have their own privacy policies. We only provide the information required to process the payment/credit (usually your name, contact details, transaction amount).
  • Information technology services: we engage third-party companies to host our website, store data and ensure the operation of information systems (e.g. a company providing servers and cloud storage, developers and technical specialists maintaining our website). These companies may access personal data to the extent necessary to provide their services (e.g., for data backup or technical troubleshooting). All such partners are bound by confidentiality and data processing agreements (DPA) that require them to protect your data and use it only as instructed by ROSES24.FI.
  • Third-party communication and marketing services: We may use external services (e.g. SendPulse email marketing, CRM systems, marketing automation services) to send emails, SMS messages or manage our loyalty programme. In such cases, certain customer contact details (e.g. email, phone number, name) are stored and processed in the system of that provider. We enter into agreements with such providers that provide for data protection and check their compliance with the GDPR. They are not entitled to use your data for their own purposes.
  • Accounting and auditing services: if ROSES24.FI’s accounting is handled by an external organisation or accountant, they will be provided with the data necessary for accounting for sales and payments (e.g. account data containing your name, address, payment amount, date and goods). These recipients process the data to fulfil their legal obligations (accounting) and maintain confidentiality.
  • Legal advisors and debt collection: in the event of a dispute requiring legal assessment, or if a customer has not fulfilled their financial obligations, we may transfer the relevant data (e.g. contract, debt information, customer contact details) to our legal representatives or, if necessary, to debt collectors/lawyers. This is done solely to protect our legitimate interests or to comply with legal requirements.
  • Government agencies and law enforcement authorities: we only transfer personal data to government agencies in cases provided for by law. For example, upon official request from the police in connection with an investigation of fraud or theft in a store, we provide CCTV recordings; upon request from the Tax and Customs Department, we provide invoices and sales information; upon request from the Data Protection Authority, we provide information during an inspection, etc. In each case, we carefully check the legality of the request and provide only the information that is requested and required by law.

Each third-party recipient receives only the amount of information necessary to perform their functions. We do not sell or transfer your personal data to any third-party organisations for their own marketing purposes without your express consent.

Data may only be transferred to countries outside the European Union or the European Economic Area (third countries) if an adequate level of data protection is ensured. If our partner is located outside the EEA, we guarantee that one of the mechanisms provided for in the GDPR is in place: the country has a European Commission decision on an adequate level of data protection, or standard EU contractual clauses have been concluded with the recipient, or the recipient is certified under a recognised system (e.g. for companies in the USA – under the current Data Privacy Framework or equivalent measures). In this way, your rights remain protected when data is transferred internationally.

10. Data retention periods

We store personal data for no longer than is necessary for the purposes for which it was collected or as required by law. Retention periods vary depending on the category of data and the purposes of processing:

  • Account data: if you create an account on our website, your personal data will be stored for as long as the account is active. If you decide to delete your account, all account data will be deleted or anonymised, except for information that must be retained by law (e.g. order history for accounting purposes) or is necessary to protect our interests in the event of unresolved disputes.
  • Purchase history without registration: if you have made purchases without creating an account, your order details (purchase history) are stored in our system for 3 years from the date of purchase. This is necessary for tracking repeat visits, possible returns, warranty claims and business analysis. After 3 years, this data is either deleted or anonymised unless we have other reasons to keep it (e.g. an active dispute).
  • Correspondence and support requests: emails, chat messages and other communications with you are stored for as long as necessary to process your request and for subsequent interactions. As a rule, communications are stored for no more than 3 years, similar to your purchase history, unless the law requires a longer period or a dispute arises that requires longer storage. Recordings of telephone conversations (if available) are stored for up to 1 year, as indicated above in the section on calls.
  • Marketing data: information about your consent to receive marketing communications (subscription) and the fact that marketing communications have been sent to you is stored until you unsubscribe or withdraw your consent. If you unsubscribe from the mailing list, we may retain minimal information about you (e.g., your email address in the unsubscribe list) to ensure that you do not receive any further emails.
  • Video surveillance data: recordings from cameras in the store are stored for up to 7 days, unless they are removed for investigation of an incident – in which case specific recordings may be stored until the investigation is complete (see the section on video surveillance). Normal irrelevant recordings are automatically deleted (overwritten) after one week.
  • Payment and accounting information: personal data contained in accounting documents (invoices, delivery notes, payment details) is stored for 7 years after the end of the financial year in which the relevant transaction took place, in accordance with Estonian accounting and tax legislation. For example, a purchase invoice from 2025 will be stored until the end of 2032. This data may include your name, contact details, information about the goods purchased and the amounts paid.
  • Data on disputes and incidents: if you or we have initiated a dispute (e.g. filed a claim, started legal proceedings) or if another incident has occurred that requires the retention of personal data (e.g. a call recording or video for evidence), we will store the relevant data for as long as necessary to reach a resolution. Once the claim or dispute has been resolved and the limitation period for possible claims has expired (in accordance with applicable law), the data will be deleted.

At the end of the storage period, we either irreversibly delete personal data or anonymise it in an appropriate manner (to prevent identification of individuals).

11. Security measures during processing

We have implemented the necessary technical and organisational measures to ensure the security of your personal data and to protect it from unauthorised access, alteration, disclosure or destruction. These measures include:

  • Secure data storage: your personal data is stored primarily on servers located in countries within the European Union. The servers are hosted by reliable data centre providers that meet security requirements.
  • Encryption and protocols: The ROSES24.FI website uses SSL/TLS encryption to protect data during transmission (you can see the lock icon in your browser’s address bar). This prevents your personal data from being intercepted when you enter it on the website (e.g. login or payment details). Confidential payment details are transmitted via verified payment providers using secure channels.
  • Access control: Access to personal data within the company is restricted to those who need it to perform their duties (e.g. customer service, accounting, IT administrator).
  • Each of these employees is bound by a confidentiality agreement. Access to particularly sensitive information (e.g. payment details, call records, videos) is restricted to a small group of responsible persons.
  • Organisational procedures: the company has data protection policies and guidelines in place. Staff training on information security and confidentiality is provided. Employee access rights are reviewed regularly.
  • Monitoring and testing: we monitor potential threats and update software, and use virus and hacking protection. If necessary, we engage third-party specialists to audit the security of our systems.
  • Contracts with processors: All external companies that process data on our behalf (hosting, IT, logistics, etc.) are contractually obliged to ensure an appropriate level of data security, including technical (secure servers, encryption) and organisational measures. We select our partners carefully, taking into account their reputation and compliance with GDPR standards.

Despite the measures taken, no method of data transmission over the Internet or electronic storage can be completely secure. However, we constantly update and improve our security measures in line with technological developments to minimise the risk of leakage or unauthorised access.

In the unlikely event of a personal data breach that could pose a risk to your rights and freedoms, we will act in accordance with the GDPR: we will notify the supervisory authority (the Data Protection Authority) within the specified time frame and, if the risk is high, we will also inform you of the incident and provide recommendations for protection.

12. Data subject rights

Under the GDPR, you have a number of important rights regarding your personal data. ROSES24.FI respects these rights and strives to ensure that they can be exercised. Your main rights are as follows:

  • Right to information: you have the right to receive clear and complete information about what personal data is being processed, for what purpose, on what basis, to whom it is transferred and how long it is stored. This Policy is intended to provide this information. If anything remains unclear, you can ask us for clarification.
  • Right of access: you can request confirmation from us that we are processing your personal data and obtain a copy of the personal data we hold about you. We will provide this information to you free of charge (a reasonable fee may be charged for repeated or excessive requests, as permitted by law).
  • Right to rectification: if any of your personal data is inaccurate or incomplete, you have the right to request that it be corrected or supplemented. You can edit the basic data yourself in your account on the ROSES24.FI website. You can also inform us of any necessary corrections, and we will make them promptly.
  • Right to erasure (‘right to be forgotten’): You have the right to request that we erase your personal data if it is no longer necessary for the purposes for which it was collected, if you believe that the processing is unlawful, or if you have withdrawn your consent (provided that there are no other grounds for processing).
  • We will comply with such a request by deleting the data, except for data that we are required to retain by law or for the establishment, exercise or defence of legal claims. Please note that due to legal obligations, we cannot delete information about purchases made before the expiry of the specified retention periods (see section on retention periods).
  • Right to restriction of processing: in certain circumstances, you may request that we temporarily restrict the processing of your data (other than storage) – for example, if you contest the accuracy of the data or object to the processing (for the period during which we consider your request), or if the processing is unlawful but you do not want the data to be deleted.
  • When processing is restricted, the data will no longer be processed but will be stored. We mark such data in a special way and ensure that it is not accessible for operations other than those you have restricted.
  • Right to data portability: if your data is processed automatically on the basis of your consent or a contract with you, you have the right to receive this data from us in a structured, commonly used, machine-readable format (e.g. CSV) for transfer to another controller (company). You can also ask us, if technically feasible, to transfer this data directly to another company of your choice. This right applies primarily to data that you have provided to us yourself (e.g. profile information, orders placed).
  • Right to object to processing: You have the right to object at any time to the processing of your personal data based on our legitimate interests (Art. 6(1)(f) GDPR), including profiling on these grounds. In such a case, we must stop processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.
  • If your data is used for direct marketing purposes, you have the absolute right to request that such processing be stopped at any time (see below).
  • Right to withdraw consent: where we process your data on the basis of consent, you have the right to withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of processing carried out before the withdrawal. For example, you can withdraw your consent to receive a newsletter, and we will immediately stop sending it to you. Or you can withdraw your consent to the recording of telephone calls, and then further calls will not be recorded.
  • Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing (without human involvement) if such a decision produces legal effects concerning you or otherwise significantly affects you. In our activities, we do not make such decisions without human involvement. If the situation changes, we will inform you separately and ensure your right to human intervention.
  • Right to lodge a complaint: If you believe that we are violating your personal data rights or the requirements of the GDPR, you have the right to lodge a complaint with a supervisory authority (see contact details below). We ask that you contact us first, and we will endeavour to resolve the situation and settle your claims voluntarily and as quickly as possible.

We endeavour to respond to all legitimate requests within 1 month of receipt. This period may be extended by a further two months if the request is complex or if several requests have been received at the same time. In this case, we will notify you of the extension and the reasons for the delay.

In order to ensure the exercise of your rights and the security of your data, we may need to verify your identity (e.g. by requesting additional information or proof of identity) as a precautionary measure to prevent personal data from being disclosed to an unauthorised person.

The exercise of your rights is free of charge. However, if the request is manifestly unfounded or excessive (e.g. repeated multiple times), we are entitled to either refuse to comply or charge a reasonable fee, taking into account the administrative costs of providing the information or taking the requested action (in accordance with Article 12(5) of the GDPR).

13. Direct marketing and opting out

We will only send you marketing communications using your contact details if you have given your express consent or if you are an existing customer and the communication relates to similar products/services that you have previously purchased (in the latter case, you will always have the option to opt out).

Marketing communications may include news about our products, special offers, information about discounts, invitations to events, etc.

Form and frequency of distribution: we usually send advertising information by email (email distribution).

In some cases, if you have agreed, we may send SMS messages to the phone number you provided or make occasional phone calls with offers. We try to set a reasonable frequency for our mailings so as not to overload you with emails: on average, no more than a few times a month, unless there is a short promotional campaign.

Opting out of marketing communications: you have the right to opt out of receiving further marketing communications from us at any time. The unsubscribe process is simple and convenient:

  • Every email newsletter from ROSES24.FI contains an active unsubscribe link (usually at the bottom of the email).
  • Just click on it and we will remove your address from the mailing list.
  • You can also contact our customer service (by email or phone, as indicated in the contact section) with a request to unsubscribe – our staff will do this manually as soon as possible.
  • In the case of SMS, you can reply with the text ‘STOP’ (or another method of opting out specified in the message) or contact us directly to have your number removed.

After you opt out, we will stop sending you marketing messages. Please note that even after you unsubscribe, we may still contact you about operational matters related to your orders (e.g., order status notifications, delivery reminders, customer service responses) — these messages are not advertising and cannot be unsubscribed from while you have active orders or unresolved issues.

If you later change your mind and want to receive our offers again, you can always re-subscribe to the newsletter (e.g. via the form on our website or by contacting support).

We may carry out light profiling for marketing purposes, such as analysing your purchase history or preferences in order to send you relevant offers. Such profiling is used solely for the purpose of personalising advertising and has no legal consequences for you. You have the right to object to the use of your data for direct marketing and related profiling at any time (see the right to object above). If you object, we will stop processing your data for marketing purposes.

14. Contact information

If you have any questions about this Policy, the processing of your personal data, or the exercise of your rights, you can contact us in any way that is convenient for you:

  • By email: [email protected] – you can send any requests regarding personal data (request for access, correction, deletion, withdrawal of consent, complaint, etc.) to this address.
  • By phone: +358 942 727 622. Our specialists will endeavour to answer your questions during business hours. Please note that we may ask you to confirm your identity by phone or send an official request in writing for complex cases (e.g. requests for copies of data).
  • By post: you can send us a written request to the following address: ROSES24SUOMI OY (ROSES24.FI), reg. no.: 3400085-4, address: Atlantinkatu 14, 00180 Helsinki, Finland.
  • Please state the nature of your request and your contact details for feedback.

We value the trust you place in us by providing your personal data and are committed to open dialogue. If you have any suggestions or questions regarding our privacy policy, we are happy to consider them.

15. Supervisory authority

  • The supervisory authority for personal data protection in Finland is the Office of the Data Protection Ombudsman of Finland (Tietosuojavaltuutetun toimisto).

If you believe that we have violated your data protection rights and have not responded to your requests in an appropriate manner, you have the right to lodge a complaint with this authority. You can contact the supervisory authority as follows:

Website: www.tietosuoja.fi (information and complaint forms are available on the website). Email: [email protected] Telephone: +358 29 566 6700 Postal address: Tietosuojavaltuutetun toimisto, PL 800, 00521 Helsinki, Finland

The Data Protection Inspectorate will review your complaint and conduct an investigation if necessary. We hope that such situations will not arise, and we encourage you to contact us first – we will make every effort to resolve your issue out of court.

16. Changes to the Privacy Policy

We regularly review and, if necessary, update this Policy in line with changes in our activities or legal requirements. The current version of the Policy is always available on our website ROSES24.FI (under ‘Privacy Policy’).

In the event of significant changes (e.g. if we start processing your data for new purposes that require your consent), we will notify you additionally via the website or other communication channels (e.g. by email).

The Policy was last updated on 5 May 2025. If the Policy has been updated after this date, previous versions can be provided upon request. We recommend that you review this section periodically to stay informed about how ROSES24.FI protects your data.

Thank you for trusting ROSES24.FI. We make every effort to ensure that your interaction with us is not only enjoyable but also secure in terms of personal information protection.