Privacy policy

The purpose of this privacy policy (the "Charter") is to formalize our commitment to respect the privacy of users of the website www.baiobay.com and www.baiobay.fr (the "Site") operated by Twistbe Oy.

The Charter and the Terms of Sale of the Site form a contractual whole. All capitalized terms not defined in this Charter are defined in the Terms of Sale available here: https://baiobay.com/pages/conditions-generales-de-vente.

As part of the provision of our Site and related services, we process your personal data in compliance with the General Data Protection Regulation 2016/679 of 27 April 2016 (“GDPR”) and other applicable data protection laws.

Personal data means any information relating to an identified or identifiable natural person. We collect and process personal data only for specific, explicit and legitimate purposes, and only to the extent necessary for those purposes.

By using the Site and, where applicable, creating an account or placing an order, you acknowledge that your personal data will be processed in accordance with this Charter. If you do not agree with this Charter, please refrain from using the Site.

1. Data controller

The data controller for the processing of personal data on the Site is:

Twistbe Oy
Business ID (Y-tunnus): 2670727-4
Address: Lapinlahdenkatu 7, 00180 Helsinki, Finland
Email: hello@baiobay.com

2. In which cases do we collect your personal data and what data is collected?

We may collect and store your personal data in particular when you:

  • browse the Site
  • create an account on the Site
  • place an order or make an online payment on the Site
  • subscribe to our newsletter
  • contact us (for example via email or contact form).

We use your personal data to enable the operation and management of the Site and associated services, to process your orders, to provide customer service, and to communicate with you about our products, services and promotions where permitted.

2.1 Browsing the Site

Log data. Each time you visit the Site, we may collect technical information such as your IP address, device identifiers, browser type, operating system, date and time of access, and other technical data necessary to ensure the security and proper functioning of the Site.

Browsing data. We may also collect information on how you use the Site (pages visited, time spent, clicks, etc.) for analytics and improvement of our services. This may involve the use of cookies and similar technologies as described in section 5 below.

2.2 Creating an account

Access to some of our services requires the prior creation of an account. When you create an account, we may collect the following personal data in particular:

  • first name and last name
  • postal address and country
  • email address
  • telephone number (optional, where applicable)
  • login credentials (such as password).

This data is necessary to manage your account, process your orders, and provide customer service.

2.3 Orders and payment

When you place an order on the Site, we collect the information necessary to process and deliver your order:

  • billing and delivery address
  • contact details (name, email, telephone number)
  • order details (products ordered, quantities, prices, discounts, delivery method, etc.)
  • payment-related information (payment method, payment status; card details are processed securely by our payment service provider and are not stored in full by us).

To process payments, we use external payment service providers (such as Stripe or payment services available via the Shopify Payments gateway), who act as independent controllers or processors. These providers may collect and process your payment data directly in order to process your transaction securely.

2.4 Newsletter

When creating your account, placing an order or subscribing via dedicated forms, you may give your consent to receive our newsletters and marketing communications (for example about new products, services and promotions).

You can withdraw your consent and unsubscribe from our newsletters at any time by using the “unsubscribe” link at the bottom of each email or by contacting us at hello@baiobay.com.

2.5 Contacts and customer service

When you contact our customer service (for example by email or via a contact form), we process the personal data you provide to us (name, email address, order number, content of your request, etc.) in order to respond to your questions, handle your requests and improve our services.

3. Legal bases for processing

We process your personal data on the following legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR): in particular for managing your account, processing and delivering your orders, handling returns and complaints.
  • Compliance with legal obligations (Article 6(1)(c) GDPR): for example accounting and tax obligations, and other legal requirements.
  • Legitimate interests (Article 6(1)(f) GDPR): for example to improve our Site and services, prevent fraud, ensure the security of the Site, and manage our business relationship with customers.
  • Consent (Article 6(1)(a) GDPR): for certain marketing communications (newsletter) and, where applicable, for the use of non-essential cookies and similar technologies.

4. How do we protect your personal data?

We have implemented appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

However, no security measure is absolutely infallible. We encourage you to keep your password confidential and to log out of your account when using a shared computer or device.

5. Cookies: how do we use them?

5.1 What is a cookie?

A cookie is a small text file that may be stored on your device when you visit a website. Cookies enable the website to recognize your device and store certain information about your preferences or previous actions.

5.2 What are the cookies used on our Site for?

The cookies we use may serve in particular to:

  • measure audience and usage statistics of the Site (pages visited, navigation paths) in order to improve the Site and our services;
  • remember your preferences (such as language, country, cart contents) to facilitate your navigation;
  • enable the operation of certain features (account login, shopping cart, checkout);
  • where applicable, show you relevant content or offers on our Site or via our partners.

5.3 Cookie choices

On your first visit, a banner may inform you about the use of cookies and allow you to manage your preferences. You can accept or refuse non-essential cookies.

You can also configure your browser to block or delete cookies. Please note that disabling certain cookies may affect the functioning of the Site and your user experience.

6. In which cases do we share your personal data?

6.1 Sharing your personal data with third-party service providers

We may share your personal data with third-party service providers acting on our behalf and according to our instructions (processors) for the purposes described in this Charter, for example:

  • hosting and operation of the Site (e-commerce platform such as Shopify);
  • payment processing (payment service providers);
  • delivery and logistics service providers;
  • email and marketing automation service providers (for example newsletter tools);
  • analytics and advertising partners, to the extent permitted by law.

These third parties only have access to the personal data necessary to perform their services and are required to process such data in accordance with applicable data protection laws and our instructions.

6.2 International transfers

Some of our service providers may be located outside the European Economic Area (EEA), for example in the United States. When personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as:

  • an adequacy decision by the European Commission (for example the EU–US Data Privacy Framework, where applicable), or
  • standard contractual clauses approved by the European Commission, and, where necessary, additional measures to ensure an adequate level of protection.

6.3 Sharing with authorities

We may be required to disclose your personal data to administrative or judicial authorities where this is necessary to comply with a legal obligation or to protect our rights or those of third parties.

7. How long do we keep your personal data?

We keep your personal data for no longer than is necessary for the purposes for which it was collected, in particular:

  • account and order data: for the duration of the contractual relationship and for the limitation periods required by applicable law (for example accounting and tax obligations);
  • newsletter and marketing data: until you withdraw your consent or object to processing, and in any case for a limited period consistent with applicable law and our internal policies;
  • customer service data: for the time necessary to process your request and to document our exchanges within the applicable limitation periods.

After these periods, data is deleted or anonymised where possible.

8. What are your rights?

In accordance with the GDPR and other applicable data protection laws, and subject to the conditions and limitations set out therein, you have the following rights:

  • right of access to your personal data;
  • right to rectification of inaccurate or incomplete data;
  • right to erasure (“right to be forgotten”) in certain cases;
  • right to restriction of processing in certain cases;
  • right to data portability, where applicable;
  • right to object to processing based on our legitimate interests, including profiling, on grounds relating to your particular situation;
  • where processing is based on your consent, the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, you can contact us at the following email address: hello@baiobay.com or by post at:

Twistbe Oy / Baiobay
Lapinlahdenkatu 7
00180 Helsinki
Finland

Please include sufficient information to enable us to identify you (for example name, email address, and, where applicable, order number). We may ask you for additional information if necessary to confirm your identity.

You also have the right to lodge a complaint with a competent data protection authority, in particular:

  • the Office of the Data Protection Ombudsman in Finland, or
  • the data protection authority of your country of habitual residence within the European Union.

9. Changes to this Charter

We may update this Charter from time to time, for example to reflect changes in our practices or in applicable laws. The updated version will be published on the Site with an updated “last updated” date if used.

Your continued use of the Site after the publication of an updated Charter implies that you accept these changes. If you do not agree with the changes, you should stop using the Site.

10. Contact

For any questions concerning this Charter or the processing of your personal data, you can contact us at:

Email: hello@baiobay.com
Post: Twistbe Oy / Baiobay, Lapinlahdenkatu 7, 00180 Helsinki, Finland