Privacy policy

Privacy Policy

*Last updated: April 10, 2026*

Apex300 Oy ("Apex300," "we," "us," or "our") operates the website apex300.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or place an order. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection law.

By using our website, you acknowledge that you have read and understood this Privacy Policy.

---

## 1. Data Controller

Apex300 Oy
Riddarstigen 32
08700 Lohja, Finland

Email: hello@apex300.com

For any privacy-related inquiries, please contact us at the email address above.

---

## 2. What Personal Data We Collect

We collect the following categories of personal data:

**When you place an order:**
First name, last name, email address, phone number, billing address, shipping address, payment information (processed securely by our payment providers — we do not store your full card details), order history and transaction details.

**When you create an account:**
Email address, name, and password (encrypted).

**When you subscribe to our newsletter:**
Email address.

**When you browse our website:**
IP address, browser type and version, device type, operating system, pages visited, time and date of visit, referring website, and cookies (see Section 8).

**When you contact us:**
Name, email address, and the content of your message.

---

## 3. How We Use Your Data

We process your personal data for the following purposes and legal bases:

**Performance of a contract:** To process and fulfill your orders, handle payments, arrange shipping, manage your account, and provide customer support related to your purchase.

**Legal obligation:** To comply with applicable tax, accounting, and legal requirements, including maintaining records as required by Finnish and EU law.

**Legitimate interest:** To improve our website, analyze usage patterns, prevent fraud, and ensure security. We only rely on legitimate interest where your rights and freedoms do not override our interests.

**Consent:** To send you marketing communications such as newsletters and promotional offers. You can withdraw consent at any time by clicking the unsubscribe link in any email or by contacting us.

---

## 4. How We Share Your Data

We do not sell your personal data. We share your data only with the following categories of third parties, and only to the extent necessary:

**Payment providers:** To process transactions securely (e.g., Shopify Payments, Klarna, or other providers displayed at checkout).

**Shipping carriers:** To deliver your order (name, address, phone number, and email as required by the carrier).

**E-commerce platform:** Our store is hosted on Shopify. Shopify processes data on our behalf in accordance with their Data Processing Agreement.

**Email marketing tools:** If you subscribe to our newsletter, your email address is shared with our email service provider for the sole purpose of sending marketing communications.

**Analytics providers:** We use analytics tools to understand website traffic and usage. These tools may collect anonymized or pseudonymized data.

**Legal and regulatory authorities:** If required to do so by law, regulation, or legal process.

All third-party providers are contractually obligated to protect your data and process it only as instructed by us.

---

## 5. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (e.g., via Shopify). Where such transfers occur, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or the recipient's participation in recognized data protection frameworks.

---

## 6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

**Order data:** Retained for the duration required by applicable tax and accounting laws (typically 6–10 years from the transaction date under Finnish law).

**Account data:** Retained until you request deletion of your account.

**Newsletter subscribers:** Retained until you unsubscribe.

**Website analytics data:** Retained in anonymized form for up to 26 months.

**Customer support communications:** Retained for up to 3 years after the last interaction.

---

## 7. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

**Right of access:** You may request a copy of the personal data we hold about you.

**Right to rectification:** You may request correction of inaccurate or incomplete data.

**Right to erasure:** You may request deletion of your data, subject to legal retention requirements.

**Right to restriction of processing:** You may request that we limit how we process your data in certain circumstances.

**Right to data portability:** You may request a copy of your data in a structured, commonly used, machine-readable format.

**Right to object:** You may object to processing based on legitimate interest or direct marketing at any time.

**Right to withdraw consent:** Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@apex300.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to file a complaint with the Finnish Data Protection Ombudsman (tietosuojavaltuutettu) at tietosuoja.fi.

---

## 8. Cookies

Our website uses cookies to ensure proper functionality, analyze traffic, and improve your experience.

**Strictly necessary cookies:** Required for the website to function (e.g., shopping cart, session management). These cannot be disabled.

**Analytics cookies:** Help us understand how visitors interact with our website. These are only placed with your consent.

**Marketing cookies:** Used to deliver relevant advertising and track campaign performance. These are only placed with your consent.

You can manage your cookie preferences through the cookie banner displayed on your first visit, or by adjusting your browser settings. Disabling certain cookies may affect website functionality.

---

## 9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include encryption of data in transit (SSL/TLS), secure payment processing through PCI-compliant providers, and access controls limiting data access to authorized personnel only.

No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

---

## 10. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

---

## 11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of the website after changes constitutes acceptance of the updated policy.

---

## 12. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us:

Apex300 Oy
Riddarstigen 32
08700 Lohja, Finland
Email: hello@apex300.com