Privacy Policy

Thanks to our years of business experience as a wholesale and retail company, we know how important it is to protect our customers’ personal data.

Data protection is a matter of trust, which means that the observation of all the valid data protection regulations has therefore been a given and been extremely important to us for years.

In order to make the protection of your personal data easier, we are informing you about the processing of your personal data as part of our customer relationship.

I. Name and Address of the Responsible Party

The responsible party for the purpose of the General Data Protection Regulation (GDPR) and other national data protection acts of the member states as well as other data protection regulations is:

Oy MaWe Trading Ab
Vasavägen137
64200 Närpes
Finland
Tel. +358 50 555 8204
E-mail: sales at mawetrading.com

II. Name and Address of the Data Protection Officer

The Data Protection Officer is:

Magnus Westerlund
Vasavägen137
64200 Närpes
Finland
Tel. +358 50 555 8204
E-mail: magnus at mawetrading.com

III. General Information about Processing Data

1. The Scope of Processing Personal Data

We gather and use our users’ personal data only to the extent necessary for providing a functioning website as well as content and performance. The gathering and the use of our users’ personal data takes place regularly only with the user’s consent. There is only an exception to this when previous consent cannot be obtained for essential reasons and the processing of data is permitted by legal regulations.

2. Legal Basis for Processing Personal Data

Insofar as we can obtain the consent from the person concerned for the processing of personal data, Art. 6 paragraph. 1 lit. a from the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.

Art. 6 paragraph. 1 lit. b GDPR serves as the legal basis for processing personal data of which the person concerned is the affected party that is required to fulfil a contract. This also applies to the processing that is required for the consummation of pre-contractual measures.

Art. 6 paragraph. 1 lit. c GDPR serves as the legal basis insofar as processing personal data is necessary for the fulfilment of a legal obligation that is subject to our company. Art. 6 paragraph. 1 lit. d GDPR serves as the legal basis in the event of essential interests of the person concerned or another natural person requiring the processing of personal data. Art. 6 paragraph. 1 lit. f GDPR serves as a legal basis for the processing when the processing is required to protect a legitimate interest of our company or a third party and the interests, civil rights and fundamental freedoms of the person concerned does not outweigh the aforementioned interest.

3. Deleting of Data and Storage Period

The personal data of the person concerned will be deleted or blocked as soon as it is no longer necessary for the purpose of its collection. Furthermore, storage can take place if it is provided by a European and national legislator in EU regulations, legislation or other requirements to which the person responsible is subject. Blocking or deleting data also takes place when a storage period, required by the mentioned norms, expires, unless it is necessary to store data for longer for a completion of a contract or a fulfilment of a contract.

IV. Provision of the Website and the Creation of Log Files

1. Description and Scope of Data Processing

Every time an internet page is viewed, our system automatically gathers data and information from the computer system of the computer used to view the page.

The following data will be collected:

  • Information about the browser type and the version used
  • The user’s operating system
  • The user’s IP address
  • Date and time of access
  • Websites that the user’s system uses to visit our internet page

The data will also be saved in our system’s log files. This data does not get saved together with other personal data from the user.

2. Legal Basis for Processing Data

The legal basis for the temporary storage of data and the log files is Art. 6 paragraph. 1 lit. f GDPR.

3. The Purpose of Processing Data

The temporary storage of the IP address by the system is necessary to make a delivery of the website on the user’s computer possible. For this purpose, the user’s IP address must be saved for the duration of the session. It is stored in the log files in order to guarantee the functionality of the website. In addition to that, the data serves to optimise our website and to guarantee the safety of our information technology systems. An analysis of the data for marketing purposes does not take place in this context. In these cases, our valid interest also lies in the processing of data according to Art. 6 paragraph. 1 lit. f GDPR.

4. The Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of collection. In the case of gathering data for the provision of the website, this will be when the respective session has ended.

In the case of storing data in log files this will be no later than seven days. An extension of storage is possible. In this case, the user’s IP addresses will be deleted or distorted so that it is no longer possible to assign them to the client who viewed the website.

5. Possibility of Objection and Removal

The gathering of data for the provision of the website and the storing of data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user.

V. Using Cookies

1. Description and Scope of Processing Data

Our website uses cookies. Cookies are text files that are stored on the user’s computer by the internet browser. A cookie can be stored on the user’s operating system when they visit a website. This cookie contains a characteristic sequence of letters that allows the browser to be uniquely identified when the website is reopened. We use cookies to make our website more user-friendly. Some elements of our internet page require that the calling browser be identified even after a page change (e.g. placing an order). Apart from the characteristic sequence of letters, no data is stored in the cookie. Furthermore, when the user enters the E-Commerce shop via an advertising partner, we save a reference identifier for this partner as a cookie with a duration of up to 60 days. This cookie does not allow referencing to personal data and only serves as the provisioning for sales that will be realised when our E-Commerce shop is re-visited.

2. Legal Basis for Processing Data

The legal basis for processing personal data using cookies is Art. 6 paragraph. 1 lit. f GDPR.

3. The Purpose of Processing Data

The purpose of using technical necessary cookies is to make it easier for the user to use websites. Some of the functions on our internet page cannot be offered without the use of cookies. It is necessary that the browser can also be recognised after a page change.

We need cookies for the following things: shopping basket, transfer of language settings, wishlist functionality, contact form.

For these purposes, our legitimate interests in the processing of personal data also lie with Art. 6 paragraph. 1 lit. f GDPR.

4. Duration of Storage and the Possibility of Objection and Removal

Cookies are stored on the user’s computer and transferred to our page. You as the user therefore have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing your internet browser settings. Cookies that have already been stored can be deleted at any time. This can also be done automatically. Some of the website’s functions may not work fully if cookies are deactivated for our website.

This is how you can tell your browser how to deal with cookies

a) Internet Explorer

  1. Click “Extras” in the menu and select Internet Options.
  2. Select the “Data Protection” tab.
  3. Here you can set the amount of cookies that should be accepted or rejected.
  4. Please confirm your settings with “Ok”.

b) Google Chrome

  1. Click in the upper right corner on the "Customize Google Chrome" symbol.
  2. Select “Settings".
  3. Click on the "Show Advanced Settings" link.
  4. In the “Data Protection” section, click “Content Setting”.
  5. You can change the settings for cookies in the “Cookies” section.
  6. Confirm by clicking on “Ready”.

c) Firefox

  1. Click “Extras” in the settings.
  2. Select the “Data Protection” tab.
  3. Click the drop-down menu and choose the “User-defined Settings” tab.
  4. Here you can choose your own settings whether and/or in what context and from which websites cookies should be permanently accepted.
  5. Please confirm your settings with “Ok”.

VI. Newsletter

1. Description and Scope of Processing Data

There is an option of subscribing to a free newsletter on our website. The E-mail address from the form gets transferred to us when you register for the newsletter.

In addition to this, the following data will be collected during registration:

  1. IP address of the computer used for registration and confirmation (Double Opt-in proceedings).
  2. Date and time of the registration and confirmation (Double Opt-in proceedings).

The data will not be given to third parties in the context of data processing for the sending of newsletters. The data is only used for sending the newsletter.

2. Legal Basis for Processing Data

The legal basis for processing data after a user has registered for the newsletter is Art. 6 paragraph. 1 lit. a GDPR.

3. The Purpose of Processing Data

The collection of the user’s E-mail address is for delivering the newsletter. The collection of other personal data in the context of the registration procedure is for preventing abuse of the service or the E-mail address used.

4. Duration of Storage

The data gets deleted as soon as it is no longer necessary for the purpose of its collection. The user’s E-mail address will be saved for the duration of the user’s subscription to the newsletter. The other personal data collected as part of the registration procedure will normally get deleted after seven days.

5. Possibility of Objection and Removal

The user concerned can unsubscribe to the newsletter at any time. For this purpose, there is a respective link in every newsletter. This link also allows a revocation of the consent to the storage of personal data during the registration procedure.

VII. Registration and Orders

1. Description and Scope of Processing Data

On our B2B website, we give the user the option to register by providing personal data. The data is entered in a form and passed on to us and stored by us. The data is only passed on to third parties as part of the processing of orders e.g. shipment through a parcel service provider or carrier. The following data is collected as part of the registration process:

  1. Company
  2. Legal structure
  3. Company Owner
  4. Address
  5. Country
  6. VAT No.
  7. VAT No. (abroad)
  8. Trading licence (if applicable)
  9. Oy MaWe Trading Ab customer ID (optional)
  10. Contact name
  11. Phone number
  12. Fax and mobile phone number (optional)
  13. E-Mail address

The date and time are also saved to the data record at the time of registration.

As part of the registration process, consent is obtained from the user for processing this data.

The registration will be reviewed and the user's customer account is activated after the verification is successful.

2. Legal Basis for Processing Data

The legal basis for processing data with the existence of consent from the user is Art. 6 paragraph. 1 lit. a GDPR. The legal basis for initiating, concluding and carrying out orders is Art. 6 paragraph. 1 lit. b GDPR.

3. The Purpose of Processing Data

A user registration and the creation of a customer account is mandatory to carry out orders in our wholesale online shop. Collecting data is necessary for fulfilling the contract with the user or for implementing pre-contractual measures.

4. Duration of Storage

The data gets deleted as soon as it is no longer necessary for the purpose it was collected for. For the data collected during the registration process this is the case when the registration on our website is cancelled or amended. This is the case when personal data collected during an order, that is necessary for fulfilling the contract or for implementing pre-contractual measures, is no longer necessary for the implementation of the contract. It might be necessary to save personal data of the contracting party even after the conclusion of the contract to comply with contractual or legislative duties.

5. Possibility of Objection and Removal

As a registered user you can terminate the registration at any time by contacting the customer service of Oy MaWe Trading Ab. More information can be obtained by contacting the customer service team of Oy MaWe Trading Ab.

If the data is necessary for the fulfilment of a contract or the implementation of pre-contractual measures, then early deletion of the data is only possible if non-contractual or legal obligations exclude a deletion.

VIII. Contact Form and E-Mail Contact

1. Description and Scope of Processing Data

There is a contact form on our website that can be used for contacting us electronically. If a user takes advantage of this option, the data entered in the form will be passed on to us and stored by us. The data stored is:

  1. Company
  2. First name and surname
  3. E-Mail address
  4. Telephone number for call back (optional)

Your consent will be obtained for processing the data in the context of the sending process and you will be directed to the data protection declaration.

The data is not given to third parties in this context. The data is only used for processing the conversation.

2. Legal Basis for Processing Data

The legal basis for processing data with the existence of consent from the user is Art. 6 paragraph. 1 lit. a GDPR.

3. Purpose of Processing Data

Processing personal data from the form is only for processing the contact.

The other personal data processed during the sending process is for preventing abuse of the contact form and to ensure the safety of our information technology system.

4. Duration of Storage

The data gets deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the contact form and the data sent via E-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the facts in question have been fully clarified.

The additional personal data that was collected during the sending process will normally get deleted after seven days.

5. Possibility of Objection and Removal

The user has the option of withdrawing their consent to the processing of their personal data via telephone or the contact form. In this case, the conversation cannot be continued.

All the personal data that has been saved as part of making contact will get deleted in this case.

IX. Rights of the Affected Person

If your personal data is processed, you are the affected person according to the GDPR and these are the following rights that you have:

1. Right to Information

You have the right to demand a confirmation from the responsible party whether personal data that affects you will be processed by us.

If your personal data is being processed, you can demand disclosure about the following information:

  1. The purposes of processing personal data;
  2. The categories of personal data that will be processed;
  3. The recipient or categories from the recipient to whom your personal data has been or will be disclosed;
  4. The planned duration of the storage of your personal data or, if concrete information about this is not possible, the criteria used for determining the storage period;
  5. The existence of the right to rectification or erasure or your personal data, the right to restrict processing from the responsible party or a right to object to the processing;
  6. The existence of the right to complain to a supervisory authority;
  7. All available information about the origin of the data when the personal data is not collected from the affected person;
  8. The existence of automated decision making including profiling according to Art. 22 paragraph. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the consequences and the intended effects of such a processing for the affected person.

You have the right to demand information about whether your personal data will be passed on to a third country or an international organisation. In this context, you can demand to be informed about suitable guarantees according to Art. 46 GDPR related to the transmission.

2. Right to Rectification

You have the right to have your personal data rectified and/or completed by the responsible party if this data is inaccurate or incomplete. The responsible party has to rectify the information immediately.

3. Right to Restriction of Processing

You can demand a restriction of the processing of your personal data under the following conditions:

  1. If you dispute the accuracy of your personal data for a period of time that enables the responsible party to check the accuracy of the personal data;
  2. The processing is unlawful and you do not want your personal data to be deleted and you request that your personal data is restricted;
  3. The responsible party no longer needs the personal data for the purpose of processing but you require the data for enforcing, exercising or defending a legal claim, or
  4. If you have entered an objection against the processing according Art. 21 paragraph. 1 GDPR and it is not yet certain whether the valid reasons from the responsible party outweigh your reasons.

If the processing of your personal data has been restricted, this data – with the exception of its storage – may only be processed with your consent or for enforcing, exercising or defending a legal claim or protection of rights from another natural or legal person or for reasons of important public interest of the Union or of a member state.

If the restriction of the processing is restricted according to the aforementioned conditions, you will be informed before the restriction has been lifted.

4. Right to Erasure

a) Obligatory deletion

You can demand that the responsible party deletes your personal data immediately and the responsible party must delete this data immediately if the following reasons apply:

  1. If your personal data is no longer needed for the purpose it was collected or processed.
  2. If you withdraw your consent to which the processing was based on according to Art. 6 paragraph. 1 lit. a or Art. 9 paragraph. 2 lit. a GDPR, and there is no other legal basis for processing the data.
  3. If you enter an objection against the processing according to Art. 21 paragraph. 1 GDPR and no overriding valid reasons exist for the processing or you enter an objection against the processing according to Art. 21 paragraph. 2 GDPR.
  4. If your personal data was processed unlawfully.
  5. If the deletion of your personal data is required for fulfilling a legal obligation according to European Union law or the right of the member states to which the responsible party is subject.
  6. If your personal data was collected in relation to offered information society services according to Art. 8 paragraph. 1 GDPR.

b) Information Given to Third Parties

If the responsible party has made your personal data public and they are obliged to delete the data according to Art. 17 paragraph. 1 GDPR, then they shall take appropriate measures taking account of the available technology and the cost of implementation, including those of a technical nature, in order to inform the responsible data processors, who process your personal data, that you, as the affected person, have demanded that all links to this personal data or from copies or replicas of this personal data be deleted.

c) Exceptions

The right to erasure does not apply if the processing is necessary for:

  1. Exercising the right of freedom of expression and information;
  2. Fulfilling a legal obligation that requires processing under the law of the Union or member states to which the responsible party is subject or for the performance of a task that is of public interest or in the exercise of official authority that is delegated to the responsible party;
  3. Reasons of public interest in the area of public health according to Art. 9 paragraph. 2 lit. h and i, as well as Art. 9 paragraph. 3 GDPR;
  4. Archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 paragraph. 1 GDPR, insofar as the law referred to in paragraph a) is likely to make the realisation of the aims of this processing impossible or seriously affect them, or
  5. Enforcement, exercise or defence of legal claims.

5. Right to Notification

If you have asserted your right to rectification, erasure or restriction of the processing of your data against the responsible party, then they are obliged to inform all the recipients, that have disclosed your personal data, about the rectification or erasure of the data or the restriction of the processing of the data, except when it proves to be impossible or involves disproportionate effort.

You have the right to be informed about the recipients by the responsible party.

6. Right to Data Portability

You have the right to receive your personal data, which you have given to the responsible party, in a structured, current and machine-readable format. Furthermore, you have the right to transfer this data to another responsible party without obstruction from the responsible party that has already received your personal data provided that

  1. The processing is based on consent according to Art. 6 paragraph. 1 lit. a GDPR or Art. 9 paragraph. 2 lit. a GDPR or based on a contract according to Art. 6 paragraph. 1 lit. b GDPR and
  2. The processing is done using automated procedures.

In exercising this right, you also have the right to ask one responsible party to transfer your personal data directly to another as far as this is technically possible. The rights and freedoms of others are not allowed to be affected.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task, that is of public interest or in the exercise of official authority that has been delegated to the responsible party.

7. Right to Object

You have the right to object at any time, for reasons that arise from your particular situation, to the processing of your personal data that takes place because of Art. 6 paragraph. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The responsible party no longer processes your personal data, except when they can provide compelling, worthy reasons for the processing that outweigh your interests, rights and freedoms or the processing is for the enforcement, exercise or defence of legal claims.

If your personal data is processed to conduct direct advertising, you have the right to object at any time against the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct advertising purposes, then your personal data will no longer be processed for these purposes.

You have the possibility of exercising your right to object through automated procedures in the context of using services from the information society – regardless of the directive 2002/58/EG – where technical specifications are used.

8. Right to Object to the Data Protection Consent Declaration

You have the right to withdraw your data protection consent declaration at any time. Withdrawing your consent will not affect the lawfulness of the processing carried out on the basis of the consent up until the withdrawal.

9. Automatic Decision in an Individual Case Including Profiling

You have the right not to be subject to a decision based solely on an automated processing – including profiling – that will have legal effects or affects you significantly in a similar way. This does not apply when the decision is

  1. Necessary for the conclusion or fulfilment of a contract between you and the responsible party,
  2. Permissible on the grounds of legislation from the Union or member states to which the responsible party is subject, and that the legislation has suitable measures to safeguard your rights, freedoms and legitimate interests or
  3. With your explicit consent.

However, these decisions must not be based on specific categories of personal data according to Art. 9 paragraph. 1 GDPR, unless Art. 9 paragraph. 2 lit. a or g applies and suitable measures have been taken to protect your rights, freedoms and legitimate interests.

In regard to the cases mentioned in (1) and (3), the responsible party shall take suitable measures to safeguard your rights, freedoms and legitimate interests, where at least the right to obtain intervention of a person on the part of the responsible party to declare their own point of view and to hear an appeal of the decision.

10. Right to Complain to a Supervisory Authority

Regardless of other administrative or judicial relief, you have the right to complain to a supervisory authority especially in the member state of your place of residence, your place of work or the place of the alleged offence when you are of the opinion that the processing of your personal data violates the GDPR.

The supervisory authority, where the complaint was submitted, informs the claimant about the status and the results of the complaint including the possibility of judicial relief according to Art. 78 GDPR.

X. Use of Web Analysis and Other Services

We use various web analysis services on our internet pages; these pages mainly use so-called cookies.

1. Google Analytics

We use Google Analytics, a Google Inc. service on our websites. The operator of the service is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics uses cookies, text files, that are saved on the user’s computer and make an analysis of the user’s use of the website possible. Usually, the arising information about the use of the website (including your IP address) will be passed on to a Google server in the USA and stored there.

We may use the extension “-anonymizelp” on our websites for IP anonymity, whereby your IP address is shortened by Google beforehand within the member states of the European Union or in other contractual states of the agreement in the European Economic Area.

On rare occasions, the full IP address will be passed on to a Google server in the USA and be shortened there.

Google will use the generated information on our behalf, in order to analyse the use of our website, compile reports on website activities at mawetrading.com and to provide us with other services related to the website and internet usage.

Google will not merge the IP address collected by Google Analytics with other data from Google. Google may pass on the information collected by Google Analytics to third parties if Google is legally bound to do so or as far as third parties process this data on Google’s behalf.

We have implemented Google Analytics reports for performance of demographic characteristics and interests for our website. We use data and visitor data obtained by third parties (e.g. age, sex, interests) via Google’s interest-based advertising in the context of Google Analytics.

You, the user of our website, can prevent the storage of cookies by going to your browser’s settings.

We would like to inform you that you then might not be able to use all of our website’s functions in their entirety.

Furthermore, you can object to and prevent the collection of data, including your IP address, generated by the cookie and your use of the website going to Google and the processing of this data by Google by downloading and installing the browser plug-in that can be found here: http://tools.google.com/dlpage/gaoptout?hl=de.

We would like to inform you that the Google Analytics on our website has been expanded with “gat._anonymizeIp()”, in order to ensure an anonymous collection of IP addresses, so-called IP masking.

Further information about data protection at Google can be found here: https://www.google.de/intl/de/policies.